System and method for a distributed application and network security system (SDI-SCAM)
DC CAFCFirst Claim
1. A distributed security system that protects individual computers in a computer network having a plurality of computers, said system comprising individual computers having agents associated therewith that control the associated individual computer, each agent performing the steps of:
- creating statistical models of usage of the associated individual computer in said computer network;
gathering and analyzing information relating to current usage of the associated individual computer in said computer network;
determining from said information a pattern of usage of the associated individual computer that is consistent with intrusion or attack of the associated individual computer or the computer network;
determining a probability of the likelihood of an intrusion or attack from said pattern of usage of the associated individual computer;
distributing in real-time warnings and potential countermeasures to agents of each of said individual computers in said computer network when the determined probability of the likelihood of an intrusion or attack exceeds a statistical threshold, wherein at least one of said warnings comprises information related to the nature of the intrusion or attack and the determined probability of the likelihood of intrusion or attack based on the statistical models of the associated individual computer; and
updating said statistical models of the associated individual computer to reflect the current usage of the associated individual computer in said computer network and the likelihood of intrusion or attack;
wherein each said agent schedules the associated individual computers for different anti-viral software updates based on different levels of probability of an intrusion or attack for each individual computer based on the statistical model for each individual computer and a detected level of probability of an intrusion or attack; and
wherein each said agent suspends said schedule and immediately provides the anti-viral software update to the associated individual computer when an intrusion or attack of any computer in said computer network is detected or the detected probability of an intrusion or attack is high that the associated individual computer has been infected by a particular type of virus.
2 Assignments
Litigations
0 Petitions
Accused Products
Abstract
This document discloses the architecture and proposed application of a highly distributed network security system. Using a combination of intelligent client-side and server-side agents, redundant memory arrays, duplicate network connections, and a variety of statistical analytics, which are cleverly designed to anticipate, counteract and defeat likely strategic designs, behaviors and adaptations of these threats which may be intended to evade or even disable the network security system, this system serves to detect, prevent, and repair a wide variety of network intrusions.
82 Citations
33 Claims
-
1. A distributed security system that protects individual computers in a computer network having a plurality of computers, said system comprising individual computers having agents associated therewith that control the associated individual computer, each agent performing the steps of:
-
creating statistical models of usage of the associated individual computer in said computer network; gathering and analyzing information relating to current usage of the associated individual computer in said computer network; determining from said information a pattern of usage of the associated individual computer that is consistent with intrusion or attack of the associated individual computer or the computer network; determining a probability of the likelihood of an intrusion or attack from said pattern of usage of the associated individual computer; distributing in real-time warnings and potential countermeasures to agents of each of said individual computers in said computer network when the determined probability of the likelihood of an intrusion or attack exceeds a statistical threshold, wherein at least one of said warnings comprises information related to the nature of the intrusion or attack and the determined probability of the likelihood of intrusion or attack based on the statistical models of the associated individual computer; and updating said statistical models of the associated individual computer to reflect the current usage of the associated individual computer in said computer network and the likelihood of intrusion or attack; wherein each said agent schedules the associated individual computers for different anti-viral software updates based on different levels of probability of an intrusion or attack for each individual computer based on the statistical model for each individual computer and a detected level of probability of an intrusion or attack; and wherein each said agent suspends said schedule and immediately provides the anti-viral software update to the associated individual computer when an intrusion or attack of any computer in said computer network is detected or the detected probability of an intrusion or attack is high that the associated individual computer has been infected by a particular type of virus. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 31)
-
-
18. A method of protecting individual computers in a computer network having a plurality of computers, wherein individual computers have associated agents that control said individual computers to perform the steps of:
-
creating statistical models of usage of said individual computer in said computer network; gathering and analyzing information relating to current usage of said individual computer in said computer network; determining from said information a pattern of usage of said individual computer that is consistent with intrusion or attack of the individual computer or the computer network; determining a probability of the likelihood of an intrusion or attack from said pattern of usage of said individual computer; distributing in real-time warnings and potential countermeasures to agents of each of said individual computers in said computer network when the determined probability of the likelihood of an intrusion or attack exceeds a statistical threshold, wherein at least one of said warnings comprises information related to the nature of the intrusion or attack and the determined probability of the likelihood of intrusion or attack based on the statistical models of said individual computer; updating said statistical models of said individual computer to reflect the current usage of said individual computer in said computer network and the likelihood of intrusion or attack; scheduling the individual computers associated with respective agents for different anti-viral software updates based on different levels of probability of an intrusion or attack for each different individual computer based on the statistical model for the computer to be updated and a detected level of probability of an intrusion or attack; and suspending said schedule and immediately providing the anti-viral software update to the individual computer associated with an agent when an intrusion or attack of any computer in said computer network is detected or the detected probability of an intrusion or attack is high that the computer associated with the agent has been infected by a particular type of virus. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 32)
-
-
30. A distributed security system that protects individual computers in a computer network having a plurality of computers, wherein said distributed security system comprises at least one security computer that is fully isolated from said computer network having said individual computers and said at least one security computer includes an agent that controls said at least one security computer to perform the steps of:
-
creating statistical models of usage of said individual computers in said computer network; gathering and analyzing information relating to current usage of said individual computers in said computer network; determining from said information a pattern of usage of said individual computers that is consistent with intrusion or attack of the individual computers or the computer network; determining a probability of the likelihood of an intrusion or attack from said pattern of usage of said individual computers; distributing in real-time warnings and potential countermeasures to agents of each of said individual computers in said computer network when the determined probability of the likelihood of an intrusion or attack exceeds a statistical threshold, wherein at least one of said warnings comprises information related to the nature of the intrusion or attack and the determined probability of the likelihood of intrusion or attack based on the statistical models of said individual computers; and updating said statistical models of said individual computers to reflect the current usage of said individual computers in said computer network and the likelihood of intrusion or attack; wherein said agent controls said at least one security computer to perform the steps of; scheduling different individual computers for an anti-viral software update based on the statistical models of the individual computers and a detected level of probability of an intrusion or attack of the individual computers; and suspending said schedule and immediately providing the anti-viral software update to at least one individual computer when an intrusion or attack of any computer in said computer network is detected or the detected probability of an intrusion or attack is high that said at least one individual computer has been infected by a particular type of virus. - View Dependent Claims (33)
-
Specification