Method and system for responding to a computer intrusion
First Claim
1. A method for managing an intrusion on a computer, the method comprising:
- visually representing on a computer display a known intrusion path of a known intrusion of hardware of a computer such that the known intrusion path is visually depicted on a display of the computer as a graphical representation of all hardware in a hardware topology of the computer that was previously infected by the known intrusion, wherein the graphical representation of the known intrusion path includes a scripted response that is visually displayed in association with at least one of the hardware displayed in the known intrusion path graphical representation;
visually representing on the computer display a current intrusion path of a current intrusion of the computer such that the current intrusion path is visually depicted on the computer display using a graphical representation of all hardware in the hardware topology of the computer that is currently infected by the current intrusion;
matching the current intrusion to the known intrusion according to at least one common node in the visual graphical representations of the displayed graphical intrusion paths of the known intrusion and the current intrusion; and
responsive to matching the known intrusion and the current intrusion, initiating the scripted response, wherein the scripted response is capable of responding to the current intrusion.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for managing an intrusion on a computer by graphically representing an intrusion pattern of a known past intrusion, and then comparing the intrusion pattern of the known intrusion with a current intrusion. The intrusion pattern may either be based on intrusion events, which are the effects of the intrusion or activities that provide a signature of the type of intrusion, or the intrusion pattern may be based on hardware topology that is affected by the intrusion. The intrusion pattern is graphically displayed with scripted responses, which in a preferred embodiment are presented in pop-up windows associated with each node in the intrusion pattern. Alternatively, the response to the intrusion may be automatic, based on a pre-determined percentage of common features in the intrusion pattern of the known past intrusion and the current intrusion.
52 Citations
38 Claims
-
1. A method for managing an intrusion on a computer, the method comprising:
-
visually representing on a computer display a known intrusion path of a known intrusion of hardware of a computer such that the known intrusion path is visually depicted on a display of the computer as a graphical representation of all hardware in a hardware topology of the computer that was previously infected by the known intrusion, wherein the graphical representation of the known intrusion path includes a scripted response that is visually displayed in association with at least one of the hardware displayed in the known intrusion path graphical representation; visually representing on the computer display a current intrusion path of a current intrusion of the computer such that the current intrusion path is visually depicted on the computer display using a graphical representation of all hardware in the hardware topology of the computer that is currently infected by the current intrusion; matching the current intrusion to the known intrusion according to at least one common node in the visual graphical representations of the displayed graphical intrusion paths of the known intrusion and the current intrusion; and responsive to matching the known intrusion and the current intrusion, initiating the scripted response, wherein the scripted response is capable of responding to the current intrusion. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 37, 38)
-
-
12. A system for managing an intrusion on a computer, the system comprising:
-
a memory subsystem; and a processor coupled to the memory subsystem, wherein the processor is configured for; visually representing on a computer display a known intrusion path of a known intrusion of hardware of a computer such that the known intrusion path is visually depicted on the computer display as a graphical representation of all hardware in a hardware topology of the computer that was previously infected by the known intrusion, such that the graphical representation of the known intrusion path includes a scripted response that is visually displayed in association with at least one of the hardware displayed in the known intrusion path graphical representation; visually representing on the computer display a current intrusion path of a current intrusion of the computer such that the current intrusion path is visually depicted on the computer display using a graphical representation of all hardware in the hardware topology of the computer that is currently infected by the current intrusion; matching the current intrusion of the computer to the known intrusion according to at least one common node in the visual graphical representations of the displayed graphical intrusion paths of the known intrusion and the current intrusion; and responsive to matching the known intrusion and the current intrusion, initiating the scripted response, wherein the scripted response is capable of responding to the current intrusion. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A non-transitory computer usable medium for managing a virus on a computer, the non-transitory computer usable medium, comprising:
-
computer program code for visually representing on a computer display a known intrusion path of a known intrusion of hardware of a computer such that the known intrusion path is visually depicted on a display of the computer as a graphical representation of all hardware in a hardware topology of the computer that was previously infected by the known intrusion, such that the graphical representation of the known intrusion path includes a scripted response that is visually displayed in association with at least one of the hardware displayed in the known intrusion path graphical representation; computer program code for visually representing on the computer display a current intrusion path of a current intrusion of the computer such that the current intrusion path is visually depicted on the computer display using a graphical representation of all hardware in the hardware topology of the computer that is currently infected by the current intrusion; computer program code for matching the current intrusion of the computer to the known intrusion according to at least one common node in the visual graphical representations of the displayed graphical intrusion paths of the known intrusion and the current intrusion; and computer program code for, responsive to the matching of the known intrusion and the current intrusion, initiating the scripted response, which is capable of responding to the current intrusion, wherein the computer usable medium is a computer usable storage medium. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
Specification