摘要 |
Systems and methods for intrusion and virus detection in computer networks. Data from a file, network byte stream, or other source is segmented and resulting data items are subjected to multiple processing techniques to obtain respective result values, or thumbprints. The multiple thumbprints for respective data items are then aggregated to obtain a single result value, or aggregate thumbprint. The components of the aggregate thumbprint may be "fuzzified" to allow for less preciseness in the single result value. The aggregate thumbprint is compared to other similarly generated aggregate thumbprints stored in a library. Alerts may be generated when the same aggregate thumbprint is detected multiple times. |