Virus epidemic damage control system and method for network environment
First Claim
1. A method of detecting a malicious computer program in a computer network having a plurality of network nodes, the method comprising:
- identifying a first file having a first content that has been modified within a predetermined time interval;
identifying a second file having a second content that has been modified within the predetermined time interval;
determining whether the first content and the second content are substantially identical;
if the first content and the second content are substantially identical, notifying a computer network server that a malicious computer program is present in the computer network; and
if the first content and the second content are not substantially identical, continuing normal operation of the computer network wherein the first file is on a first network node and the second file is on a second network node.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for providing damage control caused by a virus epidemic in a network environment are advantageously provided according to the intention. The system according to a preferred embedment of the invention effectively and rapidly distributes antivirus protection and cure measures within the network so as to reduce the level of damage during the virus epidemic. The method according to the invention contains the spread of a computer virus in a network system by detecting the traffic flow and analyzing the identical sections in files modified in a short time period. The network system accordingly includes a management server, a management information database (MIB) having a plurality of tasks for performing work in the network system, and a plurality of device node. Each network task corresponds to an event occurring in the system. Damage control caused by a virus epidemic in a network environment is controlled and level of damage is accordingly reduced.
51 Citations
10 Claims
-
1. A method of detecting a malicious computer program in a computer network having a plurality of network nodes, the method comprising:
-
identifying a first file having a first content that has been modified within a predetermined time interval; identifying a second file having a second content that has been modified within the predetermined time interval; determining whether the first content and the second content are substantially identical; if the first content and the second content are substantially identical, notifying a computer network server that a malicious computer program is present in the computer network; and if the first content and the second content are not substantially identical, continuing normal operation of the computer network wherein the first file is on a first network node and the second file is on a second network node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
Specification