DE60201430T8 - Erkennung von computerviren in einem netzwerk unter verwendung eines köderservers - Google Patents

Erkennung von computerviren in einem netzwerk unter verwendung eines köderservers Download PDF

Info

Publication number
DE60201430T8
DE60201430T8 DE60201430T DE60201430T DE60201430T8 DE 60201430 T8 DE60201430 T8 DE 60201430T8 DE 60201430 T DE60201430 T DE 60201430T DE 60201430 T DE60201430 T DE 60201430T DE 60201430 T8 DE60201430 T8 DE 60201430T8
Authority
DE
Germany
Prior art keywords
client
server
network
bait
offending
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
DE60201430T
Other languages
English (en)
Other versions
DE60201430T2 (de
DE60201430D1 (de
Inventor
Thomas Chefalas
Steven Mastrianni
Ajay Mohindra
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Singapore Pte Ltd
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Application granted granted Critical
Publication of DE60201430D1 publication Critical patent/DE60201430D1/de
Publication of DE60201430T2 publication Critical patent/DE60201430T2/de
Publication of DE60201430T8 publication Critical patent/DE60201430T8/de
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
DE60201430T 2001-04-10 2002-04-09 Erkennung von computerviren in einem netzwerk unter verwendung eines köderservers Expired - Fee Related DE60201430T8 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US09/829,761 US7089589B2 (en) 2001-04-10 2001-04-10 Method and apparatus for the detection, notification, and elimination of certain computer viruses on a network using a promiscuous system as bait
US829761 2001-04-10
PCT/US2002/011239 WO2002084459A1 (en) 2001-04-10 2002-04-09 Detection of computer viruses on a network using a bait server

Publications (3)

Publication Number Publication Date
DE60201430D1 DE60201430D1 (de) 2004-11-04
DE60201430T2 DE60201430T2 (de) 2006-03-02
DE60201430T8 true DE60201430T8 (de) 2006-06-08

Family

ID=25255481

Family Applications (1)

Application Number Title Priority Date Filing Date
DE60201430T Expired - Fee Related DE60201430T8 (de) 2001-04-10 2002-04-09 Erkennung von computerviren in einem netzwerk unter verwendung eines köderservers

Country Status (9)

Country Link
US (1) US7089589B2 (de)
EP (1) EP1377892B1 (de)
JP (1) JP3947110B2 (de)
KR (1) KR100553146B1 (de)
CN (1) CN1256634C (de)
AT (1) ATE278212T1 (de)
DE (1) DE60201430T8 (de)
TW (1) TW565762B (de)
WO (1) WO2002084459A1 (de)

Families Citing this family (102)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040073617A1 (en) 2000-06-19 2004-04-15 Milliken Walter Clark Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail
CN1147795C (zh) * 2001-04-29 2004-04-28 北京瑞星科技股份有限公司 检测和清除已知及未知计算机病毒的方法、系统
US7107618B1 (en) 2001-09-25 2006-09-12 Mcafee, Inc. System and method for certifying that data received over a computer network has been checked for viruses
US7243148B2 (en) * 2002-01-15 2007-07-10 Mcafee, Inc. System and method for network vulnerability detection and reporting
US7543056B2 (en) 2002-01-15 2009-06-02 Mcafee, Inc. System and method for network vulnerability detection and reporting
US7257630B2 (en) 2002-01-15 2007-08-14 Mcafee, Inc. System and method for network vulnerability detection and reporting
US20030154394A1 (en) * 2002-02-13 2003-08-14 Levin Lawrence R. Computer virus control
JP4088082B2 (ja) 2002-02-15 2008-05-21 株式会社東芝 未知コンピュータウイルスの感染を防止する装置およびプログラム
FI113499B (fi) * 2002-09-12 2004-04-30 Jarmo Talvitie Turvajärjestelmä, menetelmä ja laite tietokonevirusten torjumiseksi sekä tiedon eristämiseksi
US7278019B2 (en) * 2002-11-04 2007-10-02 Hewlett-Packard Development Company, L.P. Method of hindering the propagation of a computer virus
US7418730B2 (en) * 2002-12-17 2008-08-26 International Business Machines Corporation Automatic client responses to worm or hacker attacks
JP2006518080A (ja) 2003-02-14 2006-08-03 プリベンシス,インコーポレイティド ネットワーク監査及びポリシー保証システム
US7627891B2 (en) 2003-02-14 2009-12-01 Preventsys, Inc. Network audit and policy assurance system
US20050028010A1 (en) * 2003-07-29 2005-02-03 International Business Machines Corporation System and method for addressing denial of service virus attacks
US7386719B2 (en) * 2003-07-29 2008-06-10 International Business Machines Corporation System and method for eliminating viruses at a web page server
US7552473B2 (en) * 2003-08-12 2009-06-23 Symantec Corporation Detecting and blocking drive sharing worms
US20050086526A1 (en) * 2003-10-17 2005-04-21 Panda Software S.L. (Sociedad Unipersonal) Computer implemented method providing software virus infection information in real time
EP1528452A1 (de) * 2003-10-27 2005-05-04 Alcatel Rekursive Erkennung, Schutz und Entfernen von Computerviren in Knoten eines Datennetzwerks
US7636716B1 (en) 2003-12-03 2009-12-22 Trend Micro Incorporated Method and architecture for blocking email spams
CN100395985C (zh) * 2003-12-09 2008-06-18 趋势株式会社 强制设置防毒软件的方法及网络系统
US7647631B2 (en) * 2003-12-10 2010-01-12 Hewlett-Packard Development Company Automated user interaction in application assessment
US20050201297A1 (en) * 2003-12-12 2005-09-15 Cyrus Peikari Diagnosis of embedded, wireless mesh networks with real-time, flexible, location-specific signaling
US7370361B2 (en) 2004-02-06 2008-05-06 Trend Micro Incorporated System and method for securing computers against computer virus
US7716726B2 (en) * 2004-02-13 2010-05-11 Microsoft Corporation System and method for protecting a computing device from computer exploits delivered over a networked environment in a secured communication
US8458797B1 (en) 2004-03-25 2013-06-04 Trend Micro Incorporated System and method for securing computers against computer viruses
US20050216957A1 (en) * 2004-03-25 2005-09-29 Banzhof Carl E Method and apparatus for protecting a remediated computer network from entry of a vulnerable computer system thereinto
US8201257B1 (en) 2004-03-31 2012-06-12 Mcafee, Inc. System and method of managing network security risks
US7519954B1 (en) 2004-04-08 2009-04-14 Mcafee, Inc. System and method of operating system identification
US7472288B1 (en) 2004-05-14 2008-12-30 Trend Micro Incorporated Protection of processes running in a computer system
US7624445B2 (en) * 2004-06-15 2009-11-24 International Business Machines Corporation System for dynamic network reconfiguration and quarantine in response to threat conditions
JP4050253B2 (ja) * 2004-06-22 2008-02-20 株式会社ラック コンピュータウィルス情報収集装置、コンピュータウィルス情報収集方法、及びプログラム
US7448085B1 (en) 2004-07-07 2008-11-04 Trend Micro Incorporated Method and apparatus for detecting malicious content in protected archives
US20060015939A1 (en) * 2004-07-14 2006-01-19 International Business Machines Corporation Method and system to protect a file system from viral infections
KR100611679B1 (ko) 2004-07-30 2006-08-10 주식회사 뉴테크웨이브 컴퓨터 바이러스의 조기방역 시스템 및 방법
US20060075493A1 (en) * 2004-10-06 2006-04-06 Karp Alan H Sending a message to an alert computer
US8495144B1 (en) 2004-10-06 2013-07-23 Trend Micro Incorporated Techniques for identifying spam e-mail
US7716527B2 (en) * 2004-11-08 2010-05-11 International Business Machines Corporation Repair system
US7765596B2 (en) 2005-02-09 2010-07-27 Intrinsic Security, Inc. Intrusion handling system and method for a packet network with dynamic network address utilization
KR100599084B1 (ko) * 2005-02-24 2006-07-12 삼성전자주식회사 이동 통신 네트워크에서의 바이러스 치료 방법
US7690038B1 (en) 2005-04-26 2010-03-30 Trend Micro Incorporated Network security system with automatic vulnerability tracking and clean-up mechanisms
US7636943B2 (en) * 2005-06-13 2009-12-22 Aladdin Knowledge Systems Ltd. Method and system for detecting blocking and removing spyware
US7571483B1 (en) * 2005-08-25 2009-08-04 Lockheed Martin Corporation System and method for reducing the vulnerability of a computer network to virus threats
US8082586B2 (en) * 2005-11-22 2011-12-20 International Business Machines Corporation Snoop echo response extractor
US7756535B1 (en) 2006-07-07 2010-07-13 Trend Micro Incorporated Lightweight content filtering system for mobile phones
US7971257B2 (en) * 2006-08-03 2011-06-28 Symantec Corporation Obtaining network origins of potential software threats
US7788576B1 (en) 2006-10-04 2010-08-31 Trend Micro Incorporated Grouping of documents that contain markup language code
US7797746B2 (en) 2006-12-12 2010-09-14 Fortinet, Inc. Detection of undesired computer files in archives
US8756683B2 (en) * 2006-12-13 2014-06-17 Microsoft Corporation Distributed malicious software protection in file sharing environments
US8898276B1 (en) * 2007-01-11 2014-11-25 Crimson Corporation Systems and methods for monitoring network ports to redirect computing devices to a protected network
US8938773B2 (en) * 2007-02-02 2015-01-20 Websense, Inc. System and method for adding context to prevent data leakage over a computer network
US7861305B2 (en) * 2007-02-07 2010-12-28 International Business Machines Corporation Method and system for hardware based program flow monitor for embedded software
US8023974B1 (en) 2007-02-15 2011-09-20 Trend Micro Incorporated Lightweight SVM-based content filtering system for mobile phones
CN101022459B (zh) * 2007-03-05 2010-05-26 华为技术有限公司 预防病毒入侵网络的系统和方法
US8099785B1 (en) 2007-05-03 2012-01-17 Kaspersky Lab, Zao Method and system for treatment of cure-resistant computer malware
US8256003B2 (en) * 2007-05-10 2012-08-28 Microsoft Corporation Real-time network malware protection
US8181245B2 (en) * 2007-06-19 2012-05-15 Microsoft Corporation Proxy-based malware scan
US7949771B1 (en) 2007-09-05 2011-05-24 Trend Micro Incorporated Authentication of unknown parties in secure computer communications
US20090144822A1 (en) * 2007-11-30 2009-06-04 Barracuda Inc. Withholding last packet of undesirable file transfer
US8181249B2 (en) * 2008-02-29 2012-05-15 Alcatel Lucent Malware detection system and method
US9015842B2 (en) * 2008-03-19 2015-04-21 Websense, Inc. Method and system for protection against information stealing software
US8407784B2 (en) 2008-03-19 2013-03-26 Websense, Inc. Method and system for protection against information stealing software
US9130986B2 (en) 2008-03-19 2015-09-08 Websense, Inc. Method and system for protection against information stealing software
US8819823B1 (en) * 2008-06-02 2014-08-26 Symantec Corporation Method and apparatus for notifying a recipient of a threat within previously communicated data
US9130972B2 (en) 2009-05-26 2015-09-08 Websense, Inc. Systems and methods for efficient detection of fingerprinted data and information
US8949988B2 (en) * 2010-02-26 2015-02-03 Juniper Networks, Inc. Methods for proactively securing a web application and apparatuses thereof
US8595840B1 (en) 2010-06-01 2013-11-26 Trend Micro Incorporated Detection of computer network data streams from a malware and its variants
US8352522B1 (en) 2010-09-01 2013-01-08 Trend Micro Incorporated Detection of file modifications performed by malicious codes
US8838992B1 (en) 2011-04-28 2014-09-16 Trend Micro Incorporated Identification of normal scripts in computer systems
CN102761535A (zh) * 2011-04-29 2012-10-31 北京瑞星信息技术有限公司 病毒监测方法和设备
US8516592B1 (en) 2011-06-13 2013-08-20 Trend Micro Incorporated Wireless hotspot with lightweight anti-malware
US9811664B1 (en) 2011-08-15 2017-11-07 Trend Micro Incorporated Methods and systems for detecting unwanted web contents
US8700913B1 (en) 2011-09-23 2014-04-15 Trend Micro Incorporated Detection of fake antivirus in computers
US8776235B2 (en) * 2012-01-10 2014-07-08 International Business Machines Corporation Storage device with internalized anti-virus protection
US9043914B2 (en) 2012-08-22 2015-05-26 International Business Machines Corporation File scanning
CN103294950B (zh) * 2012-11-29 2016-07-06 北京安天电子设备有限公司 一种基于反向追踪的高威窃密恶意代码检测方法及系统
US9241259B2 (en) 2012-11-30 2016-01-19 Websense, Inc. Method and apparatus for managing the transfer of sensitive information to mobile devices
US9152808B1 (en) * 2013-03-25 2015-10-06 Amazon Technologies, Inc. Adapting decoy data present in a network
US9444912B1 (en) 2013-05-21 2016-09-13 Trend Micro Incorporated Virtual mobile infrastructure for mobile devices
US9225799B1 (en) 2013-05-21 2015-12-29 Trend Micro Incorporated Client-side rendering for virtual mobile infrastructure
US9300720B1 (en) 2013-05-21 2016-03-29 Trend Micro Incorporated Systems and methods for providing user inputs to remote mobile operating systems
US9049169B1 (en) 2013-05-30 2015-06-02 Trend Micro Incorporated Mobile email protection for private computer networks
US9058488B2 (en) * 2013-08-14 2015-06-16 Bank Of America Corporation Malware detection and computer monitoring methods
US9507617B1 (en) 2013-12-02 2016-11-29 Trend Micro Incorporated Inter-virtual machine communication using pseudo devices
CN103763324A (zh) * 2014-01-23 2014-04-30 珠海市君天电子科技有限公司 一种病毒程序传播设备监控的方法以及服务器
CN104091123B (zh) * 2014-06-27 2017-04-12 华中科技大学 一种社区网络的层次病毒免疫方法
JP2016015676A (ja) * 2014-07-03 2016-01-28 富士通株式会社 監視装置、監視システム、および、監視方法
CN104484605A (zh) * 2014-12-10 2015-04-01 央视国际网络无锡有限公司 云存储环境病毒源检测方法
JP2016181191A (ja) * 2015-03-25 2016-10-13 富士通株式会社 管理プログラム、管理装置及び管理方法
US9553885B2 (en) 2015-06-08 2017-01-24 Illusive Networks Ltd. System and method for creation, deployment and management of augmented attacker map
US10382484B2 (en) 2015-06-08 2019-08-13 Illusive Networks Ltd. Detecting attackers who target containerized clusters
KR101726160B1 (ko) 2016-03-11 2017-04-12 고려엠지주식회사 무동력 자동세척 필터링장치용 임펠러
CN106709344B (zh) * 2016-08-09 2019-12-13 腾讯科技(深圳)有限公司 一种病毒查杀的通知方法及服务器
US10169581B2 (en) 2016-08-29 2019-01-01 Trend Micro Incorporated Detecting malicious code in sections of computer files
KR102000369B1 (ko) * 2017-12-28 2019-07-15 숭실대학교산학협력단 랜섬웨어 탐지 방법, 이를 수행하기 위한 기록매체 및 램섬웨어 탐지 시스템
US10333976B1 (en) 2018-07-23 2019-06-25 Illusive Networks Ltd. Open source intelligence deceptions
US10404747B1 (en) 2018-07-24 2019-09-03 Illusive Networks Ltd. Detecting malicious activity by using endemic network hosts as decoys
US10382483B1 (en) 2018-08-02 2019-08-13 Illusive Networks Ltd. User-customized deceptions and their deployment in networks
US10333977B1 (en) 2018-08-23 2019-06-25 Illusive Networks Ltd. Deceiving an attacker who is harvesting credentials
US10432665B1 (en) 2018-09-03 2019-10-01 Illusive Networks Ltd. Creating, managing and deploying deceptions on mobile devices
US11196759B2 (en) * 2019-06-26 2021-12-07 Microsoft Technology Licensing, Llc SIEM system and methods for exfiltrating event data
CN112506699A (zh) * 2020-11-25 2021-03-16 江苏恒信和安电子科技有限公司 一种数据安全备份方法、设备和系统
US11777989B1 (en) * 2023-05-01 2023-10-03 Raymond James Financial, Inc. Automated deployment of decoy production networks

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5440723A (en) * 1993-01-19 1995-08-08 International Business Machines Corporation Automatic immune system for computers and computer networks
US5414833A (en) 1993-10-27 1995-05-09 International Business Machines Corporation Network security system and method using a parallel finite state machine adaptive active monitor and responder
US6658465B1 (en) * 1997-08-25 2003-12-02 Intel Corporation Method and apparatus for monitoring and controlling programs in a network
US5991881A (en) * 1996-11-08 1999-11-23 Harris Corporation Network surveillance system
US5960170A (en) 1997-03-18 1999-09-28 Trend Micro, Inc. Event triggered iterative virus detection
DE19734585C2 (de) 1997-08-09 2002-11-07 Brunsch Hans Verfahren und Vorrichtung zur Überwachung von Informationsflüssen in Computersystemen
US5987610A (en) * 1998-02-12 1999-11-16 Ameritech Corporation Computer virus screening methods and systems
US6647400B1 (en) * 1999-08-30 2003-11-11 Symantec Corporation System and method for analyzing filesystems to detect intrusions
US6701440B1 (en) * 2000-01-06 2004-03-02 Networks Associates Technology, Inc. Method and system for protecting a computer using a remote e-mail scanning device
US6567808B1 (en) * 2000-03-31 2003-05-20 Networks Associates, Inc. System and process for brokering a plurality of security applications using a modular framework in a distributed computing environment
GB2364142A (en) 2000-06-28 2002-01-16 Robert Morris Detection of an email virus by adding a trap address to email address lists
WO2002008870A2 (en) * 2000-07-26 2002-01-31 David Dickenson Distributive access controller
US6886099B1 (en) * 2000-09-12 2005-04-26 Networks Associates Technology, Inc. Computer virus detection

Also Published As

Publication number Publication date
EP1377892B1 (de) 2004-09-29
WO2002084459A1 (en) 2002-10-24
WO2002084459B1 (en) 2002-12-12
DE60201430T2 (de) 2006-03-02
CN1256634C (zh) 2006-05-17
KR20030095396A (ko) 2003-12-18
TW565762B (en) 2003-12-11
ATE278212T1 (de) 2004-10-15
US7089589B2 (en) 2006-08-08
KR100553146B1 (ko) 2006-02-22
JP2004531812A (ja) 2004-10-14
US20020147915A1 (en) 2002-10-10
CN1514964A (zh) 2004-07-21
DE60201430D1 (de) 2004-11-04
EP1377892A1 (de) 2004-01-07
JP3947110B2 (ja) 2007-07-18

Similar Documents

Publication Publication Date Title
DE60201430T8 (de) Erkennung von computerviren in einem netzwerk unter verwendung eines köderservers
EP3771173B1 (de) Reaktives und präventives sicherheitssystem zum schutz von computernetzwerken und -systemen
US7152164B1 (en) Network anti-virus system
US11743289B2 (en) Managing transmissions of virtual machines using a network interface controller
USRE47558E1 (en) System, method, and computer program product for automatically identifying potentially unwanted data as unwanted
KR100942456B1 (ko) 클라우드 컴퓨팅을 이용한 DDoS 공격 탐지 및 차단 방법 및 서버
US8683585B1 (en) Using file reputations to identify malicious file sources in real time
US20020116639A1 (en) Method and apparatus for providing a business service for the detection, notification, and elimination of computer viruses
JP2019512791A (ja) クラウド環境における動的かつ一時的な仮想マシンインスタンスの保護
US20040117640A1 (en) Automatic client responses to worm or hacker attacks
CN107835149A (zh) 基于dns流量分析的网络窃密行为检测方法以及装置
HK1040788A1 (zh) 檢查聯網設備安全脆弱性的方法和裝置
TW200529621A (en) Network traffic management by a virus/worm monitor in a distributed network
US10142360B2 (en) System and method for iteratively updating network attack mitigation countermeasures
DE60312498D1 (de) Wahlfähigster server in einer umgebung mit einer allgemeinen arbeit-warteschlange
JP2008097414A (ja) 情報処理システムおよび情報処理方法
CN112506699A (zh) 一种数据安全备份方法、设备和系统
CN112583841A (zh) 虚拟机安全防护方法及系统、电子设备和存储介质
US8661102B1 (en) System, method and computer program product for detecting patterns among information from a distributed honey pot system
CN110417578B (zh) 一种异常ftp连接告警处理方法
BR112021019899A2 (pt) Gerenciar identidades de usuários em um serviço de multi-inquilinos gerenciado
CN110022301A (zh) 物联网设备防护用防火墙
KR20200005137A (ko) 보안 이벤트를 처리하기 위한 위협 티켓 발행 방법 및 장치
CN113067829B (zh) 一种威胁信息处理方法及装置
CN115277173A (zh) 一种网络安全监测管理系统及方法

Legal Events

Date Code Title Description
8364 No opposition during term of opposition
8327 Change in the person/name/address of the patent owner

Owner name: LENOVO (SINGAPORE) PTE. LTD., SINGAPUR/SINGAPO, SG

8339 Ceased/non-payment of the annual fee