Method and system for adaptive rule-based content scanners for desktop computers

  • US 7,975,305 B2
  • Filed: 12/09/2004
  • Issued: 07/05/2011
  • Est. Priority Date: 11/06/1997
  • Status: Expired due to Term
First Claim
Patent Images

1. A security system for scanning content within a computer, comprising:

  • a network interface, housed within a computer, for receiving incoming content from the Internet on its destination to an Internet application running on the computer;

    a database of parser and analyzer rules corresponding to computer exploits, stored within the computer, computer exploits being portions of program code that are malicious, wherein the parser and analyzer rules describe computer exploits as patterns of types of tokens, tokens being program code constructs, and types of tokens comprising a punctuation type, an identifier type and a function type;

    a rule-based content scanner that communicates with said database of parser and analyzer rules, operatively coupled with said network interface, for scanning incoming content received by said network interface to recognize the presence of potential computer exploits therewithin;

    a network traffic probe, operatively coupled to said network interface and to said rule-based content scanner, for selectively diverting incoming content from its intended destination to said rule-based content scanner; and

    a rule update manager that communicates with said database of parser and analyzer rules, for updating said database of parser and analyzer rules periodically to incorporate new parser and analyzer rules that are made available.

View all claims

    Thank you for your feedback