Heuristic detection and termination of fast spreading network worm attacks
US7159149B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Oct 24, 2002 |
| Grant date | Jan 2, 2007 |
| Priority date | — |
| Expiry date | Apr 17, 2024 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/566
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Methods, apparati, and computer program products for detecting and responding to fast-spreading network worm attacks include a network monitoring module (110), which observes (205) failed network connection attempts from multiple sources. A logging module (120) logs (220) the failed connection attempts. An analysis module (150) uses the logged data on the failed connection attempts to determine (225) whether a sources is infected with a worm using a set of threshold criteria. The threshold criteria indicate whether a source's failed connection attempts are non-normal. In one embodiment, a response module (160) responds (240) to the computer worm by, e.g., alerting a user or system administrator, terminating an infected process (20), or terminating the infected source's network access.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.