公开(公告)号：US08578491B2

公开(公告)日：2013-11-05

申请号：US12636435

申请日：2009-12-11

Applicant: Kevin McNamee ,  Denny Lung Sun Lee ,  Robert Gaudet ,  Arvavind K. Mistry ,  Paul Edwards

Inventor： Kevin McNamee ,  Denny Lung Sun Lee ,  Robert Gaudet ,  Arvavind K. Mistry ,  Paul Edwards

IPC: G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00 ,  G06F15/173

CPC classification number: H04L63/1408 ,  H04L41/082 ,  H04L41/0866 ,  H04L43/00

Abstract: An apparatus, system and method are described for use in detecting the presence of malware on subscribers computers. The apparatus, system and method are network based and may be deployed within an Internet Service Provider (ISP) network. The system may include a plurality of network sensors for receiving and analyzing network traffic to determine the presence of malware. An aggregating apparatus receives alerts of the presence of malware and translates a network identifier of the alert to a subscriber identifier. The aggregating apparatus aggregates alert information and forwards it to a reporting infrastructure that can generate notifications in order to notify a subscriber that malware has been detected on a computer associated with the subscriber.

Abstract translation: 描述了用于检测订户计算机上恶意软件的存在的装置，系统和方法。 设备，系统和方法是基于网络的，并且可以部署在因特网服务提供商（ISP）网络内。 该系统可以包括多个网络传感器，用于接收和分析网络流量以确定恶意软件的存在。 聚合装置接收到恶意软件的存在的警报，并将警报的网络标识符转换成用户标识符。 聚合装置聚合警报信息并将其转发到可以生成通知的报告基础设施，以便通知订户已经在与订户相关联的计算机上检测到恶意软件。

公开(公告)号：US20100154059A1

公开(公告)日：2010-06-17

申请号：US12636435

申请日：2009-12-11

Applicant: Kevin McNamee ,  Denny Lung Sun Lee ,  Robert Gaudet ,  Arvavind K. Mistry ,  Paul Edwards

Inventor： Kevin McNamee ,  Denny Lung Sun Lee ,  Robert Gaudet ,  Arvavind K. Mistry ,  Paul Edwards

IPC: G06F11/00 ,  G06F15/173

CPC classification number: H04L63/1408 ,  H04L41/082 ,  H04L41/0866 ,  H04L43/00

Abstract: An apparatus, system and method are described for use in detecting the presence of malware on subscribers computers. The apparatus, system and method are network based and may be deployed within an Internet Service Provider (ISP) network. The system may include a plurality of network sensors for receiving and analyzing network traffic to determine the presence of malware. An aggregating apparatus receives alerts of the presence of malware and translates a network identifier of the alert to a subscriber identifier. The aggregating apparatus aggregates alert information and forwards it to a reporting infrastructure that can generate notifications in order to notify a subscriber that malware has been detected on a computer associated with the subscriber.

Abstract translation: 描述了用于检测订户计算机上恶意软件的存在的装置，系统和方法。 设备，系统和方法是基于网络的，并且可以部署在因特网服务提供商（ISP）网络内。 该系统可以包括多个网络传感器，用于接收和分析网络流量以确定恶意软件的存在。 聚合装置接收到恶意软件的存在的警报，并将警报的网络标识符转换成用户标识符。 聚合装置聚合警报信息并将其转发到可以生成通知的报告基础设施，以便通知订户已经在与订户相关联的计算机上检测到恶意软件。