WO2004075056A1 - ウイルスチェック装置及びシステム - Google Patents
ウイルスチェック装置及びシステム Download PDFInfo
- Publication number
- WO2004075056A1 WO2004075056A1 PCT/JP2004/001978 JP2004001978W WO2004075056A1 WO 2004075056 A1 WO2004075056 A1 WO 2004075056A1 JP 2004001978 W JP2004001978 W JP 2004001978W WO 2004075056 A1 WO2004075056 A1 WO 2004075056A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- virus
- data
- pattern
- communication network
- input
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/567—Computer malware detection or handling, e.g. anti-virus arrangements using dedicated hardware
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/564—Static detection by virus signature recognition
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
Definitions
- the present invention uses a hardware to quickly remove harmful data called “computer viruses” or simply “viruses” from digital data obtained through a communication network or a storage device. It relates to the virus check device and system to be detected. Background art
- Patent Literature '1 Japanese Patent Application Publication No. 200-01-5008564
- the amount of data flowing through a communication path is increasing as the transfer rate of the communication path such as a network is improved, and due to the speeding up of such a communication path, the processing speed of software can no longer follow up.
- software it is expected that a bottleneck will occur if the CPU load of the personal computer increases.
- the present invention uses hardware for virus monitoring to quickly remove harmful data (virus) from digital data obtained via a network or a storage device. It is an object of the present invention to provide a virus check device and a system that can detect the virus check.
- the information processing terminal in an information processing terminal capable of communicating with another information processing apparatus via a communication network, is provided on an input communication path side of a communication network or a storage device, and is provided with a communication network or a storage.
- a virus check device (Claim 1) comprising a hardware circuit (0 15) for checking a virus from input data from a device is provided.
- a server device an information processing terminal communicably connected to the server device via a communication network, and a communication network of the information processing terminal or an input communication of a storage device.
- the server device comprises a virus check device (001, 101) provided on the roadside, a server definition file for storing virus definition information in an updatable manner, and a control generated based on the virus definition information.
- a virus check device for transmitting a data message to the information processing terminal from a communication network or a storage device.
- a hardware circuit (0 15) that performs input and output based on control data from the server device. Virus Chiwe brute system with control unit the (0 2 1) to Wirusupa evening update an emissions that are matched to de Isseki [Claim 8] is provided.
- the hardware circuit of the virus checking apparatus includes a data input section (030) for storing input data, a virus definition section for storing a virus pattern, and an input data collated with a virus pattern. And a logical device having a pattern matching unit (031) that performs the operation.
- a virus check device is configured to be inserted into a medium of an input communication path [claim 2], or provided in addition to an interface of an information processing terminal to a communication network. [Claim 3] A configuration may be adopted. Further, the hardware circuit of the virus check device can be configured to be detachably mounted [Claim 5]. Furthermore, it can be rewritten by a control data transmitted from another information processing device via a communication network. [Claim 6] The configuration can be modified, or a control transmitted from another information processing device via a communication network can be performed. A rewrite control unit (021) for rewriting a logic device based on data can be provided [Claim 7].
- a communication network such as a personal computer (PC) having a communication function, a wide area network such as the Internet, a LAN such as an Ethernet (registered trademark), or the like.
- the data input from the communication network is compared with the virus characteristic data using virus checking hardware.
- Intrusion of viruses into personal computers can be detected in real time.
- hardware can perform faster processing than software, and by performing virus checks on the network or by using hardware added to a network card (NIC, Network Interface Card), It can detect harmful data, that is, viruses, at high speed, and take corresponding measures, such as preventing or removing viruses.
- NIC Network Interface Card
- the hardware circuit is detachable in order to change the virus pattern matched with the input data by hardware.
- a rewritable logic device for the hard-air circuit.
- the virus pattern is updated by sending the virus definition information of the server device or the control device generated based on this information to the virus check device.
- a rewritable logic device such as a programmable logic device (PLD) can be used for the virus definition and verification part.
- the circuit of a PLD can be easily changed, and since such a logic device is a hard disk, it can maintain high-speed operation. Therefore, even if the communication network speeds up and the traffic increases, virus inspection can be performed at high speed without imposing a load on the CPU of the terminal personal computer.
- control data (configuration data) to be written to a rewritable logic device such as a PLD can be distributed from a server device or the like via a communication network.
- a storage area for temporarily storing control such as a small-scale CPU such as PIC and F1ash memory in the virus check device, and to provide a control unit that updates the PLD.
- the configuration data becomes large, it is possible to use the difference or to use the data compression technique.
- the method of distributing the control data (PLD configuration data) by the server device will be described. For example, if the data is completely stored in the device buffer and the communication becomes idle, the CPU in the device (Such as PIC) shut down the network. Set the PLD to rewrite mode, rewrite the data, and restart. Assuming that the control data has been completely stored in the buffer of the virus check device, the CPU (such as PIC) in the device stops the network when communication becomes idle. Put the PLD in the rewrite mode, rewrite the data, and then restart.
- a secure mechanism such as digital signature or encryption.
- the virus check device according to the present invention can be inserted into a network communication path. By using the same communication protocol, all communication paths (network, IDE cable, data bus, etc.) can be introduced.
- all communication paths network, IDE cable, data bus, etc.
- power must be supplied.
- the power supply method Supplied via Ethernet cable It is also possible. It can also be built into a USB-connected network adapter or an IEEE 1394-connected network adapter.
- the virus check device can be built in the computer terminal.
- it can be built into an Ethernet (Ethernet) adapter card (NIC) built into the computer.
- NIC Ethernet adapter card
- a virus definition is configured in a virus check hardware circuit on a terminal device such as a computer.
- the virus definition can be embedded as a constant in a pre-configured circuit.
- the virus definition file can be placed on the server, and then control data (PLD configuration data) can be generated using logic synthesis software for rewritable logic devices (PLD). All of these series of generation processes may be performed on the server, the virus definition may be transmitted to the device as it is, or an intermediate process may be distributed to the terminal device to perform the remaining processing. Can be implemented to be performed on the terminal device.
- the virus definition is compared with the data flowing through the communication path using a logic circuit (logic device).
- the pre-processed (non-content removal) data is compared with the virus definition while passing through the input part (FIFO) of the logic circuit. If they match (match), alarm information is output, and necessary processing such as, for example, deleting a packet or notifying a packet receiving destination can be performed as appropriate.
- FIG. 1 is a diagram showing a configuration example of an entire virus check system according to an embodiment of the present invention.
- FIG. 2 is a diagram showing a configuration example [1] of a virus check device (virus check device) according to an embodiment of the present invention.
- FIG. 3 is a diagram illustrating a configuration example of a virus collator in a virus check device according to an embodiment of the present invention.
- FIG. 4 is a diagram showing an example of a configuration of a bite match detector in a virus check device according to an embodiment of the present invention.
- FIG. 5 is a diagram showing another configuration example [2] of the virus checker in the virus check device according to one embodiment of the present invention.
- FIG. 6 is a diagram showing another configuration example [3] of the virus checker in the virus check device according to one embodiment of the present invention.
- FIG. 7 is a diagram showing a configuration example of a virus checker rewriting device according to an embodiment of the present invention.
- FIG. 8 is a diagram showing a configuration example of a bidirectional virus check device (bidirectional virus check) according to an embodiment of the present invention.
- FIG. 9 is a diagram showing an example of a virus check pattern rewriter incorporated in a virus checker according to an embodiment of the present invention.
- FIG. 10 is a diagram showing another example of the configuration of the virus checker unit rewriting device according to one embodiment of the present invention.
- FIG. 11 is a diagram showing an example of a virus checker rewriting configuration by a PC terminal according to an embodiment of the present invention.
- FIG. 12 is a diagram showing an example of a virus check pattern generation step according to one embodiment of the present invention.
- FIG. 13 is a diagram showing an example of a process of generating a compressed virus checker unit according to an embodiment of the present invention.
- FIG. 14 is a diagram showing a rewriting flow of a virus check pattern according to one embodiment of the present invention.
- FIG. 15 shows a virus according to another embodiment of the present invention, which is different from the example shown in FIG. It is a figure showing the example of a structure of the whole check system.
- FIG. 16 is a diagram showing details of the virus checker shown in FIG. 15, and is a diagram showing an example in which the schematic diagram of the LAN shown in FIG. 2 is applied to a storage device.
- FIG. 17 is a diagram showing details of the controller.
- FIG. 18 is a diagram showing an example of mounting on a USB controller. BEST MODE FOR CARRYING OUT THE INVENTION
- FIG. 1 schematically shows an overall configuration of a virus check system according to an embodiment of the present invention.
- the computer (reference numeral 002 in the figure), which is the main unit, has a virus check hardware device (device of the present invention, reference numeral 001 in the figure) inserted on the input communication path side with the communication network (reference number 005 in the figure)
- This hardware device is referred to herein as a "virus checker.”
- the communication network (reference numeral 006 in the figure) connecting the virus checker 001 and the computer 002 has no effect on the function of the present invention regardless of the same medium or a different medium as the communication network 005, and the Ethernet (Ethernet, A wired network such as a registered trademark) and a wireless network such as a wireless LAN can be applied.
- Computer 002 is a personal computer (PC; personal computer), workstation, Mac int computer, computer, class computer, large computer, PDA (Personal Digital Assistant).
- PC personal computer
- workstation Mac int computer
- computer class computer
- large computer PDA (Personal Digital Assistant).
- PDA Personal Digital Assistant
- any computer connected to a communication network may be used.
- This virus checker can detect or prevent a virus from invading a computer or the like in real time by comparing data input from a communication network with a virus feature data (virus pattern).
- the first virus pattern and matching function device must be composed of a reconfigurable PLD (Progra mm ab le Logi c Device) or an FPGA (Field P rog: r amma b 1 e Gat e A rray).
- the latest virus pattern can be received from a server on the communication network (reference numeral 004 in the figure), and reconstruction can be performed using that.
- the server 004 may be any device such as a personal computer or a workstation connected to the Internet and capable of delivering data to other computers.
- the server 004 can be connected directly to the virus checker 001 or via a network hub (reference numeral 003 in the figure) that has the function of relaying communication data as shown in FIG. However, they may be connected by other relays or devices having a function of connecting LANs (Local Area Network).
- a network hub reference numeral 003 in the figure
- LANs Local Area Network
- FIG. 2 is a diagram schematically showing an example in which the virus checker 001 is connected to a one-way communication network.
- reference numeral 005 denotes a communication network through which data flows (a data input path from outside), and 006 denotes a communication network on the computer ⁇ 02 side.
- 013 is a processing circuit for converting an electrical signal on a communication network into 1-byte (8-bit) wide digital data
- 014 is a wiring for leading a byte-wide network
- 015 is a byte data.
- 016 is a wiring for guiding byte data from which virus data has been removed
- 017 is a processing circuit for converting the byte data into an electrical signal on a communication network.
- the virus collator 015 is implemented using a reconfigurable device. For example, CPLD or FPGA, which is a product of Altera or Xilinx, is used.
- Another output signal 019 of the virus collator 015 is a signal indicating that a virus has been detected, and is input to a virus detection / notification device 020 for notifying a computer or a user of the detection of a virus.
- the virus detection signal 0 19 notifies the virus detection notifier 020 of the detection of the virus and the type of the detected virus.
- the virus detection notifier 020 displays the information of the detected virus with an LED or the like to notify the user, prevents the output of the virus detection net- work output to 006, and the computer 002 Detected virus It is possible to implement various functions required by the computer 102, such as notifying the user of the information.
- reference numeral 0 2 1 denotes a virus pattern rewriter, which records the latest virus pattern supplied via the LAN and updates the virus collator.
- All the network data coming to the convenience store 102 on the communication network 005 is converted to the byte data by the processing circuit 113 and guided to the virus collator 015.
- the virus collator 0 15 performs the pre-processing of the derived network data as it is or pre-processes it, monitors it at high speed by the collation circuit built in, compares it with the pattern, and determines the judgment result. Is output as a virus detection signal 0 19 in an appropriate form according to the application.
- the virus collator 015 is adapted to the latest virus pattern. This can be handled by reconfiguring the circuit. Also, since the circuit of the virus collator 0 15 is hardware, high-speed comparison can be performed without causing a large delay in network data communication, and a load is imposed on the computer 02. Without a call, you can monitor network data in the evening.
- PLD reconfigurable logic device
- FPGA field-programmable gate array
- reference numeral 0300 denotes a FIFO which receives the network data 0 14 and stores the byte data longer than the length of the virus pattern, and the network byte data 0 31 held in the FIFO. Is output in units of bytes to the byte matcher 0 32, and 0 32 performs matching with the virus pattern in units of bytes.
- the byte matcher 0 32 always matches the incoming network byte 0 31 with the virus pattern, and can output the virus signal 0 19 at the moment a match is detected. It is possible.
- the fixed configuration FIFO portion may or may not be included in the reconfigurable device.
- FIG. 4 shows a circuit configuration of the bite match detector 032 for matching with one virus pattern.
- Reference numeral 041 in the figure denotes a byte comparator, which compares the network data with the virus pattern on a byte-by-byte basis.
- the sequence of byte comparators 0 4 1 is ⁇ It is implemented as a constant comparison circuit along the sequence of bytes constituting the pulse pattern and arranged side by side. If all of the output signals, byte match signals 0 4 2, match, the input network Indicates that the data contains a virus.
- the coincidence signal integrator 0400 is a circuit that generates a virus detection signal 019 when all the bito match signals indicate coincidence.
- the virus collator 0 15 shown in Fig. 3 is an implementation example for realizing verification against one virus pattern.By expanding this configuration, it is possible to realize verification against multiple virus patterns simultaneously. Is possible.
- FIG. 5 shows one of the extension methods of FIG. This is a method in which the output of the FIFO is distributed to a plurality of byte match detectors 032, and matching is performed simultaneously for different virus patterns.
- the configuration shown in FIG. 4 can be used for the byte match detector 032, and each of the byte match detectors 032 checks against a different virus pattern.
- the virus detection integrator 033 is used to generate one virus detection signal 019 from the outputs of the plurality of byte match detectors 032. This is a signal that indicates that a virus has been detected and the type of virus detected when an individual virus signal 034 is output from one of the byte detectors 032.
- This is a circuit for generating the virus detection signal 0 19 as shown in FIG.
- the virus collator 0 15 in FIG. 3 can also be extended as shown in FIG. In FIG. 6, the virus collator 0 15 of FIG. 3, that is, the single-stage virus collator 0500 is included as a part. Then, as shown in the figure, a single-stage virus checker 0500 is connected in a cascade, and it is possible to sequentially compare a plurality of virus patterns.
- a multi-stage virus detection integrator 0 52 is used to integrate a plurality of virus detection signals.
- This multi-stage virus detector / integrator also has the same function as the virus detector / integrator in FIG. 5, and a single-stage virus signal 0 51 is output from any one of the plurality of virus collators 0 500.
- This circuit generates a virus detection signal 0 19 which is a signal indicating that a virus has been detected and the type of the detected virus when the detection has been performed.
- FIG. 7 shows an implementation example of the virus pattern rewriter 021.
- the rewrite pattern detector 060 constantly monitors the network data byte 014, and when it detects a data line with a mark indicating the updated data of the virus pattern, it rewrites the data.
- a pattern matcher signal 063 is generated, and the pattern rewriter 062 is started.
- the same hardware configuration as that of the virus collator shown in FIG. 3 can be used to implement the rewriting password detector 060, or another configuration having the same function can be used. .
- the rewrite buffer buffer memory 061 has a function of always holding the latest data of a certain length in the byte stream which flows through the network byte 014.
- the length of the byte held in the rewrite buffer memory 061 is set to a value longer than the maximum value of the rewrite pattern length.
- the pattern rewriter 062 activated by the rewrite pattern match detection signal 063 stops updating the data in the rewrite pattern buffer memory 061 via the rewrite pattern operation signal 064. Stop the operation.
- the pattern rewriter 062 updates the reconfigurable device used in the virus collator 015 by using the updating virus pattern held in the rewriting pattern buffer memory 061.
- For the updating method use an appropriate method for each reconfigurable device used for implementation. After the update is completed, the operation of the rewriting pattern buffer memory 061 is reconsidered, and then the operation of the virus collator 015 is restarted.
- the virus checker in Fig. 2 shows an example in which the communication network exchanges data in one direction, but this implementation uses this implementation for a two-way data communication path that is a form of a normal communication network.
- Figure 8 shows an example of this extension.
- reference numeral 001 is a virus checker as shown in FIG. 2
- communication networks 005 and 006 are bidirectional networks.
- the communication network input to the two-way virus checker 101 is separated into one-way signal flows by the two-way signal separator 102. After passing through the virus checker, the two-way virus checker 102 The signal separator 102 integrates the bidirectional signal.
- the bidirectional signal separator 102 may be implemented using a circuit called a hybrid used for a network input unit of a network interface card (NIC) for Ethernet. it can.
- NIC network interface card
- the pattern rewriting of the virus collator 0 15 will be described with reference to FIG.
- the server 004 connected to the communication network 005 via the network node 003 or the like, or the server 004 existing on the Internet network updates the virus pattern with a specific mark.
- One night is output to the communication network 005 by some method such as being input to the virus checker 101.
- the communication network password is input to the virus collator 0 15 and the virus pattern rewriter 0 2 1 as the network encryption byte 0 14.
- the virus pattern rewriter 0 21 recognizes the network with the mark of virus pattern update data
- the virus pattern update data is extracted as described in the previous section.
- the function of the virus collator is stopped, and the virus collator 0 15 is reconfigured using the pattern rewriting signal 110, and then restarted.
- the virus pattern rewriter 0 21 is built in the virus checker 101, but as shown in FIG. It is also possible to implement it outside of 1.
- the virus pattern can be automatically updated by keeping the external virus pattern rewriting device 120 connected to the virus checker-011 at all times, but when the virus pattern needs to be updated, Only the external virus pattern rewriting device 120 can be connected to the virus checker 101 to perform the rewriting operation by the user.
- a virus pattern rewriting function is provided externally, and the computer is connected to the computer by a different medium from the communication network or by using the communication network.
- the virus checker operates independently of the computer, but when virus pattern update data arrives at the computer, the virus checker operates. 0 0 2 stops virus checker 0 0 1
- the virus pattern can be updated by rewriting and restarting the virus collator 015 via the C virus checker pattern rewriting interface 130.
- the server 004 can send a virus pattern update message to the computer 002 when necessary. It is also possible to check for the existence of updated virus pattern data.
- the reconfigurable device constituting the virus collator 015 is detached from the device, and the data in the computer 002 is written to the reconfigurable device using a commercially available data writing device, whereby the virus pattern is deleted. Renewal is also possible.
- the virus pattern used by the virus checker 001 may be a sequence of data showing the characteristics of the virus itself, or may be in the form of a data for reconstructing the virus collator 015.
- the data for reconstruction, such as PLD, is called configuration data, etc., and can be generated as shown in FIG.
- reference numeral 200 denotes data as it is, which is a sequence of bytes showing the characteristics of the virus. Using this raw data 200, which is a constant byte string, a comparison with a constant is performed.
- One type of virus collator written in HDL (Hardware Scripting Language) that generates hardware. Generate part or all. The output is the virus identification HDL data 202.
- the file identification HDL generation software 201 performs a process of writing a live virus pattern data, which is a constant value to be compared, to a template HDL file describing a circuit framework.
- This virus identification HDL server 202 is a logic synthesis software for FPGA that can generate a configuration server for a reconfigurable device that is actually used to implement the virus collator 015 from an HDL file. It is converted into the final virus pattern 204 using a program called a way
- the data is further compressed using some compression software 205 as shown in Fig.
- the virus pattern 206 may be transmitted to the virus checker.
- the virus reordering unit 101 incorporates the pattern rewriter 221
- the pattern rewriter 221 generates the original virus pattern 204 from the compressed virus pattern 206
- the software on the computer may generate the original virus spain from the compressed virus pattern.
- various data compression methods generally used may be used, and only the difference from the virus pattern of the immediately preceding version is sent, or the difference is further compressed by data compression. It is also possible to use a method such as sending with shrinking.
- FIG. 14 shows the operation steps of this system including the update of the virus pattern.
- State 300 is an initial state. Immediately after the power is turned on, operations such as initialization required as a device are performed, and after completing the operation, the state automatically shifts to the next state 301. In the state 301, the latest virus pattern data stored in the virus checker 0101 is loaded into the reconfigurable device inside the virus checker 015, and the function check is performed if possible. Etc., and proceed to the next state 302.
- State 302 is a normal operation state, in which the monitoring of the data on the communication network and the checking of the virus pattern update data are performed simultaneously. In the following judgment 303, it is checked whether or not the virus pattern update data has arrived.
- the state shifts to state 304, and if not arrived, the state shifts to state 302. If the virus pattern update has arrived, update the virus pattern in state 304, record the arrived update as the latest virus pattern, and, if necessary, initialize the virus pattern. Then, if possible, check the function, etc., and move to state 302. In this system, no special processing is performed at the time of termination, and the processing is terminated by turning off the power.
- the virus checker of the present invention can be incorporated into a NIC (Network Interface Card) built into a computer, a mother board on which the main elements of the computer are mounted, or a device such as a network device such as a router or a switching hub. Such an installation method is also effective. It is also effective to insert the device in the middle of each network installed in the computer.
- a removable storage device is considered in addition to the network. By connecting such a storage device to a virus-infected computer, it is possible for the storage device to have a virus-infected file in its storage.
- the virus check device can be inserted into a communication path with any storage device that can be accessed by the computer by adapting the communication protocol.
- the power supply conditions and the method of assembling are the same as in the case of insertion into a network communication path, and it is also possible to incorporate a virus check device into the storage device itself.
- the control data that is written to a rewritable logic device such as a PLD can be rewritten using the software on the computer in the computer terminal, and the network can be connected to the virus check device itself. Also, rewriting can be performed by connecting a storage device for rewriting.
- FIG. 15 shows that a virus checker 01 is inserted in a connection cable 141 between a computer 02 as a main unit and a storage device 140.
- the connection cable between the virus checker 101 and the computer 102 does not affect the function of the present invention in any medium, and includes USB, IEEE 1394, serial, normal, SCSI, IDE, and Ethernet.
- the present invention is also applicable to wireless networks such as wired networks and wireless LANs.
- this storage device may be directly connected to the virus checker 101 or may be connected to the storage device via a haptic relay in the middle of the connection cable.
- the virus checker detects the intrusion of a virus from a storage device into a computer or the like or a computer from a storage device or the like from a storage device in real time by comparing the data passing over the cable with a virus pattern. Can be blocked.
- FIG. 16 is a diagram showing an example in which the LAN schematic diagram shown in FIG. 2 is applied to a storage device. Although encoders such as 0 17 shown in FIG. 2 have been removed, application using an encoder is also possible in this example. The application as shown in the figure is also possible.
- reference numeral 144 denotes a circuit for separating data flowing through 141. Insertion of a circuit 145 that causes a delay until the virus collation of the buffer etc. is completed after separation, so that the data once decoded by the decoder 144 is encoded and returned to the communication path Can be omitted. If virus checking is fast enough, circuit 145 can be omitted.
- the virus checker of the present invention is also effective in an installation method of inserting into various data transmission paths built in the convenience store. It is also effective to install it on the input / output device of the storage device itself.
- the virus checker of the present invention When the virus checker of the present invention is applied to the external storage body of a personal computer, it is also effective to incorporate the virus checker into a controller that controls data communication, such as USB and IEEE1394. As shown in Fig. 17, the controller is provided with a buffer 11 such as a FIFO that temporarily holds the data, and the data 15 3 is transferred from the buffer 15 1 to the data buffer 15. The pattern is output to the bite detector 15 as a pattern 15 and the virus pattern is collated. If the buffer built in the controller is not large enough to fit the virus pattern, it can be applied by providing a separate buffer. The virus collator is described in Figure 3.
- Fig. 18 shows an example of implementation on a USB controller.
- data is temporarily buffered by FIF ⁇ called end point 161.
- a virus collator can be constructed by installing a bioto-challenge detector 162 at this position.
- the mixer 16 6 may not be used, and the match detection signal 16 5 is stored in the buffer 16 7 to detect the next match to partially match the virus pattern.
- the signal and the mixer 16 are combined to detect the virus with the virus match detector 169, and the virus is detected. Outputs signal 170. Multiple endpoints 16 1 can be used together.
- the match detection signal 165 from the bito match detector 166 of the endpoint 161 in the group is collected through the mixer 166 and sent to the match detection signal buffer 167 and the mixer 168.
- the 166 to 169 are placed outside the USB controller 150, but it is not always necessary to do so, and even if any part of the 166 to 169 is taken into the USB controller, OK, or you can put the back of the byte match detector 16 2 outside the controller.
- Fig. 18 shows an example of mounting a USB-connected storage, but the same applies to storage that uses IEEE 1394 or SCSI as an interface, which is used for similar purposes. Application.
- the virus checker of the present invention can be inserted at a position where data to be collated can be identified.
- virus countermeasures currently implemented in software have functions other than virus detection, such as intrusion prevention and removal, but all of these functions are processes that are executed after detection.
- intrusion prevention and removal functions other than virus detection
- virus countermeasures it is possible to increase the processing speed and efficiency.
- a virus intrusion prevention unit and a virus removal unit to this detection unit, it is possible to construct a function that is completely equivalent to the current virus countermeasures.
- the virus check hardware inserted into the communication network communication path or added to the network card or the like, the data input from the communication network can be transmitted to the virus. Because the feature data is collated with the data, it is possible to detect harmful data, that is, a virus, invading a personal computer, etc. in real time, taking advantage of the hardware's advantage that it can perform faster processing than software. It can detect viruses at high speed and take corresponding measures such as preventing or eliminating intrusions.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2005502786A JPWO2004075056A1 (ja) | 2003-02-21 | 2004-02-20 | ウイルスチェック装置及びシステム |
US10/546,157 US20060242686A1 (en) | 2003-02-21 | 2004-02-20 | Virus check device and system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2003-044081 | 2003-02-21 | ||
JP2003044081 | 2003-02-21 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2004075056A1 true WO2004075056A1 (ja) | 2004-09-02 |
Family
ID=32905445
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2004/001978 WO2004075056A1 (ja) | 2003-02-21 | 2004-02-20 | ウイルスチェック装置及びシステム |
Country Status (3)
Country | Link |
---|---|
US (1) | US20060242686A1 (ja) |
JP (3) | JPWO2004075056A1 (ja) |
WO (1) | WO2004075056A1 (ja) |
Cited By (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2009523331A (ja) * | 2005-12-13 | 2009-06-18 | ヨギー・セキュリティ・システムズ・リミテッド | モバイル・デバイスにネットワーク・セキュリティを提供するためのシステム及び方法 |
JP2010034651A (ja) * | 2008-07-25 | 2010-02-12 | Xanavi Informatics Corp | 情報端末、そのコンピュータウィルス対策プログラム、ナビゲーション装置 |
JP2010086538A (ja) * | 2008-09-30 | 2010-04-15 | Intel Corp | ハードウェアベースのアンチウィルススキャンサービス |
CN102413117A (zh) * | 2010-08-19 | 2012-04-11 | 三星Sds株式会社 | 系统级芯片以及使用系统级芯片的装置和扫描方法 |
US8429749B2 (en) | 2007-03-27 | 2013-04-23 | National Institute Of Advanced Industrial Science And Technology | Packet data comparator as well as virus filter, virus checker and network system using the same |
JP2013532866A (ja) * | 2010-07-26 | 2013-08-19 | キヨン キム | ハッカーウィルスセキュリティー統合管理機 |
WO2013168797A1 (ja) * | 2012-05-10 | 2013-11-14 | トヨタ自動車株式会社 | ソフトウェア配信システム、ソフトウェア配信方法 |
CN104680067A (zh) * | 2015-02-15 | 2015-06-03 | 安一恒通(北京)科技有限公司 | 文件的检测方法及装置 |
EP1714229B1 (de) | 2004-08-02 | 2015-11-18 | Mahltig Management- und Beteiligungs GmbH | Sicherheitsmodul und verfahren zum steuern und kontrollieren eines datenverkehrs eines personalcomputers |
WO2018139230A1 (ja) * | 2017-01-30 | 2018-08-02 | 株式会社日立製作所 | Usb中継装置を用いたウイルス検出システム及びウイルス検出方法 |
JP2019534618A (ja) * | 2016-09-29 | 2019-11-28 | アマゾン テクノロジーズ インコーポレイテッド | 暗号化された構成データを使用する論理リポジトリサービス |
WO2020054818A1 (ja) * | 2018-09-14 | 2020-03-19 | 株式会社 東芝 | 通信制御装置 |
WO2020179152A1 (ja) * | 2019-03-05 | 2020-09-10 | 株式会社日立製作所 | 通信中継装置 |
JP2021069023A (ja) * | 2019-10-24 | 2021-04-30 | 株式会社日立製作所 | 通信機能を有する装置並びに通信システム |
US11074380B2 (en) | 2016-09-29 | 2021-07-27 | Amazon Technologies, Inc. | Logic repository service |
US11099894B2 (en) | 2016-09-28 | 2021-08-24 | Amazon Technologies, Inc. | Intermediate host integrated circuit between virtual machine instance and customer programmable logic |
US11115293B2 (en) | 2016-11-17 | 2021-09-07 | Amazon Technologies, Inc. | Networked programmable logic service provider |
US11119150B2 (en) | 2016-09-28 | 2021-09-14 | Amazon Technologies, Inc. | Extracting debug information from FPGAs in multi-tenant environments |
US11182320B2 (en) | 2016-09-29 | 2021-11-23 | Amazon Technologies, Inc. | Configurable logic platform with multiple reconfigurable regions |
US11275503B2 (en) | 2016-09-30 | 2022-03-15 | Amazon Technologies, Inc. | Controlling access to previously-stored logic in a reconfigurable logic device |
Families Citing this family (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8613091B1 (en) * | 2004-03-08 | 2013-12-17 | Redcannon Security, Inc. | Method and apparatus for creating a secure anywhere system |
GB2421142A (en) * | 2004-12-09 | 2006-06-14 | Agilent Technologies Inc | Detecting malicious traffic in a communications network |
US8869270B2 (en) * | 2008-03-26 | 2014-10-21 | Cupp Computing As | System and method for implementing content and network security inside a chip |
US20080276302A1 (en) | 2005-12-13 | 2008-11-06 | Yoggie Security Systems Ltd. | System and Method for Providing Data and Device Security Between External and Host Devices |
US7966500B2 (en) * | 2006-02-21 | 2011-06-21 | Jeremiah Emmett Martilik | Remote connecting and shielding power supply system |
US7975304B2 (en) * | 2006-04-28 | 2011-07-05 | Trend Micro Incorporated | Portable storage device with stand-alone antivirus capability |
US8631494B2 (en) * | 2006-07-06 | 2014-01-14 | Imation Corp. | Method and device for scanning data for signatures prior to storage in a storage device |
US8136162B2 (en) * | 2006-08-31 | 2012-03-13 | Broadcom Corporation | Intelligent network interface controller |
US9679137B2 (en) * | 2006-09-27 | 2017-06-13 | Hewlett-Packard Development Company, L.P. | Anti-viral scanning in Network Attached Storage |
US8365272B2 (en) | 2007-05-30 | 2013-01-29 | Yoggie Security Systems Ltd. | System and method for providing network and computer firewall protection with dynamic address isolation to a device |
US20080320423A1 (en) * | 2007-06-25 | 2008-12-25 | International Business Machines Corporation | System and method to protect computing systems |
US8341428B2 (en) * | 2007-06-25 | 2012-12-25 | International Business Machines Corporation | System and method to protect computing systems |
US8214895B2 (en) * | 2007-09-26 | 2012-07-03 | Microsoft Corporation | Whitelist and blacklist identification data |
US20090210622A1 (en) * | 2008-02-19 | 2009-08-20 | Stefan Birrer | Compressed cache in a controller partition |
US8631488B2 (en) | 2008-08-04 | 2014-01-14 | Cupp Computing As | Systems and methods for providing security services during power management mode |
WO2010059864A1 (en) | 2008-11-19 | 2010-05-27 | Yoggie Security Systems Ltd. | Systems and methods for providing real time access monitoring of a removable media device |
US8402544B1 (en) * | 2008-12-22 | 2013-03-19 | Trend Micro Incorporated | Incremental scanning of computer files for malicious codes |
US9032517B2 (en) * | 2009-10-31 | 2015-05-12 | Hewlett-Packard Development Company, L.P. | Malicious code detection |
US8427854B2 (en) * | 2010-04-15 | 2013-04-23 | Microsoft Corporation | Utilization of memory refresh cycles for pattern matching |
US8701162B1 (en) * | 2010-11-02 | 2014-04-15 | Lockheed Martin Corporation | Method and system for detecting and countering malware in a computer |
KR101162051B1 (ko) * | 2010-12-21 | 2012-07-03 | 한국인터넷진흥원 | 문자열 비교 기법을 이용한 악성코드 탐지 및 분류 시스템 및 그 방법 |
KR101755646B1 (ko) | 2011-03-24 | 2017-07-10 | 삼성전자주식회사 | 안티-바이러스 유닛을 포함하는 데이터 저장 장치 및 그것의 동작 방법 |
WO2014049758A1 (ja) | 2012-09-26 | 2014-04-03 | 富士通株式会社 | 情報処理装置、情報処理方法、及び情報処理プログラム |
US9973501B2 (en) | 2012-10-09 | 2018-05-15 | Cupp Computing As | Transaction security systems and methods |
US11157976B2 (en) | 2013-07-08 | 2021-10-26 | Cupp Computing As | Systems and methods for providing digital content marketplace security |
US9762614B2 (en) | 2014-02-13 | 2017-09-12 | Cupp Computing As | Systems and methods for providing network security using a secure digital device |
US10764129B2 (en) * | 2017-04-18 | 2020-09-01 | Amazon Technologies, Inc. | Logic repository service supporting adaptable host logic |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH1049365A (ja) * | 1996-08-06 | 1998-02-20 | Nec Niigata Ltd | フロッピーディスクドライブ |
JPH10307776A (ja) * | 1997-05-06 | 1998-11-17 | Nec Niigata Ltd | コンピュータウイルス受信監視装置及びそのシステム |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7506020B2 (en) * | 1996-11-29 | 2009-03-17 | Frampton E Ellis | Global network computers |
JP3597686B2 (ja) * | 1997-12-02 | 2004-12-08 | 富士通株式会社 | ウィルスチェックネットワークシステム及びウィルスチェック装置 |
US6088803A (en) * | 1997-12-30 | 2000-07-11 | Intel Corporation | System for virus-checking network data during download to a client device |
JP3613314B2 (ja) * | 1998-02-12 | 2005-01-26 | 富士ゼロックス株式会社 | 情報処理システム |
US20020165947A1 (en) * | 2000-09-25 | 2002-11-07 | Crossbeam Systems, Inc. | Network application apparatus |
WO2002035313A2 (en) * | 2000-10-23 | 2002-05-02 | Digital Software Corporation | Method and apparatus for providing optical internetworking to wide area networks, metropolitan area networks, and local area networks using modular components |
US7080000B1 (en) * | 2001-03-30 | 2006-07-18 | Mcafee, Inc. | Method and system for bi-directional updating of antivirus database |
US6928549B2 (en) * | 2001-07-09 | 2005-08-09 | International Business Machines Corporation | Dynamic intrusion detection for computer systems |
US6792543B2 (en) * | 2001-08-01 | 2004-09-14 | Networks Associates Technology, Inc. | Virus scanning on thin client devices using programmable assembly language |
US7093002B2 (en) * | 2001-12-06 | 2006-08-15 | Mcafee, Inc. | Handling of malware scanning of files stored within a file storage device of a computer network |
US9392002B2 (en) * | 2002-01-31 | 2016-07-12 | Nokia Technologies Oy | System and method of providing virus protection at a gateway |
JP4567275B2 (ja) * | 2002-02-28 | 2010-10-20 | 株式会社エヌ・ティ・ティ・ドコモ | 移動通信端末、情報処理装置、中継サーバ装置、情報処理システム及び情報処理方法 |
US6715084B2 (en) * | 2002-03-26 | 2004-03-30 | Bellsouth Intellectual Property Corporation | Firewall system and method via feedback from broad-scope monitoring for intrusion detection |
-
2004
- 2004-02-20 JP JP2005502786A patent/JPWO2004075056A1/ja active Pending
- 2004-02-20 WO PCT/JP2004/001978 patent/WO2004075056A1/ja active Application Filing
- 2004-02-20 US US10/546,157 patent/US20060242686A1/en not_active Abandoned
-
2008
- 2008-07-14 JP JP2008183071A patent/JP2008299864A/ja active Pending
- 2008-09-18 JP JP2008238778A patent/JP2009015864A/ja active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH1049365A (ja) * | 1996-08-06 | 1998-02-20 | Nec Niigata Ltd | フロッピーディスクドライブ |
JPH10307776A (ja) * | 1997-05-06 | 1998-11-17 | Nec Niigata Ltd | コンピュータウイルス受信監視装置及びそのシステム |
Cited By (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1714229B1 (de) | 2004-08-02 | 2015-11-18 | Mahltig Management- und Beteiligungs GmbH | Sicherheitsmodul und verfahren zum steuern und kontrollieren eines datenverkehrs eines personalcomputers |
JP2009523331A (ja) * | 2005-12-13 | 2009-06-18 | ヨギー・セキュリティ・システムズ・リミテッド | モバイル・デバイスにネットワーク・セキュリティを提供するためのシステム及び方法 |
US8429749B2 (en) | 2007-03-27 | 2013-04-23 | National Institute Of Advanced Industrial Science And Technology | Packet data comparator as well as virus filter, virus checker and network system using the same |
JP2010034651A (ja) * | 2008-07-25 | 2010-02-12 | Xanavi Informatics Corp | 情報端末、そのコンピュータウィルス対策プログラム、ナビゲーション装置 |
JP2010086538A (ja) * | 2008-09-30 | 2010-04-15 | Intel Corp | ハードウェアベースのアンチウィルススキャンサービス |
JP2012198926A (ja) * | 2008-09-30 | 2012-10-18 | Intel Corp | ハードウェアベースのアンチウィルススキャンサービス |
JP2013532866A (ja) * | 2010-07-26 | 2013-08-19 | キヨン キム | ハッカーウィルスセキュリティー統合管理機 |
CN102413117A (zh) * | 2010-08-19 | 2012-04-11 | 三星Sds株式会社 | 系统级芯片以及使用系统级芯片的装置和扫描方法 |
US9098703B2 (en) | 2010-08-19 | 2015-08-04 | Samsung Sds Co., Ltd. | SOC with security function and device and scanning method using the same |
JP2013235504A (ja) * | 2012-05-10 | 2013-11-21 | Toyota Motor Corp | ソフトウェア配信システム、ソフトウェア配信方法 |
WO2013168797A1 (ja) * | 2012-05-10 | 2013-11-14 | トヨタ自動車株式会社 | ソフトウェア配信システム、ソフトウェア配信方法 |
CN104680067A (zh) * | 2015-02-15 | 2015-06-03 | 安一恒通(北京)科技有限公司 | 文件的检测方法及装置 |
US11119150B2 (en) | 2016-09-28 | 2021-09-14 | Amazon Technologies, Inc. | Extracting debug information from FPGAs in multi-tenant environments |
US11099894B2 (en) | 2016-09-28 | 2021-08-24 | Amazon Technologies, Inc. | Intermediate host integrated circuit between virtual machine instance and customer programmable logic |
JP2019534618A (ja) * | 2016-09-29 | 2019-11-28 | アマゾン テクノロジーズ インコーポレイテッド | 暗号化された構成データを使用する論理リポジトリサービス |
US11074380B2 (en) | 2016-09-29 | 2021-07-27 | Amazon Technologies, Inc. | Logic repository service |
US11182320B2 (en) | 2016-09-29 | 2021-11-23 | Amazon Technologies, Inc. | Configurable logic platform with multiple reconfigurable regions |
US11171933B2 (en) | 2016-09-29 | 2021-11-09 | Amazon Technologies, Inc. | Logic repository service using encrypted configuration data |
US11275503B2 (en) | 2016-09-30 | 2022-03-15 | Amazon Technologies, Inc. | Controlling access to previously-stored logic in a reconfigurable logic device |
US11115293B2 (en) | 2016-11-17 | 2021-09-07 | Amazon Technologies, Inc. | Networked programmable logic service provider |
JP2018124662A (ja) * | 2017-01-30 | 2018-08-09 | 株式会社日立製作所 | Usb中継装置を用いたウイルス検出システム及びウイルス検出方法 |
WO2018139230A1 (ja) * | 2017-01-30 | 2018-08-02 | 株式会社日立製作所 | Usb中継装置を用いたウイルス検出システム及びウイルス検出方法 |
US11372973B2 (en) | 2017-01-30 | 2022-06-28 | Hitachi, Ltd. | Virus detection system and virus detection method using USB relay device |
WO2020054818A1 (ja) * | 2018-09-14 | 2020-03-19 | 株式会社 東芝 | 通信制御装置 |
JPWO2020054818A1 (ja) * | 2018-09-14 | 2021-04-30 | 株式会社東芝 | 通信制御装置 |
JP7068482B2 (ja) | 2018-09-14 | 2022-05-16 | 株式会社東芝 | 通信制御システム |
WO2020179152A1 (ja) * | 2019-03-05 | 2020-09-10 | 株式会社日立製作所 | 通信中継装置 |
JP2021069023A (ja) * | 2019-10-24 | 2021-04-30 | 株式会社日立製作所 | 通信機能を有する装置並びに通信システム |
Also Published As
Publication number | Publication date |
---|---|
JP2008299864A (ja) | 2008-12-11 |
US20060242686A1 (en) | 2006-10-26 |
JPWO2004075056A1 (ja) | 2006-06-01 |
JP2009015864A (ja) | 2009-01-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2004075056A1 (ja) | ウイルスチェック装置及びシステム | |
US7983255B2 (en) | Using Q-in-Q-in-Q to implement ethernet service unit ring | |
US20120311182A1 (en) | System and method for supporting controlled re-routing in an infiniband (ib) network | |
US10127168B2 (en) | Network controller—sideband interface port controller | |
US7555774B2 (en) | Inline intrusion detection using a single physical port | |
US20170111296A1 (en) | Handling dynamic port/lag changes without breaking communication in an extended bridge | |
WO2006006632A1 (ja) | パケット転送方法及びパケット転送装置 | |
US8429749B2 (en) | Packet data comparator as well as virus filter, virus checker and network system using the same | |
CN104283786B (zh) | 用于增加软件定义网络的可缩放性的系统和方法 | |
CN1879361A (zh) | 自适应网桥 | |
CN101438538A (zh) | 通信系统、节点、终端、通信方法及程序 | |
US10797986B2 (en) | Link discovery method and apparatus | |
US10033633B2 (en) | Network controller-sideband interface port controller | |
CN105429797A (zh) | 基于opnet的航空电子系统afdx网络仿真验证系统 | |
US20120182876A1 (en) | Provider network and provider edge apparatus | |
JP2002009866A (ja) | フレーム分配方法およびその機能を有する情報処理装置 | |
JP4120356B2 (ja) | 拡張vlanタグswap方式 | |
WO2007138653A1 (ja) | 通信管理システム、通信管理方法、及び通信制御装置 | |
EP3073685A1 (en) | Network control device, network control method, and program | |
US20050111448A1 (en) | Generating packets | |
WO2015127735A1 (zh) | 环网用户安全的实现方法及装置 | |
CN115001831A (zh) | 基于恶意行为知识库动态部署网络安全服务的方法及系统 | |
CN114006780A (zh) | 报文转发的方法、设备以及系统 | |
CN110096298A (zh) | 一种视频会议系统的设备协同升级方法及装置 | |
Neufeld et al. | The LHCb eventbuilder: Design, implementation and operational experience |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2005502786 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2006242686 Country of ref document: US Ref document number: 10546157 Country of ref document: US |
|
122 | Ep: pct application non-entry in european phase | ||
WWP | Wipo information: published in national office |
Ref document number: 10546157 Country of ref document: US |