METHOD AND DEVICE FOR DETECTING AUTONOMOUS, SELF-PROPAGATING SOFTWARE
First Claim
1. A method for detecting autonomous, self-propagating malware in at least one first computer unit in a first network, wherein the first network (NET1) is coupled to a second network via a first link, the method comprising:
- a) generating at least one first indicator which specifies a first behavior of the at least one first computer unit;
b) generating at least one second indicator which specifies a second behavior of at least one second computer unit in the second network;
c) conveying the at least one first indicator and the at least one second indicator to a correlation component;
d) generating at least one correlation result by correlating the at least one first indicator with the at least one second indicator; and
e) outputting an instruction signal if, during a comparison, a definable threshold value is exceeded by the at least one correlation result.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and a device for detecting autonomous, self-propagating malicious software in at least one first computing unit in a first network, wherein the first network is coupled to a second network via a first link, having the following method steps: a) generating at least one first indicator which specifies a first behaviour of the at least one first computing unit; b) generating at least one second indicator which specifies a second behaviour of at least one second computing unit in the second network; c) transmitting the at least one first indicator and the at least one second indicator to a correlation component; d) generating at least one correlation result by correlating the at least one first indicator with the at least one second indicator; e) outputting an instruction signal if, when a comparison is made, a definable threshold value is exceeded by the correlation result, is provided.
-
Citations
14 Claims
-
1. A method for detecting autonomous, self-propagating malware in at least one first computer unit in a first network, wherein the first network (NET1) is coupled to a second network via a first link, the method comprising:
-
a) generating at least one first indicator which specifies a first behavior of the at least one first computer unit; b) generating at least one second indicator which specifies a second behavior of at least one second computer unit in the second network; c) conveying the at least one first indicator and the at least one second indicator to a correlation component; d) generating at least one correlation result by correlating the at least one first indicator with the at least one second indicator; and e) outputting an instruction signal if, during a comparison, a definable threshold value is exceeded by the at least one correlation result. - View Dependent Claims (2, 3, 4, 5, 6, 7, 13)
-
-
8. A device for detecting autonomous, self-propagating malware in at least one first computer unit in a first network, wherein the first network is coupled to a second network via a first link and the second network is coupled to a public network via a second link, the device comprising:
-
a) a first unit for generating at least one first indicator which specifies a first behavior of the at least one first computer unit; b) a second unit for generating at least one second indicator which specifies a second behavior of at least one second computer unit of the second network; c) a third unit for conveying the at least one first indicator and the at least one second indicator to a correlation component; d) a fourth unit for generating at least one correlation result by correlating the at least one first indicator with the at least one second indicator; and e) a fifth unit for outputting an instruction signal if, during a comparison, the at least one correlation result exceeds the a definable threshold value. - View Dependent Claims (9, 10, 11, 12, 14)
-
Specification