Methods and apparatus for interface adapter integrated virus protection
First Claim
1. A media integrated protection adapter comprising:
- an external media interface to accept media data in incoming data frames for processing;
an integrated virus protection engine that initiates a host processor opcode usage evaluation to check the media data in varying evaluation window sizes that encompass one or more of the incoming data frames for patterns of opcode usage indicative of suspect data and generate a media data descriptor having results of the opcode usage evaluation with a suspect data indicator that indicates a suspected type of virus found; and
a system interface providing coupling to a host processor and host memory for moving the media data and the media data descriptor to the host memory in a data transfer operation and informing the host processor of the data transfer operation and to check the suspect data indicator.
9 Assignments
0 Petitions
Accused Products
Abstract
A virus detection mechanism is described in which virus detection is provided by a network integrated protection (NIP) adapter. The NIP adapter checks incoming media data prior to it being activated by a computing device. The NIP adapter operates independently of a host processor to receive information packets from a network. This attribute of independence allows NIP anti-virus (AV) techniques to be “always on” scanning incoming messages and data transfers. By being independent of but closely coupled to the host processor, complex detection techniques, such as using check summing or pattern matching, can be efficiently implemented on the NIP adapter without involving central processor resources and time consuming mass storage accesses. The NIP adapter may be further enhanced with a unique fading memory (FM) facility to allow for a flexible and economical implementation of polymorphic virus detection.
-
Citations
20 Claims
-
1. A media integrated protection adapter comprising:
-
an external media interface to accept media data in incoming data frames for processing; an integrated virus protection engine that initiates a host processor opcode usage evaluation to check the media data in varying evaluation window sizes that encompass one or more of the incoming data frames for patterns of opcode usage indicative of suspect data and generate a media data descriptor having results of the opcode usage evaluation with a suspect data indicator that indicates a suspected type of virus found; and a system interface providing coupling to a host processor and host memory for moving the media data and the media data descriptor to the host memory in a data transfer operation and informing the host processor of the data transfer operation and to check the suspect data indicator. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A virus protection system comprising:
-
a host memory for storing software drivers, host anti-virus (AV) programs, media data, and media data descriptors; a host processor for executing software drivers and host AV programs; and a media interface adapter having an external media interface to accept media data in incoming data frames for processing, an integrated virus protection engine that initiates an opcode usage evaluation to check the media data in varying evaluation window sizes that encompass one or more of the incoming data frames for multiple statistical patterns of opcode usage indicate indicative of suspect data, and generate a media data descriptor having results of the opcode usage evaluation with a suspect data indicator that indicates a suspected type of virus found, and an internal host processor and host memory interface for moving the media data and the media data descriptor to the host memory in a data transfer operation and informing the host processor of the data transfer operation to check the suspect data indicator to determine a type of processing appropriate for the media data. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A network integrated protection adapter comprising:
-
a virus parameter storage storing selected host processor opcodes, patterns of opcode usage, and selected fading memory parameters that govern how memory of a match event fades over time; and a virus protection engine having a network interface for receiving a data stream, wherein the virus protection engine identifies host processor opcodes in the received data stream as match events and estimates a concentration of the selected host processor opcodes in the received data stream according to the selected fading memory parameters. - View Dependent Claims (17, 18, 19, 20)
-
Specification