WO2002084459B1 - Detection of computer viruses on a network using a bait server - Google Patents

Detection of computer viruses on a network using a bait server

Info

Publication number
WO2002084459B1
WO2002084459B1 PCT/US2002/011239 US0211239W WO02084459B1 WO 2002084459 B1 WO2002084459 B1 WO 2002084459B1 US 0211239 W US0211239 W US 0211239W WO 02084459 B1 WO02084459 B1 WO 02084459B1
Authority
WO
WIPO (PCT)
Prior art keywords
network
offending
server
bait
virus
Prior art date
Application number
PCT/US2002/011239
Other languages
French (fr)
Other versions
WO2002084459A1 (en
Inventor
Thomas Chefalas
Steven Mastrianni
Ajay Mohindra
Original Assignee
Ibm
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ibm filed Critical Ibm
Priority to AT02717796T priority Critical patent/ATE278212T1/en
Priority to EP02717796A priority patent/EP1377892B1/en
Priority to DE60201430T priority patent/DE60201430T8/en
Priority to JP2002582335A priority patent/JP3947110B2/en
Priority to KR1020037013206A priority patent/KR100553146B1/en
Publication of WO2002084459A1 publication Critical patent/WO2002084459A1/en
Publication of WO2002084459B1 publication Critical patent/WO2002084459B1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment

Abstract

A method, computer program product, and network data processing system (100) for identifying, locating, and deleting viruses is provided. In one embodiment, the network data processing system (100) includes a local server (104), several client data processing systems (108-112), and a bait server (150). The address of the bait server (150) is not published to the clients (108-112). Thus, any attempt to access the bait server (150) would indicate the presence of a virus on the client attempting access. The bait server (150) monitors itself (408) and, responsive to an attempt from a client to access the bait server (150), broadcasts an indication that a virus attack is underway to all devices within the network. The bait server (150) then ignores all further access requests by the offending client until it receives an indication that the offending client has been disinfected and directs the local server (104) to disconnects the offending client(s) from the network (412). The bait server (150) also notifies the local server and/or a network administrator of the problem and the identity of the offending client allowing appropriate action to be initiated to disinfect the offending client (410).

Claims

AMENDED CLAIMS[received by the International Bureau on 23 October 2002 (23.10.02); original claims 1, 10, 13, 16, 20, 23, 26, 30, 33 and 36 amended; remaining claims unchanged (7 pages)]
1. A network data processing system for identifying, locating, and deleting viruses, comprising: a local server; a plurality of client data processing systems; and a bait server having an unpublished network address, wherein the bait server monitors itself and, responsive to an attempt from an offending system within the network data processing system to access the bait server, the bait server broadcasts an indication that a virus attack is underway to all devices within the network data processing system, ignores all further access requests by the offending system until receiving an indication that the offending system has been disinfected, and directs the local server to disconnect the offending system from the network data processing system.
2. The network data processing system as recited in claim 1, wherein the address of the bait server is not published to the plurality of client data processing systems.
3. The network data processing system as recited in claim 1 , wherein the offending system includes more than one data processing system.
4. The network data processing system as recited in claim 1, wherein the offending system includes the local server.
5. The network data processing system as recited in claim 1 , wherein the offending system includes a client data processing system.
6. The network data processing system as recited in claim 1, wherein the attempt from the offending system to access the bait server comprises an attempt to write to the bait server.
7. The network data processing system as recited in claim 1 , wherein the virus is a worm.
8. The network data processing system as recited in claim t, wherein the virus is a Trojan horse.
9. The network data processing system as recited in claim 1 , wherein the network data processing system is configured to, once the offending system has been disinfected of the client, allow the offending system to reconnect to the network data processing system.
10. A method for detecting the presence of a computer virus, the method comprising; receiving, at a bait server, a request to perform a function on the bait server, wherein the bait server has an unpublished network address and user access to the bait server is prohibited; identifying an offending system from which the request originated; alerting a local server that a virus attack is in progress and of the identity of the offending system; and directing the local server to disconnect the offending system from the network.
11. The method as recited in claim 10, further comprising: prior to disconnecting the offending system, notifying the offending system that it is infected with a virus.
12. The method as recited in claim 10, further comprising: receiving a reconnect request from the offending system; verifying that the offending system is disinfected and available to reconnect to the network; and reconnecting the offending system to the network.
13. A method in a bait server for detecting the presence of a computer virus, the method comprising: monitoring files within the bait server, wherein the bait server has an unpublished address and client access to the bait server is unauthorized; and responsive to a change in one or more of the files within the bait server, notifying a local server that a virus attack is underway.
14. The method as recited in claim 13, wherein the change in one or more of the files includes a change in byte size of the one or more of the files. 21
15. The method as recited in claim 13, wherem the change in one or more of the files includes one of a missing and a deleted file.
16. A method in a bait server for detecting the presence of a computer virus, the method comprising: monitoring, from the bait server, a network for the presence of a computer virus, wherein the bait server has an unpublished network address and access to the bait server by network users is prohibited; responsive to a determination that a virus is detected, determining the identity of an offending system within the network from which the virus entered the network; and directing the local server to disconnect the offending system from the network.
17. The method as recited in claim 16, further comprising: instructing all devices within the network to ignore all requests from the offending system until the offending system has been disinfected and is available for network communication.
18. The method as recited in claim 16, further comprising: notifying a local server of the presence of the virus and the identify of the offending system.
19. The method as recited in claim 16, further comprising: responsive to an indication that the offending system has been disinfected and responsive to a reconnect request from the offending system, reconnecting the offending system to the network.
20. A computer program product in a computer readable media for use in a data processing system for detecting the presence of a computer virus, the computer program product comprising; first instructions for receiving, at a bait server, a request to perform a function on the bait server, wherein the bait server has an unpublished network address and user access to the bait server is prohibited; second instructions for identifying an offending system from which the request originated; 22
third instructions for alerting a local server that a virus attack is in progress and the identity of the offending system; and fourth instructions for disconnecting the offending system from a network.
21. The computer program product as recited in claim 20, further comprising: fifth instructions for, prior to disconnecting the offending system, notifying the offending system that it is infected with a virus.
22. The computer program product as recited in claim 20, further comprising: fifth instructions for receiving a reconnect request from the offending system; sixth instructions for verifying that the offending system is disinfected and available to reconnect to the network; and seventh instructions for reconnecting the offending system to the network.
23. A computer program product in a computer readable media for use in a data processing system in a bait server for detecting the presence of a computer virus, the computer program product comprising: first instructions for monitoring files within the bait server, wherein the bait server has an unpublished network address and user access to the bait server is prohibited; and second instructions for responsive to a change in one or more of the files within the bait server, notifying a local server that a virus attack is underway.
24. The computer program product as recited in claim 23, wherein the change in one or more of the files includes a change in byte size of the one or more of the files.
25. The computer program product as recited in claim 23, wherein the change in one or more of the files includes a missing file.
26. A computer program product in a computer readable media for use in a data processing system in a bait server for detecting the presence of a computer virus, the computer program product comprising: first instructions, in a bait server, for monitoring a network for the presence of a computer virus, wherein the bait server has an unpublished network address and user access to the bait 23
server is unauthorized; second instructions, responsive to a determination that a virus is detected, for determining the identity of an offending system within the network from which the virus entered the network; and third instructions for disconnecting the offending system from the network.
27. The computer program product as recited in claim 26, further comprising: fourth instructions for instructing all devices within the network to ignore all requests from the offending system until the offending system is reauthorized for network communication.
28. The computer program product as recited in claim 26, further comprising: fourth instructions for notifying a local server of the presence of the virus and the identify of the offending system.
29. The computer program product as recited in claim 26, further comprising: fourth instructions, responsive to an indication that the offending system has been disinfected and responsive to a reconnect request from the offending system to the local server, for reconnecting the offending system to the network.
30. A system for detecting the presence of a computer virus, the system comprising; a receiver, at a bait server, which receives a request to perform a function on the bait serve, wherein the bait server has an unpublished network address and user access to the bait server is unauthorized; an identifying unit which identifies an offending system from which the request originated; an virus alert unit which alerts a local server that a virus attack is in progress and the identity of the offending system; and disconnection unit which disconnects the offending system from a network.
31. The system as recited in claim 30, further comprising: a notification unit which, prior to disconnecting the offending system, notifies the offending system that it is infected with a virus. 24
32. The system as recited in claim 30, further comprising: a reconnect request unit which receives a reconnect request from the offending system; a verification unit which verifies that the offending system is authorized to reconnect to the network; and a reconnecting unit which reconnects the offending system to the network.
33. A system in a bait server for detecting the presence of a computer virus, the system comprising; a monitoring unit which monitors files within the bait server, wherein the bait server has an unpublished network address and wherein user access to the bait server is unauthorized; and a notification unit which, responsive to a change in one or more of the files within the bait server, notifies a local server that a virus attack is underway.
34. The system as recited in claim 33, wherein the change in one or more of the files includes a change in byte size of the one or more of the files.
35. The system as recited in claim 33, wherein the change in one or more of the files includes a missing file.
36. A system in a bait server for detecting the presence of a computer virus, the system comprising: a monitoring unit, in a bait server, which monitors a network for the presence of a computer vims, wherein the bait server has an unpublished network address and user access to the bait server is unauthorized; an identifier which, responsive to a determination that a virus is detected, determines the identity of an offending system within the network from which the virus entered the network; and a disconnection unit which disconnects the offending system from the network.
37. The system as recited in claim 36, further comprising: a network protection unit which instructs all devices within the network to ignore all requests from the offending system until the offending system is reauthorized for network corrm unication. 25
38. The system as recited in claim 36, further comprising: a notification unit which notifies a local server of the presence of the virus and the identify of the offending system.
39. The system as recited in claim 36, further comprising: a reconnection unit which, responsive to an indication that the offending system has been disinfected and responsive to a reconnect request from the offending system, reconnects the offending system to the network.
PCT/US2002/011239 2001-04-10 2002-04-09 Detection of computer viruses on a network using a bait server WO2002084459A1 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
AT02717796T ATE278212T1 (en) 2001-04-10 2002-04-09 DETECTING COMPUTER VIRUSES IN A NETWORK USING A BAIT SERVER
EP02717796A EP1377892B1 (en) 2001-04-10 2002-04-09 Detection of computer viruses on a network using a bait server
DE60201430T DE60201430T8 (en) 2001-04-10 2002-04-09 DETECTION OF COMPUTER VIRUSES ON A NETWORK USING A FOUNTAIN SERVICE
JP2002582335A JP3947110B2 (en) 2001-04-10 2002-04-09 Method and apparatus for detecting, notifying and removing specific computer viruses on a network using a promiscuous system as a decoy
KR1020037013206A KR100553146B1 (en) 2001-04-10 2002-04-09 Detection of computer viruses on a network using a bait server

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US09/829,761 2001-04-10
US09/829,761 US7089589B2 (en) 2001-04-10 2001-04-10 Method and apparatus for the detection, notification, and elimination of certain computer viruses on a network using a promiscuous system as bait

Publications (2)

Publication Number Publication Date
WO2002084459A1 WO2002084459A1 (en) 2002-10-24
WO2002084459B1 true WO2002084459B1 (en) 2002-12-12

Family

ID=25255481

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2002/011239 WO2002084459A1 (en) 2001-04-10 2002-04-09 Detection of computer viruses on a network using a bait server

Country Status (9)

Country Link
US (1) US7089589B2 (en)
EP (1) EP1377892B1 (en)
JP (1) JP3947110B2 (en)
KR (1) KR100553146B1 (en)
CN (1) CN1256634C (en)
AT (1) ATE278212T1 (en)
DE (1) DE60201430T8 (en)
TW (1) TW565762B (en)
WO (1) WO2002084459A1 (en)

Families Citing this family (102)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040073617A1 (en) 2000-06-19 2004-04-15 Milliken Walter Clark Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail
CN1147795C (en) * 2001-04-29 2004-04-28 北京瑞星科技股份有限公司 Method, system and medium for detecting and clearing known and anknown computer virus
US7107618B1 (en) * 2001-09-25 2006-09-12 Mcafee, Inc. System and method for certifying that data received over a computer network has been checked for viruses
US7243148B2 (en) * 2002-01-15 2007-07-10 Mcafee, Inc. System and method for network vulnerability detection and reporting
US7543056B2 (en) 2002-01-15 2009-06-02 Mcafee, Inc. System and method for network vulnerability detection and reporting
US7257630B2 (en) 2002-01-15 2007-08-14 Mcafee, Inc. System and method for network vulnerability detection and reporting
US20030154394A1 (en) * 2002-02-13 2003-08-14 Levin Lawrence R. Computer virus control
JP4088082B2 (en) * 2002-02-15 2008-05-21 株式会社東芝 Apparatus and program for preventing infection by unknown computer virus
FI113499B (en) * 2002-09-12 2004-04-30 Jarmo Talvitie A protection system, method and device for using computer viruses and isolating information
US7278019B2 (en) * 2002-11-04 2007-10-02 Hewlett-Packard Development Company, L.P. Method of hindering the propagation of a computer virus
US7418730B2 (en) * 2002-12-17 2008-08-26 International Business Machines Corporation Automatic client responses to worm or hacker attacks
US8561175B2 (en) 2003-02-14 2013-10-15 Preventsys, Inc. System and method for automated policy audit and remediation management
US7627891B2 (en) 2003-02-14 2009-12-01 Preventsys, Inc. Network audit and policy assurance system
US7386719B2 (en) * 2003-07-29 2008-06-10 International Business Machines Corporation System and method for eliminating viruses at a web page server
US20050028010A1 (en) * 2003-07-29 2005-02-03 International Business Machines Corporation System and method for addressing denial of service virus attacks
US7552473B2 (en) * 2003-08-12 2009-06-23 Symantec Corporation Detecting and blocking drive sharing worms
US20050086526A1 (en) * 2003-10-17 2005-04-21 Panda Software S.L. (Sociedad Unipersonal) Computer implemented method providing software virus infection information in real time
EP1528452A1 (en) * 2003-10-27 2005-05-04 Alcatel Recursive virus detection, protection and disinfecting of nodes in a data network
US7636716B1 (en) 2003-12-03 2009-12-22 Trend Micro Incorporated Method and architecture for blocking email spams
CN100395985C (en) * 2003-12-09 2008-06-18 趋势株式会社 Method of forced setup of anti-virus software, its network system and storage medium
US7647631B2 (en) * 2003-12-10 2010-01-12 Hewlett-Packard Development Company Automated user interaction in application assessment
US20050201297A1 (en) * 2003-12-12 2005-09-15 Cyrus Peikari Diagnosis of embedded, wireless mesh networks with real-time, flexible, location-specific signaling
US7370361B2 (en) 2004-02-06 2008-05-06 Trend Micro Incorporated System and method for securing computers against computer virus
US7716726B2 (en) * 2004-02-13 2010-05-11 Microsoft Corporation System and method for protecting a computing device from computer exploits delivered over a networked environment in a secured communication
US20050216957A1 (en) * 2004-03-25 2005-09-29 Banzhof Carl E Method and apparatus for protecting a remediated computer network from entry of a vulnerable computer system thereinto
US8458797B1 (en) 2004-03-25 2013-06-04 Trend Micro Incorporated System and method for securing computers against computer viruses
US8201257B1 (en) 2004-03-31 2012-06-12 Mcafee, Inc. System and method of managing network security risks
US7519954B1 (en) 2004-04-08 2009-04-14 Mcafee, Inc. System and method of operating system identification
US7472288B1 (en) 2004-05-14 2008-12-30 Trend Micro Incorporated Protection of processes running in a computer system
US7624445B2 (en) * 2004-06-15 2009-11-24 International Business Machines Corporation System for dynamic network reconfiguration and quarantine in response to threat conditions
JP4050253B2 (en) * 2004-06-22 2008-02-20 株式会社ラック Computer virus information collection apparatus, computer virus information collection method, and program
US7448085B1 (en) 2004-07-07 2008-11-04 Trend Micro Incorporated Method and apparatus for detecting malicious content in protected archives
US20060015939A1 (en) * 2004-07-14 2006-01-19 International Business Machines Corporation Method and system to protect a file system from viral infections
KR100611679B1 (en) 2004-07-30 2006-08-10 주식회사 뉴테크웨이브 A system for early prevention of computer virus and a method therefor
US8495144B1 (en) 2004-10-06 2013-07-23 Trend Micro Incorporated Techniques for identifying spam e-mail
US20060075493A1 (en) * 2004-10-06 2006-04-06 Karp Alan H Sending a message to an alert computer
US7716527B2 (en) * 2004-11-08 2010-05-11 International Business Machines Corporation Repair system
US7765596B2 (en) 2005-02-09 2010-07-27 Intrinsic Security, Inc. Intrusion handling system and method for a packet network with dynamic network address utilization
KR100599084B1 (en) * 2005-02-24 2006-07-12 삼성전자주식회사 Method for protecting virus on mobile communication network
US7690038B1 (en) 2005-04-26 2010-03-30 Trend Micro Incorporated Network security system with automatic vulnerability tracking and clean-up mechanisms
US7636943B2 (en) * 2005-06-13 2009-12-22 Aladdin Knowledge Systems Ltd. Method and system for detecting blocking and removing spyware
US7571483B1 (en) * 2005-08-25 2009-08-04 Lockheed Martin Corporation System and method for reducing the vulnerability of a computer network to virus threats
US8082586B2 (en) * 2005-11-22 2011-12-20 International Business Machines Corporation Snoop echo response extractor
US7756535B1 (en) 2006-07-07 2010-07-13 Trend Micro Incorporated Lightweight content filtering system for mobile phones
US7971257B2 (en) * 2006-08-03 2011-06-28 Symantec Corporation Obtaining network origins of potential software threats
US7788576B1 (en) 2006-10-04 2010-08-31 Trend Micro Incorporated Grouping of documents that contain markup language code
US7797746B2 (en) 2006-12-12 2010-09-14 Fortinet, Inc. Detection of undesired computer files in archives
US8756683B2 (en) * 2006-12-13 2014-06-17 Microsoft Corporation Distributed malicious software protection in file sharing environments
US8898276B1 (en) * 2007-01-11 2014-11-25 Crimson Corporation Systems and methods for monitoring network ports to redirect computing devices to a protected network
CN101622849B (en) * 2007-02-02 2014-06-11 网圣公司 System and method for adding context to prevent data leakage over a computer network
US7861305B2 (en) * 2007-02-07 2010-12-28 International Business Machines Corporation Method and system for hardware based program flow monitor for embedded software
US8023974B1 (en) 2007-02-15 2011-09-20 Trend Micro Incorporated Lightweight SVM-based content filtering system for mobile phones
CN101022459B (en) * 2007-03-05 2010-05-26 华为技术有限公司 System and method for preventing virus invading network
US8099785B1 (en) 2007-05-03 2012-01-17 Kaspersky Lab, Zao Method and system for treatment of cure-resistant computer malware
US8256003B2 (en) * 2007-05-10 2012-08-28 Microsoft Corporation Real-time network malware protection
US8181245B2 (en) * 2007-06-19 2012-05-15 Microsoft Corporation Proxy-based malware scan
US7949771B1 (en) 2007-09-05 2011-05-24 Trend Micro Incorporated Authentication of unknown parties in secure computer communications
US20090144822A1 (en) * 2007-11-30 2009-06-04 Barracuda Inc. Withholding last packet of undesirable file transfer
US8181249B2 (en) 2008-02-29 2012-05-15 Alcatel Lucent Malware detection system and method
US9130986B2 (en) * 2008-03-19 2015-09-08 Websense, Inc. Method and system for protection against information stealing software
US9015842B2 (en) 2008-03-19 2015-04-21 Websense, Inc. Method and system for protection against information stealing software
US8407784B2 (en) 2008-03-19 2013-03-26 Websense, Inc. Method and system for protection against information stealing software
US8819823B1 (en) * 2008-06-02 2014-08-26 Symantec Corporation Method and apparatus for notifying a recipient of a threat within previously communicated data
US9130972B2 (en) 2009-05-26 2015-09-08 Websense, Inc. Systems and methods for efficient detection of fingerprinted data and information
US8949988B2 (en) * 2010-02-26 2015-02-03 Juniper Networks, Inc. Methods for proactively securing a web application and apparatuses thereof
US8595840B1 (en) 2010-06-01 2013-11-26 Trend Micro Incorporated Detection of computer network data streams from a malware and its variants
US8352522B1 (en) 2010-09-01 2013-01-08 Trend Micro Incorporated Detection of file modifications performed by malicious codes
US8838992B1 (en) 2011-04-28 2014-09-16 Trend Micro Incorporated Identification of normal scripts in computer systems
CN102761535A (en) * 2011-04-29 2012-10-31 北京瑞星信息技术有限公司 Virus monitoring method and equipment
US8516592B1 (en) 2011-06-13 2013-08-20 Trend Micro Incorporated Wireless hotspot with lightweight anti-malware
US9811664B1 (en) 2011-08-15 2017-11-07 Trend Micro Incorporated Methods and systems for detecting unwanted web contents
US8700913B1 (en) 2011-09-23 2014-04-15 Trend Micro Incorporated Detection of fake antivirus in computers
US8776235B2 (en) * 2012-01-10 2014-07-08 International Business Machines Corporation Storage device with internalized anti-virus protection
US9043914B2 (en) 2012-08-22 2015-05-26 International Business Machines Corporation File scanning
CN103294950B (en) * 2012-11-29 2016-07-06 北京安天电子设备有限公司 A kind of high-power secret information stealing malicious code detecting method based on backward tracing and system
US9241259B2 (en) 2012-11-30 2016-01-19 Websense, Inc. Method and apparatus for managing the transfer of sensitive information to mobile devices
US9152808B1 (en) * 2013-03-25 2015-10-06 Amazon Technologies, Inc. Adapting decoy data present in a network
US9444912B1 (en) 2013-05-21 2016-09-13 Trend Micro Incorporated Virtual mobile infrastructure for mobile devices
US9225799B1 (en) 2013-05-21 2015-12-29 Trend Micro Incorporated Client-side rendering for virtual mobile infrastructure
US9300720B1 (en) 2013-05-21 2016-03-29 Trend Micro Incorporated Systems and methods for providing user inputs to remote mobile operating systems
US9049169B1 (en) 2013-05-30 2015-06-02 Trend Micro Incorporated Mobile email protection for private computer networks
US9058488B2 (en) * 2013-08-14 2015-06-16 Bank Of America Corporation Malware detection and computer monitoring methods
US9507617B1 (en) 2013-12-02 2016-11-29 Trend Micro Incorporated Inter-virtual machine communication using pseudo devices
CN103763324A (en) * 2014-01-23 2014-04-30 珠海市君天电子科技有限公司 Method for monitoring virus procedure spreading equipment and server
CN104091123B (en) * 2014-06-27 2017-04-12 华中科技大学 Community network level virus immunization method
JP2016015676A (en) 2014-07-03 2016-01-28 富士通株式会社 Monitoring device, monitoring system, and monitoring method
CN104484605A (en) * 2014-12-10 2015-04-01 央视国际网络无锡有限公司 Method of detecting viral sources in cloud storage environment
JP2016181191A (en) * 2015-03-25 2016-10-13 富士通株式会社 Management program, management unit and management method
US9553885B2 (en) 2015-06-08 2017-01-24 Illusive Networks Ltd. System and method for creation, deployment and management of augmented attacker map
US10382484B2 (en) 2015-06-08 2019-08-13 Illusive Networks Ltd. Detecting attackers who target containerized clusters
KR101726160B1 (en) 2016-03-11 2017-04-12 고려엠지주식회사 Impeller for non-motorized auto-cleaning filter device
CN106709344B (en) * 2016-08-09 2019-12-13 腾讯科技(深圳)有限公司 Virus checking and killing notification method and server
US10169581B2 (en) 2016-08-29 2019-01-01 Trend Micro Incorporated Detecting malicious code in sections of computer files
KR102000369B1 (en) * 2017-12-28 2019-07-15 숭실대학교산학협력단 Method for ransomware detection, computer readable medium for performing the method and ransomware detection system
US10333976B1 (en) 2018-07-23 2019-06-25 Illusive Networks Ltd. Open source intelligence deceptions
US10404747B1 (en) 2018-07-24 2019-09-03 Illusive Networks Ltd. Detecting malicious activity by using endemic network hosts as decoys
US10382483B1 (en) 2018-08-02 2019-08-13 Illusive Networks Ltd. User-customized deceptions and their deployment in networks
US10333977B1 (en) 2018-08-23 2019-06-25 Illusive Networks Ltd. Deceiving an attacker who is harvesting credentials
US10432665B1 (en) 2018-09-03 2019-10-01 Illusive Networks Ltd. Creating, managing and deploying deceptions on mobile devices
US11196759B2 (en) * 2019-06-26 2021-12-07 Microsoft Technology Licensing, Llc SIEM system and methods for exfiltrating event data
CN112506699A (en) * 2020-11-25 2021-03-16 江苏恒信和安电子科技有限公司 Data security backup method, equipment and system
US11777989B1 (en) * 2023-05-01 2023-10-03 Raymond James Financial, Inc. Automated deployment of decoy production networks

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5440723A (en) * 1993-01-19 1995-08-08 International Business Machines Corporation Automatic immune system for computers and computer networks
US5414833A (en) 1993-10-27 1995-05-09 International Business Machines Corporation Network security system and method using a parallel finite state machine adaptive active monitor and responder
US6658465B1 (en) * 1997-08-25 2003-12-02 Intel Corporation Method and apparatus for monitoring and controlling programs in a network
US5991881A (en) * 1996-11-08 1999-11-23 Harris Corporation Network surveillance system
US5960170A (en) 1997-03-18 1999-09-28 Trend Micro, Inc. Event triggered iterative virus detection
DE19734585C2 (en) 1997-08-09 2002-11-07 Brunsch Hans Method and device for monitoring information flows in computer systems
US5987610A (en) 1998-02-12 1999-11-16 Ameritech Corporation Computer virus screening methods and systems
US6647400B1 (en) * 1999-08-30 2003-11-11 Symantec Corporation System and method for analyzing filesystems to detect intrusions
US6701440B1 (en) * 2000-01-06 2004-03-02 Networks Associates Technology, Inc. Method and system for protecting a computer using a remote e-mail scanning device
US6567808B1 (en) * 2000-03-31 2003-05-20 Networks Associates, Inc. System and process for brokering a plurality of security applications using a modular framework in a distributed computing environment
GB2364142A (en) 2000-06-28 2002-01-16 Robert Morris Detection of an email virus by adding a trap address to email address lists
US7725558B2 (en) 2000-07-26 2010-05-25 David Dickenson Distributive access controller
US6886099B1 (en) 2000-09-12 2005-04-26 Networks Associates Technology, Inc. Computer virus detection

Also Published As

Publication number Publication date
US7089589B2 (en) 2006-08-08
JP2004531812A (en) 2004-10-14
JP3947110B2 (en) 2007-07-18
DE60201430T2 (en) 2006-03-02
KR20030095396A (en) 2003-12-18
CN1256634C (en) 2006-05-17
TW565762B (en) 2003-12-11
CN1514964A (en) 2004-07-21
ATE278212T1 (en) 2004-10-15
DE60201430D1 (en) 2004-11-04
WO2002084459A1 (en) 2002-10-24
DE60201430T8 (en) 2006-06-08
EP1377892B1 (en) 2004-09-29
US20020147915A1 (en) 2002-10-10
EP1377892A1 (en) 2004-01-07
KR100553146B1 (en) 2006-02-22

Similar Documents

Publication Publication Date Title
WO2002084459B1 (en) Detection of computer viruses on a network using a bait server
TWI362206B (en) Network traffic management by a virus/worm monitor in a distributed network
JP6147309B2 (en) Computer program, system, method and apparatus
JP4196989B2 (en) Method and system for preventing virus infection
US8256003B2 (en) Real-time network malware protection
US7797436B2 (en) Network intrusion prevention by disabling a network interface
EP2850803B1 (en) Integrity monitoring to detect changes at network device for use in secure network access
US20110078792A1 (en) System and method for providing network security
US20020194489A1 (en) System and method of virus containment in computer networks
US20140259168A1 (en) Malware identification using a hybrid host and network based approach
US20060230456A1 (en) Methods and apparatus to maintain telecommunication system integrity
US7908658B1 (en) System using IM screener in a client computer to monitor bad reputation web sites in outgoing messages to prevent propagation of IM attacks
WO2010003317A1 (en) Device, method and system for preventing web page from being tampered
CA2480455A1 (en) System and method for detecting an infective element in a network environment
JP6904709B2 (en) Technology for detecting malicious electronic messages
JP2008054204A (en) Connection device, terminal device, and data confirmation program
CN113918945A (en) Big data computer network safety protection system
US20080172742A1 (en) Information processing system
JP2004355498A (en) Data protection device, method and program
JP2016157311A (en) Network monitoring apparatus, network monitoring method, and network monitoring program
CN110022301A (en) Firewall is used in internet of things equipment protection
KR20200071793A (en) Block Chain Solution Providing System to Ensure Data Integrity of Private Data-set, and Process Method thereof
KR100587612B1 (en) Method for eliminating overlapped event in invasion detection system
JP6948007B2 (en) Security monitoring system, security monitoring device, verification device, security monitoring program and verification program
JP2006100996A (en) Network integrated supervisory apparatus, network integrated supervisory method, and network integrated supervisory system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

AK Designated states

Kind code of ref document: B1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: B1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 02807940X

Country of ref document: CN

Ref document number: 2002582335

Country of ref document: JP

Ref document number: 1020037013206

Country of ref document: KR

WWE Wipo information: entry into national phase

Ref document number: 2002717796

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2002717796

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWG Wipo information: grant in national office

Ref document number: 2002717796

Country of ref document: EP