MALWARE DETECTION SYSTEM AND METHOD
First Claim
Patent Images
1. A method of detecting malware infected computing devices in a network, the method comprising:
- allocating at least one network address in a network element coupled to a communications network as a bait address;
sending at least one outgoing bait packet from the bait address to the network;
receiving an incoming packet from the network at the bait address; and
selectively identifying a source of the incoming packet as infected with malware if the incoming packet is unexpected or from an unauthorized source.
13 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are presented for detection of malware such as worms in which a network switch entices the malware into sending scan packets by allocating one or more ports as bait addresses, sending outgoing bait packets, and identifying compromised hosts that send unexpected incoming packets to a bait address.
-
Citations
20 Claims
-
1. A method of detecting malware infected computing devices in a network, the method comprising:
-
allocating at least one network address in a network element coupled to a communications network as a bait address; sending at least one outgoing bait packet from the bait address to the network; receiving an incoming packet from the network at the bait address; and selectively identifying a source of the incoming packet as infected with malware if the incoming packet is unexpected or from an unauthorized source. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for detecting malware infected computing devices in a network, the system comprising:
a network element operatively coupled to a communications network, the network element having at least one network address allocated as a bait address, and comprising a malware detection component operative to send at least one outgoing bait packet from the bait address to the network, to receive an incoming packet from the network at the bait address, and to selectively identify a source of the incoming packet as infected with malware if the incoming packet is unexpected or from an unauthorized source. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
Specification