System and method of virus containment in computer networks
First Claim
Patent Images
1. A computer virus detection and containment system comprising:
- at least one computer configured with at least one decoy address; and
a server operative to;
identify activity occurring at said computer, said activity involving said decoy address.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer virus detection and containment system is provided including at least one computer configured with at least one decoy address, and a server operative to identify activity occurring at the computer, the activity involving the decoy address.
-
Citations
138 Claims
-
1. A computer virus detection and containment system comprising:
-
at least one computer configured with at least one decoy address; and
a server operative to;
identify activity occurring at said computer, said activity involving said decoy address. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 19, 20, 21, 22, 23, 24, 25, 26, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
-
-
17. A computer virus detection and containment system comprising:
-
a computer configured with at least one decoy address and operative to periodically address a decoy message to one or more of said decoy addresses; and
a server operative to;
receive messages sent from said computer, determine whether any of said messages are addressed to any of said decoy addresses, and upon determining that at least one of said messages is addressed to any of said decoy addresses, determine whether said decoy-addressed message is a valid decoy message, and upon determining that said decoy-addressed message is not a valid decoy message, perform at least one virus containment action.
-
-
27. A computer virus detection and containment system comprising:
-
a plurality of computers; and
a server operative to;
collect information regarding target behavior detected at any of said computers;
correlate said target behavior;
determine whether said correlated target behavior information corresponds to a predefined suspicious behavior pattern, and, if so;
perform at least one virus containment action.
-
-
37. A computer virus detection and containment system comprising:
-
a computer operative to send messages; and
a server operative to;
receive messages sent from said computer, buffer any of said messages received from said computer for a predetermined delay period prior to forwarding said messages to their intended recipients; and
perform at least one virus containment action upon said buffer.
-
-
52. A computer virus detection and containment system comprising:
-
at least one computer configured with at least one decoy address; and
a server configured with said decoy address and operative to periodically send to said computer at least one decoy message addressed from said decoy address;
wherein said computer is operative to;
receive messages sent from said server, determine whether any of said messages sent from said server are addressed from said decoy address, and upon determining that at least one of said messages sent from said server is addressed from said decoy address, send a response decoy message addressed to said decoy address to said server in response to receiving said decoy message from said server, and wherein said server is operative to;
receive messages sent from said computer, determine whether any of said messages sent from said computer are addressed to said decoy address, and upon determining that at least one of said messages sent from said computer is addressed to said decoy address, determine whether said decoy-addressed message is a valid decoy message, and upon determining that said decoy-addressed message is not a valid decoy message, perform at least one virus containment action. - View Dependent Claims (53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 68, 69, 70, 71, 72, 73)
-
-
67. A computer virus detection and containment system comprising:
-
a plurality of servers, each configured to maintain a virus detection sensitivity level; and
multiple pluralities of computers, each plurality of computers being in communication with at least one of said servers;
wherein each of said servers is operative to;
detect suspected virus activity at any of its related plurality of computers, notify any of said servers of said detected suspected virus activity, and adjust said virus detection sensitivity level according to a predefined plan.
-
-
74. A method for computer virus detection and containment, the method comprising:
-
configuring at least one computer with at least one decoy address; and
identifying activity occurring at said computer, said activity involving said decoy address. - View Dependent Claims (75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87)
-
-
88. A method for computer virus detection and containment, the method comprising:
-
configuring a computer with at least one decoy address;
periodically sending a decoy message addressed to one or more of said decoy addresses;
receive messages sent from said computer;
determining whether any of said messages are addressed to any of said decoy addresses;
upon determining that at least one of said messages is addressed to any of said decoy addresses, determining whether said decoy-addressed message is a valid decoy message; and
upon determining that said decoy-addressed message is not a valid decoy message, performing at least one virus containment action. - View Dependent Claims (89, 90, 91, 92, 93, 94, 95)
-
-
96. A method for computer virus detection and containment, the method comprising:
-
collecting information regarding target behavior detected at any of a plurality of computers;
correlating said target behavior;
determining whether said correlated target behavior information corresponds to a predefined suspicious behavior pattern, and, if so;
performing at least one virus containment action. - View Dependent Claims (97, 98, 99, 100, 101, 102, 103, 104)
-
-
105. A method for computer virus detection and containment, the method comprising:
-
receiving messages sent from a computer, buffer any of said messages received from said computer for a predetermined delay period prior to forwarding said messages to their intended recipients; and
perform at least one virus containment action upon said buffer. - View Dependent Claims (106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 133, 134, 135, 136, 137, 138)
-
-
119. A method for computer virus detection and containment, the method comprising:
-
configuring at least one computer and at least one server with at least one decoy address;
periodically sending from said server to said computer at least one decoy message addressed from said decoy address;
at said computer;
receiving messages sent from said server;
determining whether any of said messages sent from said server are addressed from said decoy address;
upon determining that at least one of said messages sent from said server is addressed from said decoy address, sending a response decoy message addressed to said decoy address to said server in response to receiving said decoy message from said server;
at said server;
receiving messages sent from said computer, determining whether any of said messages sent from said computer are addressed to said decoy address;
upon determining that at least one of said messages sent from said computer is addressed to said decoy address, determining whether said decoy-addressed message is a valid decoy message; and
upon determining that said decoy-addressed message is not a valid decoy message, performing at least one virus containment action.
-
-
132. A computer virus detection and containment method comprising:
-
configuring each a plurality of servers to maintain a virus detection sensitivity level; and
providing multiple pluralities of computers, each plurality of computers being in communication with at least one of said servers;
detecting suspected virus activity at any of said plurality of computers, notifying any of said servers of said detected suspected virus activity, and adjusting said virus detection sensitivity level at any of said servers according to a predefined plan.
-
Specification