Propagation of viruses through an information technology network
First Claim
Patent Images
1. A method of monitoring propagation of viruses within a network of hosts comprising the steps of:
- establishing a record which is at least indicative of identities of hosts within the network to whom data has been sent by a first host (“
destination hosts”
);
during a first time interval, comparing (a) identities of destination hosts identified in requests to send data from the first host and (b) identities of destination hosts identified in the record;
transmitting all requests to send data;
storing in a buffer data relating to requests which identify a destination host not in the record.
9 Assignments
0 Petitions
Accused Products
Abstract
Requests to send data from a first host within a network of hosts are monitored against a record of destination hosts who have been sent data in accordance with a predetermined policy. Destination host identities not the record are stored in a buffer. The buffer size is monitored to establish whether requests from the first host are pursuant to viral activity therein.
47 Citations
41 Claims
-
1. A method of monitoring propagation of viruses within a network of hosts comprising the steps of:
-
establishing a record which is at least indicative of identities of hosts within the network to whom data has been sent by a first host (“
destination hosts”
);
during a first time interval, comparing (a) identities of destination hosts identified in requests to send data from the first host and (b) identities of destination hosts identified in the record;
transmitting all requests to send data;
storing in a buffer data relating to requests which identify a destination host not in the record. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A method of operating a first host within a network of a plurality of hosts comprising the steps of:
-
over the course of a first time interval, monitoring creation of sockets within the first host to identify destination hosts identified therein;
comparing identities of destination hosts monitored during the first time interval with destination host identities in a record; and
storing data from all sockets which identify destination hosts not in the record. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
Specification