Signature driven cache extension for stream based scanning
First Claim
Patent Images
1. A computer implemented method for dynamically resizing a flow scanning cache used to scan a flow for presence of malicious code signatures, the method comprising the steps of:
- a scanning manager reading a directive contained within a known malicious code signature, said directive instructing the scanning manager to resize the flow scanning cache;
the scanning manager dynamically resizing the flow scanning cache responsive to the directive;
and the scanning manager scanning for presence of a known malicious code signature within the resized flow scanning cache.
2 Assignments
0 Petitions
Accused Products
Abstract
A scanning manager (101) dynamically resizes (205) a flow scanning cache (109) based on signature (105) content in order to scan a flow (103) for signatures (105). The scanning manager (101) reads a directive (107) in a signature (105) to resize (205) the cache (109) in order to scan the flow (103) for the signature (105). The scanning manager (101) dynamically resizes (205) the cache (109) responsive to the directive (107), and scans for the signature (105) within the resized cache (109).
-
Citations
43 Claims
-
1. A computer implemented method for dynamically resizing a flow scanning cache used to scan a flow for presence of malicious code signatures, the method comprising the steps of:
-
a scanning manager reading a directive contained within a known malicious code signature, said directive instructing the scanning manager to resize the flow scanning cache; the scanning manager dynamically resizing the flow scanning cache responsive to the directive; and the scanning manager scanning for presence of a known malicious code signature within the resized flow scanning cache. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 41, 42)
-
-
10. A computer implemented method for dynamically resizing a flow scanning cache used to scan at least one flow for presence of malicious code signatures, the method comprising the steps of:
-
prior to scanning at least one flow, a scanning manager reading a plurality of known malicious code signatures; the scanning manager determining from content of at least one known malicious code signature an optimal flow scanning cache size for scanning for that malicious code signature; and while scanning a flow for the plurality of known malicious code signatures, the scanning manager dynamically resizing the flow scanning cache based on the determined optimal flow scanning cache size for at least one known malicious code signature of the plurality, as the scanning manager is scanning for that known malicious code signature. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 43)
-
-
19. A computer readable medium storing a computer program product for dynamically resizing a flow scanning cache used to scan a flow for presence of malicious code signatures, the computer program product comprising:
-
program code, acting as a scanning manager, for reading a directive in contained within a known malicious code signature, said directive instructing to resize the flow scanning cache; program code, acting as a scanning manager, for dynamically resizing the flow scanning cache responsive to the directive; and program code, acting as a scanning manager, for scanning for the known malicious code signature within the resized flow scanning cache. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A computer readable medium storing a computer program product for dynamically resizing a flow scanning cache used to scan at least one flow for presence of malicious code signatures, the computer program product comprising:
-
program code, acting as a scanning manager, for, prior to scanning at least one flow, reading a plurality of known malicious code signatures; program code, acting as a scanning manager, for determining from content of at least one known malicious code signature an optimal flow scanning cache size for scanning for that known malicious code signature; and program code, acting as a scanning manager, for, while scanning a flow for the plurality of known malicious code signatures, dynamically resizing the flow scanning cache based on the determined optimal flow scanning cache size for at least one known malicious code signature of the plurality, as the program code is scanning for that known malicious code signature. - View Dependent Claims (25, 26, 27, 28)
-
-
29. A computer system for dynamically resizing a flow scanning cache used to scan a flow for known malicious code signatures, the computer system comprising:
-
a software portion, acting as a scanning manager, configured to read a directive in a known malicious code signature to resize the flow scanning a cache in order to scan the flow for the known malicious code signature; a software portion, acting as a scanning manager, configured to dynamically resize the flow scanning cache responsive to the directive; and a software portion, acting as a scanning manager, configured to scan for the known malicious code signature within the resized flow scanning cache. - View Dependent Claims (30, 31, 32, 33, 34)
-
-
35. A computer system for dynamically resizing a flow scanning cache used to scan at least one flow for presence of malicious code signatures, the computer system comprising:
-
a software portion, acting as a scanning manager, configured to, prior to scanning at least one flow, read a plurality of known malicious code signatures; a software portion, acting as a scanning manager, configured to determine from content of at least one known malicious code signature an optimal flow scanning cache size for scanning for that known malicious code signature; and a software portion, acting as a scanning manager, configured to, while scanning a flow for the plurality of known malicious code signatures, dynamically resize the flow scanning cache based on the determined optimal flow scanning cache size for at least one known malicious code signature of the plurality, as the software portion is scanning for that known malicious code signature. - View Dependent Claims (36, 37, 38, 39, 40)
-
Specification