发明名称 |
Preventing attacks in a data processing system |
摘要 |
A method and apparatus for facilitating reduction in successful attacks on a monitored data processing system, such as a host computer. An intrusion detection system comprises a host or application based sensor for detecting code based intrusions with a relatively low false-positive rate. Malicious code strings related to a detected intrusion are identified, extracted and forwarded to a pattern filter located in the monitored data processing system to prevent further intrusions using said malicious code strings. The malicious code strings may be forwarded to a response server for assembling sets of similar malicious code strings for which signatures are generated to permit identification of all malicious code strings contained in a set. The generated signatures are then distributed to monitored and/or monitoring systems of a protected network to prevent further intrusions using the malicious code strings and variations thereof.
|
申请公布号 |
US7555777(B2) |
申请公布日期 |
2009.06.30 |
申请号 |
US20040756744 |
申请日期 |
2004.01.13 |
申请人 |
INTERNATIONAL BUSINESS MACHINES CORPORATION |
发明人 |
SWIMMER MORTON D.;WESPI ANDREAS;ZAMBONI DIEGO M. |
分类号 |
G06F11/30;G06F21/00;H04L29/06 |
主分类号 |
G06F11/30 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|