A computer virus outbreak is detected by comparing one or more measurement parameters determined over a measurement period against a threshold level. The measurement parameters can include a measurement of how many E-mail messages are sent having an identical file attachment, file type or simply in
A computer virus outbreak is detected by comparing one or more measurement parameters determined over a measurement period against a threshold level. The measurement parameters can include a measurement of how many E-mail messages are sent having an identical file attachment, file type or simply in total. The threshold levels may be varied with the time of day and day of week as well as the tests applied.
대표청구항▼
The invention claimed is: 1. A computer program product embodied on a computer readable medium for detecting an outbreak of a computer virus on a computer apparatus, said computer program product comprising: (i) measurement computer code operable to measure one or more measurement parameters indica
The invention claimed is: 1. A computer program product embodied on a computer readable medium for detecting an outbreak of a computer virus on a computer apparatus, said computer program product comprising: (i) measurement computer code operable to measure one or more measurement parameters indicative of non virus specific activity of said computer apparatus over a respective measurement period; (ii) comparison computer code operable to compare said one or more measurement parameters with respective predetermined threshold levels; and (iii) signal generating computer code operable to generate a signal indicative of an outbreak of a computer virus if one or more of said one or more measurement parameters crosses a respective predetermined threshold level; wherein one of said measurement parameters is e-mail throughput associated with said computer apparatus, where said e-mail throughput is measured in a form dependent upon at least one of a number of e-mails, and a total of size values for said e-mails within a predetermined time period. 2. A computer program product as claimed in claim 1, wherein one of said measurement parameters is how many e-mail messages are sent having an identical message title. 3. A computer program product as claimed in claim 1, wherein one of said measurement parameters is how many e-mail messages are sent having an identical file attachment. 4. A computer program product as claimed in claim 1, wherein one of said measurement parameters is how many e-mail messages are sent having a file attachment of a given file type. 5. A computer program product as claimed in claim 4, wherein said given file type is an executable file type. 6. A computer program product as claimed in claim 1, wherein said e-mail throughput is measured in a form dependent upon said number of e-mails and said total of size values for said e-mails. 7. A computer program product is claimed in claim 1, wherein said e-mail throughput is measured in a form dependent upon said number of e-mails multiplied by said total of size values for said e-mails. 8. A computer program product as claimed in claim 1, wherein said respective predetermined threshold levels are varied in dependence upon time of day. 9. A computer program product as claimed in claim 1, wherein said respective predetermined threshold levels are varied in dependence upon day of week. 10. A computer program product as claimed in claim 1, wherein said one or more measurement parameters are user selectable. 11. A computer program product as claimed in claim 1, wherein said respective measurements periods are user selectable. 12. A computer program product as claimed in claim 1, wherein said respective predetermined threshold levels are user selectable. 13. A method of detecting an outbreak of a computer virus on a computer apparatus, said method comprising the steps of: (i) measuring one or more measurement parameters indicative of non virus specific activity of said computer apparatus over a respective measurement period; (ii) comparing said one or more measurement parameters with respective predetermined threshold levels; and (iii) generating a signal indicative of an outbreak of a computer virus if one or more of said one or more measurement parameters crosses a respective predetermined threshold level; wherein one of said measurement parameters is e-mail throughput associated with said computer apparatus, where said e-mail throughput is measured in a form dependent upon at least one of a number of e-mails, and a total of size values for said e-mails within a predetermined time period. 14. A method as claimed in claim 13, wherein one of said measurement parameters is how many e-mail messages are sent having an identical message title. 15. A method as claimed in claim 13, wherein one of said measurement parameters is how many e-mail messages are sent having an identical file attachment. 16. A method as claimed in claim 13, wherein one of said measurement parameters is how many e-mail messages are sent having a file attachment of a given file type. 17. A method as claimed in claim 16, wherein said given file type is an executable file type. 18. A method as claimed in claim 13, wherein said e-mail throughput is measured in a form dependent upon said number of e-mails and said total of size values for said e-mails. 19. A method as claimed in claim 13, wherein said e-mail throughput is measured in a form dependent upon said number of e-mails multiplied by said total of size values for said e-mails. 20. A method as claimed in claim a 13, wherein said respective predetermined threshold levels are varied in dependence upon time of day. 21. A method as claimed in claim 13, wherein said respective predetermined threshold levels are varied in dependence upon day of week. 22. A method as claimed in claim 13, wherein said one or more measurement parameters are user selectable. 23. A method as claimed in claim 13, wherein said respective measurements periods are user selectable. 24. A method as claimed in claim 13, wherein said respective predetermined threshold levels are user selectable. 25. Apparatus for detecting an outbreak of a computer virus on a computer apparatus, said apparatus comprising: (i) measuring logic operable to measure one or more measurement parameters indicative of non virus specific activity of said computer apparatus over a respective measurement period; (ii) comparing logic operable to compare said one or more measurement parameters with respective predetermined threshold levels; and (iii) signal generating logic operable to generate a signal indicative of an outbreak of a computer virus if one or more of said one or more measurement parameters crosses a respective predetermined threshold level; wherein one of said measurement parameters is e-mail throughput associated with said computer apparatus, where said e-mail throughput is measured in a form dependent upon at least one of a number of e-mails, and a total of size values for said e-mails within a predetermined time period. 26. Apparatus as claimed in claim 25, wherein one of said measurement parameters is how many e-mail messages are sent having an identical message title. 27. Apparatus as claimed in claim 25, wherein one of said measurement parameters is how many e-mail messages are sent having an identical file attachment. 28. Apparatus as claimed in claim 25, wherein one of said measurement parameters is how many e-mail messages are sent having a file attachment of a given file type. 29. Apparatus as claimed in claim 28, wherein said given file type is an executable file type. 30. Apparatus as claimed in claim 25, wherein said e-mail throughput is measured in a form dependent upon said number of e-mails and said total of size values for said e-mails. 31. Apparatus as clammed in claim 25, herein said e-mail throughput is measured in a form dependent upon said number of e-mails multiplied by said total of size values for said e-mails. 32. Apparatus as claimed in claim 25, wherein said respective predetermined threshold levels are varied in dependence upon time of day. 33. Apparatus as claimed in claim 25, wherein said respective predetermined threshold levels are varied in dependence upon day of week. 34. Apparatus as claimed in claim 25, wherein said one or more measurement parameters are user selectable. 35. Apparatus as claimed in clam in 25, wherein said respective measurements periods are user selectable. 36. Apparatus as claimed in claim 25, wherein said respective predetermined threshold levels are user selectable.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (7)
Chen Chia-Hwang ; Luo Chih-Ken, Anti-virus agent for use with databases and mail servers.
Arnold William C. (Mahopac NY) Chess David M. (Mohegan Lake NY) Kephart Jeffrey O. (Yorktown Heights NY) White Steven R. (New York NY), Automatic immune system for computers and computer networks.
Kephart Jeffrey Owen ; Morin Alexandre Guy Georges,FRX ; Sorkin Gregory Bret ; Wells Joseph Warreb, Efficient detection of computer viruses and other data traits.
Jung, Edward K. Y.; Levien, Royce A.; Lord, Robert W.; Malamud, Mark A.; Mangione-Smith, William Henry, Efficient distribution of a malware countermeasure.
Jung, Edward K. Y.; Levien, Royce A.; Lord, Robert W.; Malamud, Mark A.; Mangione-Smith, William Henry, Generating and distributing a malware countermeasure.
Jung, Edward K. Y.; Levien, Royce A.; Lord, Robert W.; Malamud, Mark A.; Mangione-Smith, William Henry, Implementation of malware countermeasures in a network device.
Farrell, Colm; Harpur, Liam; O'Sullivan, Patrick J.; Raguillat, Fred; Zimmet, Carol S., Managing calendar events while preparing for time out-of-office.
Jung, Edward K. Y.; Levien, Royce A.; Lord, Robert W.; Malamud, Mark A.; Rinaldo, Jr., John D.; Wood, Jr., Lowell L., Multi-network virus immunization.
Jung, Edward K. Y.; Levien, Royce A.; Lord, Robert W.; Malamud, Mark A.; Rinaldo, Jr., John D.; Wood, Jr., Lowell L., Multi-network virus immunization with separate physical path.
Jung, Edward K. Y.; Levien, Royce A.; Lord, Robert W.; Malamud, Mark A.; Rinaldo, Jr., John D.; Wood, Jr., Lowell L., Multi-network virus immunization with trust aspects.
Jung, Edward K. Y.; Levien, Royce A.; Lord, Robert W.; Malamud, Mark A.; Mangione-Smith, William Henry, Smart distribution of a malware countermeasure.
Kester, Harold M.; Kester Jones, legal representative, Nicole; Dimm, John Ross; Anderson, Mark Richard; Papa, Joseph, System and method of monitoring and controlling application files.
Garbow, Zachary A.; Hamlin, Robert H.; McDaniel, Clayton L.; Trisko, Kenneth J., Transitioning of database service responsibility responsive to server failure in a partially clustered computing environment.
Jung, Edward K. Y.; Levien, Royce A.; Lord, Robert W.; Malamud, Mark A.; Rinaldo, Jr., John D.; Wood, Jr., Lowell L., Virus immunization using entity-sponsored bypass network.
Jung, Edward K. Y.; Levien, Royce A.; Lord, Robert W.; Malamud, Mark A.; Rinaldo, Jr., John D.; Wood, Jr., Lowell L., Virus immunization using prioritized routing.
Jung, Edward K. Y.; Levien, Royce A.; Lord, Robert W.; Malamud, Mark A.; Rinaldo, Jr., John D.; Wood, Jr., Lowell L., Virus immunization using prioritized routing.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.