Virus epidemic damage control system and method for network environment
First Claim
1. A computer virus damage control method in a network system having a plurality of device, the said method comprising the steps of:
- (a1) detecting traffic flow in said device nodes;
(a2) determining a neighborhood having unpredicted traffic flow from said device nodes;
(a3) designating those of said device nodes having unpredicted traffic flow as abnormal device nodes and those of said device nodes having predicted traffic flow as normal device nodes;
(a4) detecting traffic flow of said abnormal device nodes for a predetermined time interval;
(a5) partially isolating a segment including said abnormal device nodes;
(a6) reducing the size of said isolated segment therein by rejecting any normal device nodes (a7) transferring an antivirus task into said isolated segment for pinpointing a computer virus; and
(a8) eradicating said virus using said antivirus task.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for providing damage control caused by a virus epidemic in a network environment are advantageously provided according to the intention. The system according to a preferred embedment of the invention effectively and rapidly distributes antivirus protection and cure measures within the network so as to reduce the level of damage during the virus epidemic. The method according to the invention contains the spread of a computer virus in a network system by detecting the traffic flow and analyzing the identical sections in files modified in a short time period. The network system accordingly includes a management server, a management information database (MIB) having a plurality of tasks for performing work in the network system, and a plurality of device node. Each network task corresponds to an event occurring in the system. Damage control caused by a virus epidemic in a network environment is controlled and level of damage is accordingly reduced.
347 Citations
40 Claims
-
1. A computer virus damage control method in a network system having a plurality of device, the said method comprising the steps of:
-
(a1) detecting traffic flow in said device nodes;
(a2) determining a neighborhood having unpredicted traffic flow from said device nodes;
(a3) designating those of said device nodes having unpredicted traffic flow as abnormal device nodes and those of said device nodes having predicted traffic flow as normal device nodes;
(a4) detecting traffic flow of said abnormal device nodes for a predetermined time interval;
(a5) partially isolating a segment including said abnormal device nodes;
(a6) reducing the size of said isolated segment therein by rejecting any normal device nodes (a7) transferring an antivirus task into said isolated segment for pinpointing a computer virus; and
(a8) eradicating said virus using said antivirus task. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer virus damage control method in a network system having a plurality of device nodes, the method comprising the steps of:
-
(b1) finding a file having been modified in a predetermined time interval;
(b2) determining first modified sections of said modified file, (b3) finding a second file having been modified in said predetermined time interval;
(b4) determining second modified sections in said second file;
(b5) comparing said first modified file and said second modified file;
(b6) repeating steps (b3), (b4) and (b5) for other files being modified in said predetermined time period;
(b7) reporting to a management server in said network system that no virus is found when all said modified sections from said modified files are not identical nor similar;
(b8) reporting to a management server that a computer virus attack is possibly initiated when a specific number of said modified sections from said modified files are generally identical or similar;
(b9) quarantining an area containing those of said device nodes having files with said modified sections; and
(b10) transferring an antivirus task into said quarantined area for finding a computer virus and eradicating said virus. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A network system comprising:
-
a management server connected to a plurality of device nodes;
a management information database (MIB) connected to said management server;
a task database in said MIB recording a plurality of tasks capable of being performed in said network system;
a cure database stored in said MIB recording a plurality of cures for forming said tasks, an area of said device nodes isolated for having unpredicted traffic flow; and
an antivirus task transformed into said isolated area for pinpointing a computer virus and eradicating said virus. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40)
-
Specification