Methods and apparatus providing computer and network security for polymorphic attacks
First Claim
Patent Images
1. A method comprising:
- monitoring, at each of a plurality of control points, one or more processing activities associated with each of a plurality of components of a computer system, each control point of the plurality of control points corresponding to one or more components of the plurality of components, each component having a corresponding interface;
detecting an attack on the computer system;
in response to the detecting, determining that the attack is a polymorphic attack;
in response to the determining, identifying a particular interface on the computer system that is failing as a result of the polymorphic attack;
determining that generation of a new signature will not be effective to prevent execution of the polymorphic attack;
in response to determining that generation of a new signature will not be effective to prevent execution of the polymorphic attack, adjusting access only to the particular interface at a particular control point established on the interface and not the entire computer system, wherein the particular control point is one of the plurality of control points;
wherein the method is performed by one or more processors.
1 Assignment
0 Petitions
Accused Products
Abstract
A system detects an attack on the computer system. The system identifies the attack as polymorphic, capable of modifying itself for every instance of execution of the attack. The modification of the attack is utilized to defeat detection of the attack. In one embodiment, the system determines generation of an effective signature of the attack has failed. The signature is utilized to prevent execution of the attack. The system then adjusts access to an interface to prevent further damage caused to the computer system by the attack.
-
Citations
20 Claims
-
1. A method comprising:
-
monitoring, at each of a plurality of control points, one or more processing activities associated with each of a plurality of components of a computer system, each control point of the plurality of control points corresponding to one or more components of the plurality of components, each component having a corresponding interface; detecting an attack on the computer system; in response to the detecting, determining that the attack is a polymorphic attack; in response to the determining, identifying a particular interface on the computer system that is failing as a result of the polymorphic attack; determining that generation of a new signature will not be effective to prevent execution of the polymorphic attack; in response to determining that generation of a new signature will not be effective to prevent execution of the polymorphic attack, adjusting access only to the particular interface at a particular control point established on the interface and not the entire computer system, wherein the particular control point is one of the plurality of control points; wherein the method is performed by one or more processors. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer-readable storage medium encoded with computer program logic that, when executed by a computerized device, causes the device to perform:
-
monitoring, at each of a plurality of control points, one or more processing activities associated with each of a plurality of components of a computer system, each control point of the plurality of control points corresponding to one or more components of the plurality of components, each component having a corresponding interface; detecting an attack on the computer system; in response to the detecting, determining that the attack is a polymorphic attack; in response to the determining, identifying a particular interface on the computer system that is failing as a result of the polymorphic attack; determining that generation of a new signature will not be effective to prevent execution of the polymorphic attack; in response to determining that generation of a new signature will not be effective to prevent execution of the polymorphic attack, adjusting access only to the particular interface at a particular control point established on the interface and not the entire computer system, wherein the particular control point is one of the plurality of control points. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification