Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2011-08-23
2011-08-23
Moazzami, Nasser (Department: 2436)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C726S022000, C726S023000, C726S025000
Reexamination Certificate
active
08006306
ABSTRACT:
A system, method and computer program product for exploit-based worm detection and mitigation are disclosed. The system, method, and computer program product are configured to identify a signature representing content prevalent in network traffic, determine if the traffic including the signature exhibits propagation, determine if the traffic including the signature exhibits connectedness, and generate a worm signature based on the signature if the signature exhibits both connectedness and propagation.
REFERENCES:
patent: 6910134 (2005-06-01), Maher et al.
patent: 7181769 (2007-02-01), Keanini et al.
patent: 7325097 (2008-01-01), Darcy
patent: 2003/0041264 (2003-02-01), Black et al.
patent: 2003/0204632 (2003-10-01), Willebeek-LeMair et al.
patent: 2004/0083299 (2004-04-01), Dietz et al.
patent: 2006/0107321 (2006-05-01), Tzadikario
patent: 2006/0212942 (2006-09-01), Barford et al.
patent: 2007/0121574 (2007-05-01), Igarashi et al.
Weaver, Nicholas et al., “Very Fast Containment of Scanning Worms”, Usenix Security Symposium, Aug. 9-13, 2004.
Newsome, J. et al., “Polygraph: automatically generating signatures for polymorphic”, 2005 IEEE Symposium on Security and Privacy, pp. 226-241.
Rabin, Michael O., “Fingerprinting by Random Polynomials”, 1981.
D. Moore and C. Shannon, “Code-Red: a Case Study on the Spread and Victims of an Internet Worm”, in Proceedings of the 2002 ACM SICGOMM Internet Measurement Workshop, Marseille, France, Nov. 2002, pp. 273-284. http://www.google.com/url?sa=t&ct=res&cd=1&url=http%3A//www.caida.org/outreach/papers/2002/codered/codered.pdf&ei=3kAgRLGIHa2GavDo3NkD&sig2=DH2J6ecjAE1Hcv082MTmGw.
D.Moore, C.Shannon, G.Voelker, and S.Savage. Internet Quarantine: Requirements for Containing Self-Propagating Code. In IEEE Proceedings of the INFOCOM, Apr. 2003. http://www.google.com/url?sa=t&ct=res&cd=1&url=http%3A//www-cse.ucsd.edu/%7Esavage/papers/Infocom03.pdf&ei=gj8gRPXDObuwasHI5d0D&sig2=IzkDAbeeaJzJDreLgPCZoA.
Sumeet Singh, Cristian Estan, George Varghese, Stefan Savage: Automated Worm Fingerprinting. OSDI 2004: 45-60. http://www.google.com/url?sa=t&ct=res&cd=1&url=http%3A//www-cse.ucsd.edu/%7Esavage/papers/OSDI04.pdf&ei=—UAgRMT-CcaKabiFxbkD&sig2=FacfKv4JFmUcgHtCm3ifWO.
Kim, H.-A. and Karp, B., Autograph: Toward Automated, Distributed Worm Signature Detection, in the Proceedings of the 13th Usenix Security Symposium (Security 2004), San Diego, CA, Aug. 2004, http://www.google.com/url?sa=t&ct=res&cd=1&url=http%3A//www.cs.cmu.edu/%7Ebkarp/autograph-usenixsec2004.pdf&ei=GkEgRNa1Fcr0aI2njKwD&sig2=SWtWWF0Jp5JgKPbBwOjgDO.
Broder, A.Z., “Some Applications of Rabin's fingerprinting method”, R. Capocelli, A. DeSantis, U. Vaccaro (eds, Sequences II: Methods in Communications, Security, and Computer Science, Springer-Verlag, pp. 1-10(1993).
Snort: Open source network intrusion detection system. www.snort.org, 2002.
Gopalan Prem
Jamieson Kyle
Mavrommatis Panayiotis
Moazzami Nasser
Park Vaughan Fleming & Dowler LLP
Riverbed Technology, Inc.
Shehni Ghazal
LandOfFree
Exploit-based worm propagation mitigation does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Exploit-based worm propagation mitigation, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Exploit-based worm propagation mitigation will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2699593