×

Protocol layer-level system and method for detecting virus activity

  • US 7,269,649 B1
  • Filed: 09/28/2001
  • Issued: 09/11/2007
  • Est. Priority Date: 08/31/2001
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method for detecting network activity governed by malicious code, comprising:

  • monitoring two protocol layers associated with data communications over a network, wherein a first of the protocol layers is positioned between OSI standard layers 2 and 3, and a second of the protocol layers is positioned between OSI standard layers 4 and 5, the protocol layers being maintained by anti-malicious code software;

    determining whether the data communications are prompted by malicious code based on the monitoring; and

    initiating a security event upon determining that the data communications are prompted by malicious code;

    wherein the determination of whether the data communications are prompted by malicious code includes;

    analyzing port numbers to which the data communications are being sent, determining whether the port numbers are unique or non-unique, initiating the security event if the port numbers are determined to be unique, performing further processing if the port numbers are determined to be non-unique, and conditionally performing the security event based on the further processing, the further processing including reassembling data of the data communications and scanning the reassembled data for malicious code.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×