Invention Grant
US08677486B2 System and method for near-real time network attack detection, and system and method for unified detection via detection routing
有权
用于近实时网络攻击检测的系统和方法,以及通过检测路由统一检测的系统和方法
- Patent Title: System and method for near-real time network attack detection, and system and method for unified detection via detection routing
- Patent Title (中): 用于近实时网络攻击检测的系统和方法,以及通过检测路由统一检测的系统和方法
-
Application No.: US13086819Application Date: 2011-04-14
-
Publication No.: US08677486B2Publication Date: 2014-03-18
- Inventor: Matthew Olney , Patrick Mullen , Lurene Grenier , Nigel Houghton , Ryan Pentney
- Applicant: Matthew Olney , Patrick Mullen , Lurene Grenier , Nigel Houghton , Ryan Pentney
- Applicant Address: US MD Columbia
- Assignee: Sourcefire, Inc.
- Current Assignee: Sourcefire, Inc.
- Current Assignee Address: US MD Columbia
- Agency: Posz Law Group, PLC
- Main IPC: G06F21/00
- IPC: G06F21/00
Abstract:
A system includes a processor. The processor is configured to receive network traffic that includes a data block. The processor will generate a unique identifier (UID) for the file that includes a hash value corresponding to the file. The processor will determine whether the file is indicated as good or bad with the previously-stored UID. The processor will call a file-type specific detection nugget corresponding to the file's file-type to perform a full file inspection to detect whether the file is good or bad and store a result of the inspection together with the UID of the file, when the file is determined to be not listed in the previously-stored UIDs. The processor will not call the file-type specific detection nugget when the file's indicator is “good” or “bad” in the previously-stored UIDs. The processor will issue an alert about the bad file when the file's indicator is “bad”.
Public/Granted literature
Information query
