Efficient distribution of a malware countermeasure
First Claim
Patent Images
1. A network device comprising:
- a network probe circuit for collecting information from at least one node of a plurality of networked nodes;
a network analyzer circuit for monitoring the plurality of networked nodes including at least generating at least one topological map including the plurality of networked nodes;
a decision circuit for determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes; and
a distribution circuit for communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments include a system, an apparatus, a device, computer-program product, and a method. An embodiment provides a network device. The network device includes an information store operable to save a countermeasure useable in at least substantially reducing a harm caused by a malware (hereafter the “malware countermeasure”). The network device also includes a transmission circuit for sending a packet to at least one node of a plurality of networked nodes. The network device further includes a protection circuit for implementing the malware countermeasure in the network device.
70 Citations
47 Claims
-
1. A network device comprising:
-
a network probe circuit for collecting information from at least one node of a plurality of networked nodes; a network analyzer circuit for monitoring the plurality of networked nodes including at least generating at least one topological map including the plurality of networked nodes; a decision circuit for determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes; and a distribution circuit for communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A method implemented in a computing device comprising:
-
collecting information from at least one node of a plurality of networked nodes; monitoring the plurality of networked nodes including at least generating at least one topological map including the plurality of networked nodes; determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes; and communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map, wherein at least one of the collecting, monitoring, determining or communicating is at least partially performed by at least one processing device. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A network device comprising:
-
means for collecting information from at least one node of a plurality of networked nodes; means for monitoring the plurality of networked nodes including at least generating at least one topological map including the plurality of networked nodes; means for determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes; and means for communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map. - View Dependent Claims (43, 44)
-
-
45. A computer-program storage product comprising:
-
(a) program instructions operable to perform a process in a computing device, the process comprising; collecting information from at least one node of a plurality of networked nodes; monitoring the plurality of networked nodes including at least generating at least one topological map including the plurality of networked nodes; determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes; and communicating, in response to determining from the information collected existence of at least one signature or anomaly that indicates at least some malware is operating on the at least one node of the plurality of networked nodes, at least one malware countermeasure to the at least one node of the plurality of networked nodes, the at least one node of the plurality of networked nodes selected using at least one hit list, the at least one hit list based at least partially on at least one generated topological map; and (b) one or more non-transitory computer-readable storage media bearing the program instructions. - View Dependent Claims (46, 47)
-
Specification