×

Automatic registration of a virus/worm monitor in a distributed network

  • US 7,565,550 B2
  • Filed: 10/09/2003
  • Issued: 07/21/2009
  • Est. Priority Date: 08/29/2003
  • Status: Active Grant
First Claim
Patent Images

1. In a distributed network having a number of server computers and associated client devices, a network virus defense system, comprising:

  • a network virus/worm sensor operable in a number of modes arranged to detect a computer virus or a computer worm in the network, the network virus/worm sensor switching from a first mode to a second mode when the computer virus or computer worm is detected, wherein in the first mode, the bandwidth of the network is minimally affected in that received data packets are not removed from or added to network traffic, but are copied, and the copied data packets are used in detecting the computer virus, and wherein in the second mode, the received data packets are not copied and a subset of the received data packets determined to be infected or suspected of being infected by the network virus/worm sensor are not returned to the network;

    a traffic controller coupled to the distributed network arranged to select original data packets, wherein the selected original data packets or a copy of the selected original data packets are forwarded to the network virus/worm sensor;

    a network virus sensor self registration module coupled to the network virus/worm sensor arranged to automatically self register the coupled network virus/worm sensor;

    a controller storing a rules engine used to store and source a plurality of detection rules for detecting computer viruses and worms, said controller using statistical results of observed abnormal events as recorded and monitored by the network virus/worm sensor, the abnormal events defined in policies and in the plurality of detection rules, and wherein the network virus/worm sensor generates an abnormal behavior report which is evaluated by one of said server computers to determine an action to perform; and

    an anti-virus agent creation module arranged to create an anti-virus agent having a detection module, an infection module and a payload.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×