Worm Security at the Network Perimeter
Lead Inventors: Salvatore Stolfo, PhD.Problem or Unmet Need:Worldwide computer system security remains a high priority for corporations and institutions; worms are among the significant threats. These are usually disguised applications that operate autonomously to destroy, steal or access data and security profiles. When a computer system is under attack by a worm, the worm has somehow successfully penetrated the system's network and found someplace to execute, thus beginning its malicious activity. At present, stopping a worm attack is limited to methods that analyze the code signature of a file and match it to a catalog of known malicious code. However, not all malicious code signatures are known, and worms can only be identified and blocked after they initiate their execution, which leaves computer systems vulnerable to whatever damage might be done before the malicious code is identified.This technology is a novel method of stopping potentially malicious code at the network perimeter. It keeps worms from passing a network gateway, thus preventing them from ever executing at all. Furthermore, this method is not dependent on analyzing code and referencing a catalog of known malicious code signatures. Rather, this solution utilizes techniques of artificial intelligence to learn the unique pattern of 'safe' code segments in the specific network it is deployed into, and then afterwards identifies and quarantines any files with code anomalies.This novel software-based approach can be deployed at any of a network's gateway points. After the learning phase of operation, it can capture network traffic from ports on devices at the network perimeter, pass on safe code, and isolate bad code with minimal latency interruption. It can be deployed on an existing device at the gateway layer of the network, or it can be deployed as its own appliance.
Site specific worm detector Can be applied to any network system, service or port Integrates with standard firewall equipment License independent from use of existing catalogs of malicious code
Computer system security breach detection Prevention of worm attack and infestation
This technology is a novel method of stopping potentially malicious code at the network perimeter. It keeps worms from passing a network gateway, thus preventing them from ever executing at all. Furthermore, this method is not dependent on an...
美国
