Patent · US Active

Method and apparatus for worm detection and containment in the internet core

US7712134B1 · kind B1 · utility

72Cited by

2References

20Claims

0Family size

Assignee

Narus, Inc. · US

Inventors

Antonio Nucci · San Jose, US
Supranamaya Ranjan · Palo Alto, US

Key dates

Filing date	Jan 6, 2006
Grant date	May 4, 2010
Priority date	—
Expiry date	Jul 30, 2028

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/145
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A method and an apparatus is provided that is efficient in detecting network virus and worms while using only the layer-4 information that is easily extracted from core routers and also be scalable when layer-7 information is available. Entropy analysis is used to identify anomalous activity at the flow level. Thereafter, only the contents of suspicious flows are analyzed with fingerprinting extraction. By doing so, the present invention brings together the characteristics of being deployable for real-time high data to rate links and the efficiency and reliability of content fingerprinting techniques.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.