Intrusion detection with automatic signature generation
First Claim
Patent Images
1. A method for detecting malicious programs within a computer network comprising:
- monitoring at least one first packet of data communicated over said network;
analyzing said at least one first packet of data to detect the presence of a malicious program;
generating a signature of said at least one first packet of data when a malicious program is detected;
monitoring at least one second packet of data communicated over said network; and
detecting evidence of said malicious program in said at least one second packet of data utilizing said generated signature.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for detecting malicious programs within a computer network includes monitoring at least one first packet of data communicated over the network, analyzing the at least one first packet of data to detect the presence of a malicious program, generating a signature of the at least one first packet of data when a malicious program is detected, monitoring at least one second packet of data communicated over the network and detecting evidence of the malicious program in the at least one second packet of data utilizing the generated signature.
61 Citations
40 Claims
-
1. A method for detecting malicious programs within a computer network comprising:
-
monitoring at least one first packet of data communicated over said network;
analyzing said at least one first packet of data to detect the presence of a malicious program;
generating a signature of said at least one first packet of data when a malicious program is detected;
monitoring at least one second packet of data communicated over said network; and
detecting evidence of said malicious program in said at least one second packet of data utilizing said generated signature. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for detecting malicious programs within a computer network comprising:
-
a first-packet-monitoring unit for monitoring at least one first packet of data communicated over said network;
an analyzing unit for analyzing said at least one first packet of data to detect the presence of a malicious program;
a generating unit for generating a signature of said at least one first packet of data when a malicious program is detected;
a second-packet-monitoring unit for monitoring at least one second packet of data communicated over said network; and
a detecting unit for detecting evidence of said malicious program in said at least one second packet of data utilizing said generated signature. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer system comprising:
-
a processor; and
a computer recording medium including computer executable code executable by the processor for detecting malicious programs within a computer network, the computer executable code comprising;
code for monitoring at least one first packet of data communicated over said network;
code for analyzing said at least one first packet of data to detect the presence of a malicious program;
code for generating a signature of said at least one first packet of data when a malicious program is detected;
code for monitoring at least one second packet of data communicated over said network; and
code for detecting evidence of said malicious program in said at least one second packet of data utilizing said generated signature. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A computer recording medium including computer executable code executable by a processor for detecting malicious programs within a computer network, the computer executable code comprising:
-
code for monitoring at least one first packet of data communicated over said network;
code for analyzing said at least one first packet of data to detect the presence of a malicious program;
code for generating a signature of said at least one first packet of data when a malicious program is detected;
code for monitoring at least one second packet of data communicated over said network; and
code for detecting evidence of said malicious program in said at least one second packet of data utilizing said generated signature. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40)
-
Specification