Computer virus detection
First Claim
Patent Images
1. A computer program product embodied on a computer readable medium for detecting an outbreak of a computer virus on a computer system, said computer program product comprising:
- (i) measurement computer code operable to measure one or more measurement parameters indicative of non virus specific activity of said computer system over a respective measurement period;
(ii) comparison computer code operable to compare said one or more measurement parameters with respective predetermined threshold levels, wherein one of said measurement parameters is e-mail throughput within said computer system, wherein each e-mail processed has an associated size value and e-mail throughput is measured in a form dependent upon a number of e-mails and a total of size values for said e-mails within a predetermined period; and
(iii) signal generating computer code operable to generate a signal indicative of an outbreak of a computer virus if one or more of said one or more measurement parameters crosses a respective predetermined threshold level;
wherein one of said measurement parameters is how many e-mail messages are sent having an identical message title.
11 Assignments
0 Petitions
Accused Products
Abstract
A computer virus outbreak is detected by comparing one or more measurement parameters determined over a measurement period against a threshold level. The measurement parameters can include a measurement of how many E-mail messages are sent having an identical file attachment, file type or simply in total. The threshold levels may be varied with the time of day and day of week as well as the tests applied.
-
Citations
27 Claims
-
1. A computer program product embodied on a computer readable medium for detecting an outbreak of a computer virus on a computer system, said computer program product comprising:
-
(i) measurement computer code operable to measure one or more measurement parameters indicative of non virus specific activity of said computer system over a respective measurement period;
(ii) comparison computer code operable to compare said one or more measurement parameters with respective predetermined threshold levels, wherein one of said measurement parameters is e-mail throughput within said computer system, wherein each e-mail processed has an associated size value and e-mail throughput is measured in a form dependent upon a number of e-mails and a total of size values for said e-mails within a predetermined period; and
(iii) signal generating computer code operable to generate a signal indicative of an outbreak of a computer virus if one or more of said one or more measurement parameters crosses a respective predetermined threshold level;
wherein one of said measurement parameters is how many e-mail messages are sent having an identical message title. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of detecting an outbreak of a computer virus on a computer system, said method comprising the steps of:
-
(i) measuring one or more measurement parameters indicative of non virus specific activity of said computer system over a respective measurement period;
(ii) comparing said one or more measurement parameters with respective predetermined threshold levels, wherein one of said measurement parameters is e-mail throughput within said computer system, wherein each e-mail processed has an associated size value and e-mail throughput is measured in a form dependent upon a number of e-mails and a total of size values for said e-mails within a predetermined period; and
(iii) generating a signal indicative of an outbreak of a computer virus if one or more of said one or more measurement parameters crosses a respective predetermined threshold level;
wherein one of said measurement parameters is how many e-mail messages are sent having an identical message title. - View Dependent Claims (11, 12, 13, 15, 16, 17, 18)
-
-
14. A method as claimed in claim a 10, wherein said respective predetermined threshold levels are varied in dependence upon time of day.
-
19. Apparatus for detecting an outbreak of a computer virus on a computer apparatus, said system comprising:
-
(i) measuring logic operable to measure one or more measurement parameters indicative of non virus specific activity of said computer system over a respective measurement period;
(ii) comparing logic operable to compare said one or more measurement parameters with respective predetermined threshold levels, wherein one of said measurement parameters is e-mail throughput within said computer system, wherein each e-mail processed has an associated size value and e-mail throughput is measured in a form dependent upon a number of e-mails and a total of size values for said e-mails within a predetermined period; and
(iii) signal generating logic operable to generate a signal indicative of an outbreak of a computer virus if one or more of said one or more measurement parameters crosses a respective predetermined threshold level;
wherein one of said measurement parameters is how many e-mail messages are sent having an identical message title. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMcAfee, LLC
-
Original AssigneeNetworks Associates Technology, Inc. (McAfee, LLC)
-
InventorsSmithson, Robert Hugh, Rothwell, Anton Christian, Bolin, Christopher Scott, Woodruff, Andrew Arlin, Green, Jeffrey Martin
-
Primary Examiner(s)Sheikh, Ayaz
-
Assistant Examiner(s)REVAK, CHRISTOPHER A
-
Application NumberUS09/660,300Time in Patent Office1,687 DaysField of Search709/200, 709/205, 709/206, 709/223, 709/224, 713/200, 713/201, 706/15, 706/16US Class Current726/24CPC Class CodesG06F 21/554 involving event detection a...G06F 21/56 Computer malware detection ...G06F 21/566 Dynamic detection, i.e. det...H04L 51/212 using filtering or selectiv...H04L 63/1408 by monitoring network traff...H04L 63/145 the attack involving the pr...
