System and method of detecting time-delayed malicious traffic
US8635696B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Jun 28, 2013 |
| Grant date | Jan 21, 2014 |
| Priority date | — |
| Expiry date | Jun 28, 2033 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1491
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A system for detecting a computer worm comprises a traffic analysis device in communication with a network device. The traffic analysis device can analyze network traffic received over a communication network and duplicate at least select network communications within the network traffic having characteristics associated with one or more computer worms. The network device comprises a controller in communication with one or more virtual machines that are configured to receive the duplicated network communications from the traffic analysis device. The network device may (i) monitor a behavior of a first virtual machine of the one or more virtual machines in response to processing of the duplicated network communications within the first virtual machine, (ii) identify an anomalous behavior as an unexpected occurrence in the monitored behavior, and (iii) determine, based on the identified anomalous behavior, the presence of the one or more computer worms in the duplicated network communications.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.