摘要 |
A system identifies computer worms associated with published, or otherwise, known security holes. The system uses a worm pattern developed to identify those data packets most likely to be a computer worm designed to take advantage of a particular security hole. The worm pattern includes a portion used to functionally characterize the computer worm and another portion used to provide a defense mechanism used to thwart the worm attack. In some cases, the defense action is truncating the suspected data word, while in other cases, the suspect data word is stored in a buffer for later investigation. In a particular implementation, the worm patterns are retrieved from a worm pattern update server.
|