×

Mechanism to correlate the presence of worms in a network

  • US 20070094730A1
  • Filed: 10/20/2005
  • Published: 04/26/2007
  • Est. Priority Date: 10/20/2005
  • Status: Active Grant
First Claim
Patent Images

1. A method for preventing a worm attack in a network, the network comprising a plurality of sources and a plurality of destinations, the method comprising:

  • determining transmitted packets from at least one of the plurality of sources to at least one of the plurality of destinations, each of the transmitted packets comprising a set of characteristics;

    determining a number of the transmitted packets;

    if the number of the transmitted packets exceeds a predefined first threshold, then storing a signature, the signature corresponding to at least one of the transmitted packets;

    if at least one of the plurality of destinations becomes a source of new packets, the new packets being transmitted to at least one of the plurality of destinations;

    then comparing the new packets with the stored signature; and

    if at least one of the new packets matches the stored signature, then triggering the detection of a worm in the network.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×