Signature extraction system and method
First Claim
Patent Images
1. A method comprising:
- detecting an attack by malicious code on a first computer system;
extracting a malicious code signature from said malicious code;
creating an extracted malicious code packet including said malicious code signature; and
sending said extracted malicious code packet from said first computer system to a second computer system.
2 Assignments
0 Petitions
Accused Products
Abstract
Host computer systems automatically detect malicious code. The host computer systems automatically generate and send malicious code packets of the malicious code to a local analysis center (LAC) computer system. Based on the received malicious code packets, the LAC computer system provides a signature update to a network intrusion detection system. Further, the LAC computer system also automatically sends malicious code signatures of the malicious code to a global analysis center. In this manner, the spread of the malicious code is rapidly detected and prevented.
-
Citations
29 Claims
-
1. A method comprising:
-
detecting an attack by malicious code on a first computer system;
extracting a malicious code signature from said malicious code;
creating an extracted malicious code packet including said malicious code signature; and
sending said extracted malicious code packet from said first computer system to a second computer system. - View Dependent Claims (2, 3, 4)
-
-
5. A method comprising:
-
detecting an attack by malicious code on a first computer system;
creating an extracted malicious code packet including parameters associated with said malicious code; and
sending said extracted malicious code packet from said first computer system to a second computer system. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method comprising:
-
receiving an extracted malicious code packet from a first computer system with a second computer system; and
determining whether an attack threshold has been exceeded based upon said extracted malicious code packet. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A computer system comprising:
-
an intrusion prevention application for detecting an attack by malicious code on a first computer system;
a host signature extraction application for extracting a malicious code signature from said malicious code;
said host signature extraction application further for creating an extracted malicious code packet including said malicious code signature; and
said host signature extraction application further for sending said extracted malicious code packet from said first computer system to a second computer system.
-
-
28. A computer system comprising:
-
an intrusion prevention application for detecting an attack by malicious code on a first computer system;
a host signature extraction application for creating an extracted malicious code packet including parameters associated with said malicious code; and
said host signature extraction application further for sending said extracted malicious code packet from said first computer system to a second computer system.
-
-
29. A computer system comprising:
-
a local analysis center signature extraction application for receiving an extracted malicious code packet from a first computer system with a second computer system; and
said local analysis center signature extraction application further for determining whether an attack threshold has been exceeded based upon said extracted malicious code packet.
-
Specification