Threat protection network
First Claim
1. A threat protection network for detecting potential threats, comprising:
- at least one client computer connected to a network;
a server that stores threat definition data and is connected to the network;
an expert system in communication with the server;
wherein the client computer is configured to refer potential threats to the server;
wherein the server is configured to refer to the expert system any potential threat forwarded by a client computer that is not identified in the threat definition data;
wherein the expert system is configured to determine whether the potential threat is an actual threat by exposing at least one test computer to the potential threat and observing the behavior of the test computer.
4 Assignments
0 Petitions
Accused Products
Abstract
Threat protection networks are described. Embodiments of threat protection network in accordance with the invention use expert systems to determine the nature of potential threats to a remote computer. In several embodiments, a secure peer-to-peer network is used to rapidly distribute information concerning the nature of the potential threat through the threat protection network. One embodiment of the invention includes at least one client computer connected to a network, a server that stores threat definition data and is connected to the network, an expert system in communication with the server. In addition, the client computer is configured to refer potential threats to the server, the server is configured to refer to the expert system any potential threat forwarded by a client computer that is not identified in the threat definition data and the expert system is configured to determine whether the potential threat is an actual threat by exposing at least one test computer to the potential threat and observing the behavior of the test computer.
177 Citations
33 Claims
-
1. A threat protection network for detecting potential threats, comprising:
-
at least one client computer connected to a network;
a server that stores threat definition data and is connected to the network;
an expert system in communication with the server;
wherein the client computer is configured to refer potential threats to the server;
wherein the server is configured to refer to the expert system any potential threat forwarded by a client computer that is not identified in the threat definition data;
wherein the expert system is configured to determine whether the potential threat is an actual threat by exposing at least one test computer to the potential threat and observing the behavior of the test computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer, comprising:
-
client software installed upon the computer;
wherein the client software is configured to monitor for predetermined behavior;
wherein the client software is configured to identify a source associated with the behavior;
wherein the client software is configured to generate a signature identifying the source; and
wherein the signature includes at least two independent pieces of information generated using the source. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A server, comprising:
-
threat definition data stored on the server;
a list stored on the server; and
verification information stored on the server;
wherein the list identifies a number of peer computers on which the threat definition data is also stored; and
wherein the verification information can be generated by applying a predetermined algorithm to the threat definition data. - View Dependent Claims (21, 22, 23, 24, 25)
-
-
26. A threat identification system configured to evaluate potential threats to a remote computer system, comprising:
-
an expert system installed on a host computer;
at least one test computer connected to the host computer;
wherein the expert system is configured to expose the test computer to the potential threat;
wherein the expert system is configured to observe the behavior of the test computer;
wherein the expert system determines a score based upon the observed behavior and a set of predetermined criteria. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33)
-
Specification