Tracking and reporting of computer virus information
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-011/00
G06F-012/14
G06F-012/16
G06F-015/18
G08B-023/00
출원번호
US-0702289
(2000-10-30)
등록번호
US-7496960
(2009-02-24)
발명자
/ 주소
Chen,Eva
Sun,Jimmy
Chou,Terrence
Deutsch,Steven
Havran,Mark
출원인 / 주소
Trend Micro, Inc.
대리인 / 주소
Beyer Law Group LLP
인용정보
피인용 횟수 :
188인용 특허 :
7
초록▼
An apparatus and method for providing real-time tracking of virus information as reported from various computers on a distributed computer network. Each client computer on the distributed network contacts an anti-virus scanning site. The site provides a small program or applet that resides in tempor
An apparatus and method for providing real-time tracking of virus information as reported from various computers on a distributed computer network. Each client computer on the distributed network contacts an anti-virus scanning site. The site provides a small program or applet that resides in temporary memory of the client computer. The client-user invokes the scan with supplied pattern updates for detecting recent viruses. When the scan has been completed, the user is prompted to supply a country of origin. The name of the virus, its frequency of occurrence, and the country are forwarded as a virus scan log to a virus tracking server, which receives the virus information and thereafter stores it in a database server, which is used to further calculate virus trace display information. A tracking user contacts the virus tracking server and receives map information, which traces the virus activity. The maps show, according to user preference, the names of the viruses encountered in each country, and their frequencies of occurrence.
대표청구항▼
We claim: 1. A real-time virus tracking and display system for use with a distributed computer network, the system comprising: a plurality of potentially infected client end-user computers, said end-user computers being distributed over said distributed computer network; a first anti-virus scanning
We claim: 1. A real-time virus tracking and display system for use with a distributed computer network, the system comprising: a plurality of potentially infected client end-user computers, said end-user computers being distributed over said distributed computer network; a first anti-virus scanning server executing software from a first vendor and a second anti-virus scanning server executing software from a second vendor, each accessible via the distributed computer network, said first anti-virus scanning server and said second anti-virus scanning server each including an anti-virus scanning program, whereby client users contact the first scanning server or the second scanning server to facilitate virus scanning of the client end-user computers by downloading said anti-virus scanning program; a scan log which is sent back to at least one of the first anti-virus scanning server and the second anti-virus scanning server over said distributed computer network from each client user, the scan log containing a virus name and a location of the end-user computer, wherein only location data is related to the identity of the end-user computer; a virus-tracking server for receiving the scan log information from said client end-user computers in real-time via the first anti-virus scanning server from the first vendor and the second anti-virus scanning server from the second vendor, wherein the virus-tracking server is operable with a plurality of anti-virus scanning servers and anti-virus scanning programs; a database server associated with the virus-tracking server for processing the scan log information into virus-tracking information; and at least one virus tracking display mode accessible by a tracking user from the virus tracking server, the display mode providing real-time updates of said virus tracking information pertaining to the scan logs, wherein the anti-virus scanning program residing at the client end-user computers generates one or more maps displaying the real-time updates, and wherein the one or more maps are generated and displayed at the client end-user computers include a view menu, a track menu, a select menu, and a time period menu and a display block showing worldwide virus infection rates and wherein the anti-virus scanning program generates a virus count graph showing static counts of prevalent viruses worldwide during a predetermined time frame. 2. The system according to claim 1, wherein the tracking user can configure the display modes to show the virus-tracking information in association with user-selected geographic maps of where the viruses are occurring. 3. The system according to claim 2, wherein the display modes includes a plurality of web pages with user selectable menus to configure the virus tracking display mode on the pages. 4. The system according to claim 1, wherein the scan log information contains no information relating to the direct identification of the client user. 5. The system according to claim 4, wherein the scan log information includes the name of the virus, the frequency of its occurrence, and the geographic location of the infected computer. 6. The system according to claim 1, wherein a servlet program on the virus-tracking server is used to receive the scan log information from the at least one anti-virus scanning server. 7. The system according to claim 1, wherein a polling program is used to regularly retrieve the virus tracking information from the database server and store it in a data object. 8. The system of claim 7, wherein a common gateway interface (CGI) program is used to retrieve the data object for display by the tracking user. 9. The system of claim 1, wherein a Java applet running on a tracking user browser is used to display a real-time virus trace map. 10. The system of claim 1, wherein the client user is also the tracking user. 11. The system of claim 1, wherein the distributed computer network includes the Internet, wherein said scan log from each scanned client computer is sent back over the Internet to be received by said virus tracking server, and wherein said virus tracking display mode is accessible over the Internet by said tracking user. 12. The system according to claim 1 wherein said virus tracking information identifies concentrations of a computer virus at said client end-user computer locations. 13. The system according to claim 1 wherein said scan log information is processed by aggregating said scan logs from each client end-user computer and then synthesizing said virus tracking information. 14. A method to provide real-time virus tracking and display for use with a distributed computer network, the method comprising: providing an anti-virus scanning program to a client end-user computer from a first anti-virus scanning server executing software from a first vendor or from a second anti-virus scanning server executing software from a second vendor, each accessible via the distributed computer network; invoking the anti-virus scanning program from a plurality of potentially infected client end-user computers by downloading said antivirus scanning program, said end-user computers being distributed over said distributed computer network; generating a scan log from each scanned client end-user computer and sending the scan log back from each client end-user computer over said distributed computer network, the scan log including virus name and a location of the end-user computer, wherein only the location relates to the identity of the end-user computer, thereby maintaining the privacy of the plurality of client users; receiving the scan log information from said client end-user computers in real-time at the first anti-virus scanning server and the second anti-virus scanning server and transmitting the scan log information to a virus tracking server associated with the distributed computer network capable of operating with anti-virus scanning servers from multiple vendors; processing the scan log information into virus tracking information and storing it on a database server associated with the virus-tracking server; and retrieving the virus tracking information from the virus-tracking server; and displaying a real-time trace on the client end-user computer using the anti-virus scanning program, wherein real-time trace data are displayed in one or more maps generated by the anti-virus scanning program on the client end-user computer; and enabling a client user to select from one or more maps a view menu, a track menu, a select menu, and a time period menu and a display block showing worldwide virus infection rates and wherein the anti-virus scanning program generates a virus count graph showing static counts of prevalent viruses worldwide during a predetermined time frame. 15. The method according to claim 14, which further includes configuring display modes by the tracking user to show the virus-tracking information in association with user-selected geographic maps of where the viruses are occurring. 16. The method according to claim 15, which further includes displaying the display modes via a plurality of web pages with user selectable menus to configure the virus-tracking information on the pages. 17. The method according to claim 14, wherein the scan log contains no information relating to the direct identification of the client user. 18. The method according to claim 17, wherein the scan log includes the name of the virus, the frequency of its occurrence, and the geographic location of the infected computer. 19. The method according to claim 14, which further includes providing a servlet program on the virus-tracking server to receive the scan log from the at least one anti-virus scanning server. 20. The method according to claim 14, which further includes providing a polling program to regularly retrieve virus tracking information from the database server and store it in a data object. 21. The method of claim 20, which further includes providing a common gateway interface (CGI) program to retrieve the data object for display by the tracking user. 22. The method of claim 14, which further includes running a Java applet on the browser of the tracking user device to display a real-time virus trace map. 23. The method of claim 14, wherein the client user is also the tracking user. 24. The method of claim 14, wherein the distributed computer network includes the Internet, wherein said scan log from each scanned client computer is sent back over the Internet to be received by said virus tracking server, and wherein said real-time trace displayed on said tracking user device is made available over the Internet. 25. The method according to claim 14 wherein said virus tracking information identifies concentrations of a computer virus at said client end-user computer locations. 26. The method according to claim 14 wherein processing said scan log information includes aggregating said scan logs from each client end-user computer, and synthesizing said virus tracking information from said aggregated scan logs.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (7)
Hill Douglas W. ; Lynn James T., Adaptive system and method for responding to computer network security attacks.
Hailpern Brent Tzion ; Malkin Peter Kenneth ; Schloss Robert Jeffrey ; White Steve R. ; Yu Philip Shi-Lung ; Palmer Charles Campbell, Collaborative server processing of content and meta-information with application to virus checking in a server network.
Bates, Cary Lee; Crenshaw, Robert James; Day, Paul Reuben; Santosuosso, John Matthew, Virus checking and reporting for computer database search results.
Magee, Joseph C.; Andrews, Alison M.; Nicholson, Mark W.; James, Jonathon Lance; Li, Henry C.; Stevenson, Christopher L.; Lathrop, Joel, Collective threat intelligence gathering system.
Singh, Abhishek; Mesdaq, Ali; Das, Anirban; Jain, Varun, Framework for classifying an object as malicious with machine learning for deploying updated predictive models.
Ismael, Osman Abdoul; Song, Dawn; Ha, Phung-Te; Gilbert, Peter J.; Xue, Hui, Framework for computer application analysis of sensitive information tracking.
Ismael, Osman Abdoul; Song, Dawn; Aziz, Ashar; Johnson, Noah; Mettler, Adrian Matthew, Framework for efficient security coverage of mobile software applications that is usable to harden in the field code.
Ismael, Osman Abdoul; Song, Dawn; Ha, Phung-Te; Gilbert, Peter J.; Xue, Hui, Framework for efficient security coverage of mobile software applications using machine learning.
Ismael, Osman Abdoul; Song, Dawn; Xue, Hui, Framework for efficient security coverage of mobile software applications using symbolic execution to reach regions of interest within an application.
Thioux, Emmanuel; Amin, Muhammad; Kindlund, Darien; Pilipenko, Alex; Vincent, Michael, Malicious content analysis using simulated user interaction without user involvement.
Thioux, Emmanuel; Amin, Muhammad; Kindlund, Darien; Pilipenko, Alex; Vincent, Michael, Malicious content analysis using simulated user interaction without user involvement.
Khalid, Yasir; Amin, Muhammad; Jing, Emily; Rizwan, Muhammad, Malicious content analysis with multi-version application support within single operating environment.
Khalid, Yasir; Amin, Muhammad; Jing, Emily; Rizwan, Muhammad, Malicious content analysis with multi-version application support within single operating environment.
Ismael, Osman Abdoul; Song, Dawn; Aziz, Ashar; Johnson, Noah; Mettler, Adrian Matthew, Security cloud service framework for hardening in the field code of mobile software applications.
Thioux, Emmanuel; Amin, Muhammad; Ismael, Osman Abdoul, System and method for analysis of a memory dump associated with a potentially malicious content suspect.
Britton, Douglas; Wesie, Andrew Michael, System and method for bidirectional trust between downloaded applications and mobile devices including a secure charger and malware scanner.
Britton, Douglas; Wesie, Andrew Michael; Pak, Brian Sejoon, System and method for bidirectional trust between downloaded applications and mobile devices including a secure charger and malware scanner.
Paithane, Sushant; Vashist, Sai; Yang, Raymond; Khalid, Yasir, System and method for detecting file altering behaviors pertaining to a malicious attack.
Rivlin, Alexandr; Mehra, Divyesh; Uyeno, Henry; Pidathala, Vinay, System and method for determining a threat based on correlation of indicators of compromise from other sources.
Kumar, Vineet; Otvagin, Alexander; Borodulin, Nikita, System and method for triggering analysis of an object for malware in response to modification of that object.
Rivlin, Alexandr; Mehra, Divyesh; Uyeno, Henry; Pidathala, Vinay, System and method of detecting delivery of malware based on indicators of compromise from different sources.
Aziz, Ashar; Amin, Muhammad; Ismael, Osman Abdoul; Bu, Zheng, System, apparatus and method for automatically verifying exploits within suspect objects and highlighting the display information associated with the verified exploits.
Singh, Abhishek; Lin, Yichong; Mukherjee, Angshuman; Bu, Zheng, System, apparatus and method for classifying a file as malicious using static scanning.
Khalid, Yasir; Deshpande, Shivani; Amin, Muhammad, System, apparatus and method for detecting a malicious attack based on static analysis of a multi-flow object.
Ismael, Osman Abdoul, System, apparatus and method for using malware analysis results to drive adaptive instrumentation of virtual machines to improve exploit detection.
Ismael, Osman Abdoul, System, apparatus and method for using malware analysis results to drive adaptive instrumentation of virtual machines to improve exploit detection.
Karandikar, Shrikrishna; Amin, Muhammad; Deshpande, Shivani; Khalid, Yasir, System, device and method for detecting a malicious attack based on communcations between remotely hosted virtual machines and malicious web servers.
Karandikar, Shrikrishna; Amin, Muhammad; Deshpande, Shivani; Khalid, Yasir, System, device and method for detecting a malicious attack based on direct communications between remotely hosted virtual machines and malicious web servers.
Muttik, Igor; Hearnden, Steve O.; Spurlock, Joel Robert, System, method, and computer program product for enabling communication between security systems.
Muttik, Igor; Hearnden, Steve O.; Spurlock, Joel Robert, System, method, and computer program product for enabling communication between security systems.
Mariswamy, Hariprasad; Barton, Christopher; Kelly, Nick P.; Roberts, Guy William Welch; Sargent, John; Umashankar, Karthik; Walker, Paul D., System, method, and computer program product for reacting based on a frequency in which a compromised source communicates unsolicited electronic messages.
Goradia, Harnish; Ismael, Osman Abdoul; Johnson, Noah M.; Mettler, Adrian; Aziz, Ashar, User interface with real-time visual playback along with synchronous textual analysis log display and event/time index for anomalous behavior detection in applications.
Goradia, Harnish; Ismael, Osman Abdoul; Johnson, Noah M.; Mettler, Adrian; Aziz, Ashar, User interface with real-time visual playback along with synchronous textual analysis log display and event/time index for anomalous behavior detection in applications.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.