Virus monitor and methods of use thereof
First Claim
1. In a distributed network of interconnected computing devices, a network virus monitor, comprising:
- a virus sensor operable in a number of modes arranged to detect a computer virus in the network such that the bandwidth of the network is minimally affected in a first mode in that original data packets continue to their destination after they are copied creating copied data packets which are analyzed for the computer virus, and wherein when the virus sensor detects the computer virus, the virus sensor switches to a second mode, wherein original data packets are analyzed and a subset of data packets determined to be infected or suspected of being infected are not returned to the network and wherein the virus monitor is able to automatically collect network environment data and assign an IP address to itself, and wherein the virus monitor automatically locates a controller in the network and registers itself with the controller, from where the virus monitor receives a rule set and an outbreak prevention policy (OPP); and
a traffic controller coupled to the virus sensor and the network arranged to select certain data packets wherein the selected data packets are forwarded to the virus sensor.
1 Assignment
0 Petitions
Accused Products
Abstract
A network level virus monitoring system capable of monitoring a flow of network traffic in any of a number of inspection modes depending upon the particular needs of a system administrator. The monitoring provides an early warning of a virus attack thereby facilitating quarantine procedures directed at containing a virus outbreak. By providing such an early warning, the network virus monitor reduces the number of computers ultimately affected by the virus attack resulting in a concomitant reduction in both the cost of repair to the system and the amount of downtime. In this way, the inventive network virus monitor provides a great improvement in system uptime and reduction in system losses.
317 Citations
20 Claims
-
1. In a distributed network of interconnected computing devices, a network virus monitor, comprising:
-
a virus sensor operable in a number of modes arranged to detect a computer virus in the network such that the bandwidth of the network is minimally affected in a first mode in that original data packets continue to their destination after they are copied creating copied data packets which are analyzed for the computer virus, and wherein when the virus sensor detects the computer virus, the virus sensor switches to a second mode, wherein original data packets are analyzed and a subset of data packets determined to be infected or suspected of being infected are not returned to the network and wherein the virus monitor is able to automatically collect network environment data and assign an IP address to itself, and wherein the virus monitor automatically locates a controller in the network and registers itself with the controller, from where the virus monitor receives a rule set and an outbreak prevention policy (OPP); and a traffic controller coupled to the virus sensor and the network arranged to select certain data packets wherein the selected data packets are forwarded to the virus sensor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of monitoring a distributed network of computing devices for a computer virus at a virus monitor coupled to the distributed network, comprising:
-
monitoring a flow of data packets in the network for the computer virus while minimally reducing the flow of data packets in a standby mode, wherein data packets continue to their destination after they are copied creating copied data packets which are analyzed for the computer virus, thereby preserving network bandwidth; determining that at least one of the copied data packets is infected or suspected of being infected with the computer virus; monitoring the flow of data packets in an inline mode wherein original data packets are analyzed and wherein data packets that are determined to be infected or suspected of infection are not returned to the flow of data packets; and initializing the virus monitor by automatically; collecting network environment data; assigning an IP address to the virus monitor; locating a controller in the network; and registering the virus monitor with the controller, from where the virus monitor receives a rule set and an outbreak prevention policy (OPP). - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer-readable medium storing computer code for monitoring a distributed network of computing devices for a computer virus at a virus monitor coupled to the distributed network, the computer-readable medium comprising:
-
computer code for monitoring a flow of data packets in the network for the computer virus while minimally reducing the flow of data packets in a standby mode, wherein data packets continue to their destination after they are copied creating copied data packets which are analyzed for the computer virus, thereby preserving network bandwidth; computer code for determining that at least one of the copied data packets is infected or suspected of being infected with the computer virus; computer code for monitoring the flow of data packets in an inline mode wherein original data packets are analyzed and wherein data packets that are determined to be infected or suspected of infection are not returned to the flow of data packets; computer code for automatically collecting network environment data at the virus monitor; computer code for automatically assigning an IP address to the virus monitor; and computer code for automatically locating a controller in the network and registering the virus monitor with the controller, from where the virus monitor receives a rule set and an outbreak prevention policy (OPP). - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification