Computer worm defense system and method
First Claim
Patent Images
1. A computer worm defense system comprising:
- a plurality of computer worm containment systems, each computer worm containment system includinga worm sensor implemented in a computing device and configured to generate a computer worm identifier for a computer worm propagating within a communication network,a computer worm blocking system in communication with the worm sensor over the communication network and configured to receive the computer worm identifier from the worm sensor to block the propagation of the computer worm within the communication network,a hidden computer network, anda controller configured to monitor the hidden computer network and to determine the computer worm identifier based on anomalous behavior caused within the hidden computer network by the computer worm; and
a management system in communication with the plurality of computer worm containment systems and configured to obtain a computer worm identifier from a worm sensor of a first computer worm containment system of the plurality of computer worm containment systems and distribute the computer worm identifier to a computer worm blocking system of a second computer worm containment system of the plurality of computer worm containment systems.
8 Assignments
0 Petitions
Accused Products
Abstract
A computer worm defense system comprises multiple containment systems tied together by a management system. Each containment system is deployed on a separate communication network and contains a worm sensor and a blocking system. Computer worm identifiers generated by a worm sensor of one containment system can be provided not only to the blocking system of the same containment system, but can also be distributed by the management system to blocking systems of other containment systems.
-
Citations
25 Claims
-
1. A computer worm defense system comprising:
-
a plurality of computer worm containment systems, each computer worm containment system including a worm sensor implemented in a computing device and configured to generate a computer worm identifier for a computer worm propagating within a communication network, a computer worm blocking system in communication with the worm sensor over the communication network and configured to receive the computer worm identifier from the worm sensor to block the propagation of the computer worm within the communication network, a hidden computer network, and a controller configured to monitor the hidden computer network and to determine the computer worm identifier based on anomalous behavior caused within the hidden computer network by the computer worm; and a management system in communication with the plurality of computer worm containment systems and configured to obtain a computer worm identifier from a worm sensor of a first computer worm containment system of the plurality of computer worm containment systems and distribute the computer worm identifier to a computer worm blocking system of a second computer worm containment system of the plurality of computer worm containment systems. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
2. (canceled)
-
14. A computer worm defense method comprising:
-
monitoring a plurality of separate communication networks, each communication network being monitored by a computer worm containment system including a worm sensor implemented within a computing device and configured to generate computer worm identifiers for computer worms propagating within the communication network, and a computer worm blocking system in communication with the worm sensor over the communication network and configured to receive the computer worm identifiers from the worm sensor to block the propagation of the computer worms within the communication network; detecting a computer worm with a worm sensor of a first computer worm containment system by identifying a sequence of network communications, within a communication network associated with the first computer worm containment system, that are characteristic of the computer worm, providing the sequence of network communications to a hidden network, and determining the computer worm identifier from anomalous behavior in the hidden network; distributing a computer worm identifier from the worm sensor of the first computer worm containment system to a computer worm blocking system of a second computer worm containment system; and blocking the computer worm from propagating in a communication network associated with the second computer worm containment system. - View Dependent Claims (15, 16, 17, 19, 20, 21, 22)
-
-
18. (canceled)
-
23. A computer worm defense system comprising:
-
a plurality of computer worm containment systems, each computer worm containment system including a worm sensor implemented in a computing device and configured to generate a computer worm identifier for a computer worm propagating within a communication network, a computer worm blocking system in communication with the worm sensor over the communication network and configured to receive the computer worm identifier from the worm sensor to block the propagation of the computer worm within the communication network, a hidden computer network, and a controller configured to; monitor the hidden computer network and to determine the computer worm identifier based on anomalous behavior caused within the hidden computer network by the computer worm, and generate a sequence of network activities within the hidden computer network based on an orchestration pattern; and a management system in communication with the plurality of computer worm containment systems and configured to obtain a computer worm identifier from a worm sensor of a first computer worm containment system of the plurality of computer worm containment systems and distribute the computer worm identifier to a computer worm blocking system of a second computer worm containment system of the plurality of computer worm containment systems. - View Dependent Claims (24, 25)
-
Specification