Email-based worm propagation properties
First Claim
Patent Images
1. A computer program product residing on a computer readable medium for intrusion detection, the computer program product comprising instructions for causing a processor to:
- identify a signature representing content prevalent in email-based network traffic;
generate a client list for the identified signature;
determine if a number of clients included in the client list exceeds a threshold; and
generate a worm signature based on the identified signature if the number of clients included in the client list exceeds the threshold.
8 Assignments
0 Petitions
Accused Products
Abstract
A system, method and computer program product for email-based worm detection and mitigation are disclosed. The system, method, and computer program product are configured to identify a signature representing content prevalent in email-based network traffic, generate a client list for the identified signature, determine if a number of clients included in the client list exceeds a threshold, and generate a worm signature based on the signature if the number of clients included in the client list exceeds the threshold.
65 Citations
27 Claims
-
1. A computer program product residing on a computer readable medium for intrusion detection, the computer program product comprising instructions for causing a processor to:
-
identify a signature representing content prevalent in email-based network traffic; generate a client list for the identified signature; determine if a number of clients included in the client list exceeds a threshold; and generate a worm signature based on the identified signature if the number of clients included in the client list exceeds the threshold. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method comprising:
-
identifying a signature representing content prevalent in email-based network traffic; generating a client list for the identified signature; determining if a number of clients included in the client list exceeds a threshold; and generating a worm signature based on the identified signature if the number of clients included in the client list exceeds the threshold. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. An intrusion detection system, comprising:
-
a profiler configured to; identify a signature representing content prevalent in email-based network traffic; generate a client list for the identified signature; determine if a number of clients included in the client list exceeds a threshold; and generate a worm signature based on the identified signature if the number of clients included in the client list exceeds the threshold. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
Specification