WO2008079103A3 - System and method for detection and mitigation of network worms - Google Patents

System and method for detection and mitigation of network worms Download PDF

Info

Publication number
WO2008079103A3
WO2008079103A3 PCT/US2006/019634 US2006019634W WO2008079103A3 WO 2008079103 A3 WO2008079103 A3 WO 2008079103A3 US 2006019634 W US2006019634 W US 2006019634W WO 2008079103 A3 WO2008079103 A3 WO 2008079103A3
Authority
WO
Grant status
Application
Patent type
Prior art keywords
correlation engine
abstract
knowledge database
network
anomalous events
Prior art date
Application number
PCT/US2006/019634
Other languages
French (fr)
Other versions
WO2008079103A2 (en )
Inventor
Karthikeyan K Sadhasivam
Ravi K Varanasi
Shuguang Zhang
Original Assignee
Cisco Tech Inc
Karthikeyan K Sadhasivam
Ravi K Varanasi
Shuguang Zhang
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures

Abstract

An intrusion detection system for a computer network includes a knowledge database that contains a baseline of normal host behavior, and a correlation engine that monitors network activity with reference to the knowledge database. The correlation engine accumulating information about anomalous events occurring on the network and then periodically correlating the anomalous events. The correlation engine generates a worm outbreak alarm when a certain number of hosts exhibit a role-reversal behavior. It is emphasized that this abstract is provided to comply with the rules requiring an abstract that will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. 37 CFR 1.72(b).
PCT/US2006/019634 2006-05-18 2006-05-18 System and method for detection and mitigation of network worms WO2008079103A3 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/US2006/019634 WO2008079103A3 (en) 2006-05-18 2006-05-18 System and method for detection and mitigation of network worms

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2006/019634 WO2008079103A3 (en) 2006-05-18 2006-05-18 System and method for detection and mitigation of network worms

Publications (2)

Publication Number Publication Date
WO2008079103A2 true WO2008079103A2 (en) 2008-07-03
WO2008079103A3 true true WO2008079103A3 (en) 2009-04-16

Family

ID=39563061

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2006/019634 WO2008079103A3 (en) 2006-05-18 2006-05-18 System and method for detection and mitigation of network worms

Country Status (1)

Country Link
WO (1) WO2008079103A3 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020017958A1 (en) * 2000-06-06 2002-02-14 Van Zeijl Paulus Thomas Maria Phase lock circuit
US20030200464A1 (en) * 2002-04-17 2003-10-23 Computer Associates Think, Inc. Detecting and countering malicious code in enterprise networks

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020017958A1 (en) * 2000-06-06 2002-02-14 Van Zeijl Paulus Thomas Maria Phase lock circuit
US20030200464A1 (en) * 2002-04-17 2003-10-23 Computer Associates Think, Inc. Detecting and countering malicious code in enterprise networks

Also Published As

Publication number Publication date Type
WO2008079103A2 (en) 2008-07-03 application

Similar Documents

Publication Publication Date Title
Soltani et al. Flash Cookies and Privacy.
US20080016564A1 (en) Information protection method and system
US20080047013A1 (en) Method and system for detecting malware
Ruggeri et al. Encyclopedia of statistics in quality and reliability
CN103220427A (en) Mobile phone background program cleaning method and mobile phone
US20110082838A1 (en) Computer security method and apparatus
US8707441B1 (en) Techniques for identifying optimized malicious search engine results
Kondo et al. Suicide and karoshi (death from overwork) during the recent economic crises in Japan: the impacts, mechanisms and political responses
CN101370305A (en) Method and system for protecting data traffic security
Rezaee The three Cs of fraudulent financial reporting
US20140201806A1 (en) Runtime risk detection based on user, application, and system action sequence correlation
CN103632474A (en) Sound pressure sensor and alarm method thereof
US7805630B2 (en) Detection and mitigation of disk failures
US20140283084A1 (en) Automatic malignant code collecting system
JP2009110156A (en) Log output device and log output program
KR20070068162A (en) System and method of forensics evidence collection at the time of infringement occurrence
Ryu et al. Evaluation of intrusion detection systems under a resource constraint
Carbonneau et al. Detection of alarms and warning signals on an digital in-ear device
Hanley et al. Insider threat control: Using centralized logging to detect data exfiltration near insider termination
KR20040031733A (en) An apparatus for watching error of human detecting sensor and a method thereof
Symes et al. Recovery and interpretation of burned human remains
Böttle et al. How changing sea level extremes and protection measures alter coastal flood damages
US20130227226A1 (en) Electronic device and method for data backup
Han et al. Honeyid: Unveiling hidden spywares by generating bogus events

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 06760240

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06760240

Country of ref document: EP

Kind code of ref document: A2