Multilevel virus outbreak alert based on collaborative behavior
First Claim
1. An antivirus method in a network system having a plurality of clients and a server connected thereto, each client having a plurality of sensors, the method comprising the steps of:
- monitoring activities of said network system using said sensors;
detecting abnormal events according to abnormality rules stored in said clients;
generating abnormal reports if abnormal events are detected;
transferring said abnormal reports to a data processor in those of said clients having said detected abnormal events;
determining an alert level for said detected abnormal events;
sending an alert; and
transferring said abnormal reports to said server.
2 Assignments
0 Petitions
Accused Products
Abstract
The invention accordingly provides a system and a method for early warning alert method and system for computer virus outbreaks overcoming at least the aforementioned shortcomings in the art. The system and method according to a general embodiment of the invention provides a plurality of alert levels to the end users in optimally reducing the rate of improper detection of viruses and abnormalities in the terminal devices. The invention advantageously provides virus outbreak alert by monitoring collaborative behavior in a network system having a plurality of client devices and at least one server. A preferred embodiment of the method according to the invention comprises the steps of monitoring the activities of the network system using a plurality of sensors in each of the client devices, detecting abnormal events according to rules stored in each of the client devices, reporting abnormalities if abnormal events are detected in one of the client devices, determining or adjusting an alert level for the reported abnormal events, sending an alert to end users, and reporting the abnormal events to the server in the network system.
-
Citations
50 Claims
-
1. An antivirus method in a network system having a plurality of clients and a server connected thereto, each client having a plurality of sensors, the method comprising the steps of:
-
monitoring activities of said network system using said sensors;
detecting abnormal events according to abnormality rules stored in said clients;
generating abnormal reports if abnormal events are detected;
transferring said abnormal reports to a data processor in those of said clients having said detected abnormal events;
determining an alert level for said detected abnormal events;
sending an alert; and
transferring said abnormal reports to said server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
-
40. An antivirus method in a network system having a plurality of clients and a server connected thereto, each of said clients having a plurality of sensors, the method comprising the steps of:
-
monitoring system activities at each of said sensors;
generating abnormality reports to a data processor in said clients;
transferring said abnormality reports to said server;
receiving abnormal event data collected in said clients by said server;
determining whether said abnormal events are computer viruses;
adjusting an alert level to generate a new alert level; and
transferring said new alert level back to said clients. - View Dependent Claims (41, 42, 43)
-
-
44. An antivirus method in a network system having a plurality of clients and a server connected thereto, each of said clients having a plurality of sensors, the method comprising the steps of:
-
monitoring system activities at each of said sensors;
generating abnormality reports to a data processor in said clients;
transferring said abnormality reports to said server;
receiving abnormality event data collected in said clients by said server for a plurality of abnormal events;
calculating a statistical result of said abnormal events from said clients;
determining whether said abnormal events are computer viruses based on said statistical result;
adjusting an alert level to a new alert level; and
transferring said new alert level back to said clients. - View Dependent Claims (45, 46, 47)
-
-
48. An antivirus device in a network system comprising:
-
a plurality of clients, each client further comprising a plurality of sensors monitoring system activities in said network system and determining abnormal events based on abnormality rules;
a data processor receiving abnormal event data from said sensors, said data processor further comprising a client rules engine having rules for determining an alert level of abnormal events and an alert device receiving said alert level from said sensors;
a server connected to said clients, said server receiving said abnormal event data collected in said clients, said server further comprising a correlative rules engine calculating a statistical result of said abnormal events at said clients, adjusting said alert level for said abnormal events based on said statistical result, and sending said adjusted alert level to said clients. - View Dependent Claims (49, 50)
-
Specification