HASH-BASED SYSTEMS AND METHODS FOR DETECTING AND PREVENTING TRANSMISSION OF POLYMORPHIC NETWORK WORMS AND VIRUSES
First Claim
Patent Images
1. A method for detecting transmission of potentially malicious packets, comprising:
- receiving a plurality of packets;
generating hash values, as generated hash values, based on variable-sized blocks of the plurality of packets;
comparing the generated hash values to hash values associated with prior packets; and
determining that one of the plurality of packets is a potentially malicious packet when one or more of the generated hash values associated with the one of the plurality of packets match one or more of the hash values associated with the prior packets.
0 Assignments
0 Petitions
Accused Products
Abstract
A system (200) detects transmission of potentially malicious packets. The system (200) receives, or otherwise observes, packets and generates hash values based on variable-sized blocks of the packets. The system (200) then compares the generated hash values to hash values associated with prior packets. The system (200) determines that one of the received packets is a potentially malicious packet when one or more of the generated hash values associated with the received packet match one or more of the hash values associated with the prior packets.
106 Citations
20 Claims
-
1. A method for detecting transmission of potentially malicious packets, comprising:
-
receiving a plurality of packets; generating hash values, as generated hash values, based on variable-sized blocks of the plurality of packets; comparing the generated hash values to hash values associated with prior packets; and determining that one of the plurality of packets is a potentially malicious packet when one or more of the generated hash values associated with the one of the plurality of packets match one or more of the hash values associated with the prior packets. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system for hampering transmission of potentially malicious packets, comprising:
-
means for observing a plurality of packets; means for generating hash values, as generated hash values, based on variable-sized blocks of the plurality of packets; means for comparing the generated hash values to hash values corresponding to prior packets; means for identifying one of the plurality of packets as a potentially malicious packet when the generated hash values corresponding to the one of the plurality of packets match the hash values corresponding to the prior packets; and means for at least one of hampering transmission of the one of the plurality of packets and capturing a copy of the one of the plurality of packets for analysis when the one of the plurality of packets is identified as a potentially malicious packet.
-
-
17. A device for detecting transmission of malicious packets, comprising:
-
a hash memory configured to store information associated with a plurality of hash values corresponding to a plurality of prior packets; and a hash processor configured to; observe a packet, generate one or more hash values, as one or more generated hash values, based on variable-sized blocks of the packet, compare the one or more generated hash values to the hash values corresponding to the plurality of prior packets, and identify the packet as a potentially malicious packet when a predetermined number of the one or more generated hash values match the hash values corresponding to the plurality of prior packets. - View Dependent Claims (18, 19, 20)
-
Specification