System and method for securing a network from zero-day vulnerability exploits

摘要

A method of securing a network from vulnerability exploits, including the steps of a traffic analysis engine receiving a plurality of packets destined for an internal operating system; the traffic analysis engine selectively forwarding the packets to at least one virtual machine emulating the internal operating system; the virtual machine processing each forwarded packet; a rapid analysis engine identifying a malicious packet from the processed packets; and the rapid analysis engine creating a new signature to identify the malicious packet.

主权项

1. A method of securing a network from vulnerability exploits, comprising:
receiving a plurality of packets destined for an internal operating system; comparing, by a processor, packets received to at least one signature defined in an intrusion prevention system; upon a determination that a packet being compared does not match any signature in said intrusion prevention system, storing the packet in a buffer, the buffer providing storage for a plurality of packets; forwarding a copy of the packet to a virtual machine emulating said internal operating system in processing the packet; monitoring performance of the virtual machine; deleting the stored packet from the buffer upon a determination that the stored packet was stored in the buffer for a predetermined time period; detecting a failure of the virtual machine; analyzing the packets in the buffer to identify a malicious packet in response to detecting the failure of the virtual machine; and creating a new signature based upon the identified malicious packet.