Defending against worm or virus attacks on networks
First Claim
1. A method comprising:
- periodically conducting risk assessment scans of host resident security agents; and
checking for behavior indicative of a worm between risk assessment scans by monitoring inbound and outbound packet flow.
1 Assignment
0 Petitions
Accused Products
Abstract
A combination of more frequent and less frequent security monitoring may be used to defeat worm or virus attacks. At periodic intervals, a risk assessment scan may be implemented to determine whether or not a worm attack has occurred. Prior thereto, an intermediate detection by an anomaly detection agent may determine whether or not a worm attack may have occurred. If a potential worm attack may have occurred, intermediate action, such as throttling of traffic, may occur. Then, at the next risk assessment scan, a determination may be made as to whether the attack is actually occurring and, if so, more effective and performance altering techniques may be utilized to counter the attack.
-
Citations
39 Claims
-
1. A method comprising:
-
periodically conducting risk assessment scans of host resident security agents; and
checking for behavior indicative of a worm between risk assessment scans by monitoring inbound and outbound packet flow. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An article comprising a medium storing instructions that, if executed, enable a processor-based system to:
-
periodically conduct risk assessment scans for host resident security agents; and
check for behavior indicative of a worm between risk assessment scans by monitoring inbound and outbound packet flow. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. An apparatus comprising:
-
a first agent to periodically conduct risk assessment scans for host resident security agents; and
a second agent to check for behavior indicative of a worm between risk assessment scans by monitoring inbound and outbound packet flow. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A system comprising:
-
a processor;
a storage storing security agents;
an apparatus coupled to said processor including a first agent to periodically conduct risk assessment scans of said security agents;
a second agent to check for behavior indicative of a worm between risk assessment scans by monitoring inbound and outbound packet flows; and
a network controller coupled to said apparatus. - View Dependent Claims (34, 35, 36, 37, 38, 39)
-
Specification