公开(公告)号：US07873998B1

公开(公告)日：2011-01-18

申请号：US11184941

申请日：2005-07-19

申请人： Mark L. Wilkinson ,  Dirk Ourston

发明人： Mark L. Wilkinson ,  Dirk Ourston

IPC分类号： G08B23/00 ,  G06F15/173

CPC分类号： H04L63/1416 ,  G06F21/566 ,  G06F21/577 ,  G06F21/88 ,  G06F2221/2101

摘要： A method, system, apparatus, and computer-readable medium to detect rapidly propagating threats in a network. A rapidly propagating threat is detected by capturing a series of packets as the packets are communicated to nodes of the organizational network. The rapidly propagating threat can be detected without relying upon a known signature for the threat. Behavior of nodes when sending and receiving packets is examined for patterns typical of worm propagation.

摘要翻译： 一种用于检测网络中快速传播威胁的方法，系统，装置和计算机可读介质。 当分组被传送到组织网络的节点时，通过捕获一系列分组来检测快速传播的威胁。 可以在不依赖威胁的已知签名的情况下检测到迅速传播的威胁。 检查发送和接收数据包时节点的行为是针对蠕虫传播典型的模式。