System and method of virus containment in computer networks
First Claim
Patent Images
1. A method for malicious software detection comprising:
- grouping a plurality of computing devices in a network into at least two groups;
measuring a normal operation value of at least one operating parameter of any of said groups; and
detecting a change in said value to indicate possible malicious software behavior within said network.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for malicious software detection including grouping a plurality of computing devices in a network into at least two groups, measuring a normal operation value of at least one operating parameter of any of the groups, and detecting a change in the value to indicate possible malicious software behavior within the network.
412 Citations
51 Claims
-
1. A method for malicious software detection comprising:
-
grouping a plurality of computing devices in a network into at least two groups;
measuring a normal operation value of at least one operating parameter of any of said groups; and
detecting a change in said value to indicate possible malicious software behavior within said network. - View Dependent Claims (2)
-
-
3. A method for malicious software detection comprising:
-
grouping a plurality of computing devices in a network into at least two groups;
identifying a known malicious software behavior pattern for any of said groups;
determining a normal behavior pattern for any of said groups;
setting a threshold between said normal and malicious software behavior patterns; and
detecting behavior is detected that exceeds said threshold. - View Dependent Claims (4, 5, 6)
-
-
7. A method for malicious software detection comprising:
-
grouping a plurality of computing devices in a network into at least two groups;
identifying activity suspected of being malicious occurring sequentially in at least two of said groups between which a proximity measure is defined; and
searching for communication events between said at least two groups which are associated with the progress of malicious software from the first of said at least two groups to the second of said at least two groups.
-
-
8. A method for malicious software detection comprising:
-
grouping a plurality of computing devices in a network into at least two groups;
identifying generally simultaneously suspicious malicious activity in at least two of said groups between which a proximity measure is defined; and
identifying a generally similar communication received by said groups.
-
-
9. A method for malicious software detection comprising:
-
grouping a plurality of computing devices in a network into at least two groups;
collecting information regarding target behavior detected at any of said computing devices;
correlating said target behavior within said groups; and
determining whether said correlated target behavior information corresponds to a predefined suspicious behavior pattern. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method for malicious software detection comprising:
-
grouping a plurality of computing devices in a network into at least two groups;
receiving messages sent from any of said computing devices;
buffering any of said messages received from any of said computing devices in one of said groups and destined for any of said computing devices in a different one of said groups for a predetermined delay period prior to forwarding said messages to their intended recipients. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
-
-
37. A method for malicious software detection comprising:
-
grouping a plurality of computing devices in a network into at least two groups;
configuring each of said groups to maintain a malicious software detection sensitivity level; and
upon detecting suspected malicious software activity within any of said groups, notifying any other of said groups of said detected suspected malicious software activity.
-
-
49. A method for malicious software detection, the method comprising:
-
collecting information regarding target behavior detected at any of a plurality of computers;
correlating said target behavior; and
determining whether said correlated target behavior information corresponds to a predefined suspicious behavior pattern.
-
-
50. A method for malicious software detection, the method comprising:
-
receiving messages sent from a computer; and
buffer any of said messages received from said computer for a predetermined delay period prior to forwarding said messages to their intended recipients.
-
-
51. A method for malicious software detection, the method comprising:
-
configuring each a plurality of servers to maintain a virus detection sensitivity level; and
providing multiple pluralities of computers, each plurality of computers being in communication with at least one of said servers;
detecting suspected virus activity at any of said plurality of computers, and notifying any of said servers of said detected suspected virus activity.
-
Specification