Network isolation techniques suitable for virus protection
First Claim
1. In a distributed network having a number of server computers and associated client devices, method of isolating infected client devices from uninfected client devices and of inoculating the infected devices, comprising:
- correlating network related virus infection reports of virus attacks;
when a specific number of reports have been correlated, determining if a virus outbreak has occurred based on the correlated information wherein an outbreak has occurred when the number of occurrences of a specified virus has surpassed a threshold;
isolating infected client devices from uninfected client devices when the virus outbreak is confirmed;
copying by a traffic controller substantially all data packets included in the network traffic; and
forwarding the copied data packets to a virus analyzer unit;
a controller signaling a virus monitor to switch to inline mode where all data packets are checked for the virus and related viruses without copying of the data packets;
monitoring all data packets in the network for the virus;
identifying the virus;
blocking only packets infected by the particular virus;
creating an anti-virus agent, wherein creating an anti-virus agent further includes;
parsing the virus into
1) a detection module that identifies a selected one of the client devices as a target client device,
2) an infection module that causes the virus to infect the target client device not infected by the selected virus, and
3) a viral code payload module that infects the target client device;
analyzing the infection module to determine the method of infection and the anti-viral payload module to determine the deleterious effects;
modifying the infection module to infect client devices already infected by the virus;
incorporating the anti-virus into the payload module that acts to prevent further infection by the virus; and
forming an anti-computer virus agent by combining the detection module, the modified infection module, and the modified viral payload module.
2 Assignments
0 Petitions
Accused Products
Abstract
In a distributed network having a number of server computers and associated client devices, method of isolating infected client devices from uninfected client devices is described. The method is carried out by correlating network related virus infection information, determining if a virus outbreak has occurred based on the correlated information, isolating infected client devices from uninfected client devices when the virus outbreak is confirmed, monitoring all data packets in the network for the virus, identifying a packet type associated with the virus, and blocking only the identified packet type.
407 Citations
10 Claims
-
1. In a distributed network having a number of server computers and associated client devices, method of isolating infected client devices from uninfected client devices and of inoculating the infected devices, comprising:
-
correlating network related virus infection reports of virus attacks; when a specific number of reports have been correlated, determining if a virus outbreak has occurred based on the correlated information wherein an outbreak has occurred when the number of occurrences of a specified virus has surpassed a threshold; isolating infected client devices from uninfected client devices when the virus outbreak is confirmed; copying by a traffic controller substantially all data packets included in the network traffic; and
forwarding the copied data packets to a virus analyzer unit;a controller signaling a virus monitor to switch to inline mode where all data packets are checked for the virus and related viruses without copying of the data packets; monitoring all data packets in the network for the virus; identifying the virus; blocking only packets infected by the particular virus; creating an anti-virus agent, wherein creating an anti-virus agent further includes; parsing the virus into
1) a detection module that identifies a selected one of the client devices as a target client device,
2) an infection module that causes the virus to infect the target client device not infected by the selected virus, and
3) a viral code payload module that infects the target client device;analyzing the infection module to determine the method of infection and the anti-viral payload module to determine the deleterious effects; modifying the infection module to infect client devices already infected by the virus; incorporating the anti-virus into the payload module that acts to prevent further infection by the virus; and forming an anti-computer virus agent by combining the detection module, the modified infection module, and the modified viral payload module. - View Dependent Claims (2, 3, 4, 5)
-
-
6. In a distributed network having a number of server computers and associated client devices, computer program product for isolating infected client devices from uninfected client devices and of inoculating the infected devices embodied in a computer readable storage medium for storing the following computer code, comprising:
-
computer code correlating network related virus infection reports of virus attacks; when a specific number of reports have been correlated, computer code determining if a virus outbreak has occurred based on the correlated information wherein an outbreak has occurred when the number of occurrences of a specified virus has surpassed a threshold; computer code isolating infected client devices from uninfected client devices when the virus outbreak is confirmed; computer code copying by a traffic controller substantially all data packets included in the network traffic; and
forwarding the copied data packets to a virus analyzer unit;computer code controlling a controller to signal a virus monitor to switch to inline mode where all data packets are checked for the virus and related viruses without copying of the data packets; computer code monitoring all data packets in the network for the virus; computer code identifying the virus; computer code blocking only packets infected by the particular virus; computer code creating an anti-virus agent, wherein creating an anti-virus agent further includes; parsing the virus into
1) a detection module that identifies a selected one of the client devices as a target client device,
2) an infection module that causes the virus to infect the target client device not infected by the selected virus, and
3) a viral code payload module that infects the target client device;analyzing the infection module to determine the method of infection and the anti-viral payload module to determine the deleterious effects; modifying the infection module to infect client devices already infected by the virus; incorporating the anti-virus into the payload module that acts to prevent further infection by the virus; and forming an anti-computer virus agent by combining the detection module, the modified infection module, and the modified viral payload module. - View Dependent Claims (7, 8, 9, 10)
-
Specification