logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 8127356 B1

PDFFull Text
Date of Patent:
Feb. 28, 2012

Filed:

Aug. 27, 2003

System, method and program product for detecting unknown computer attacks

Applicants:

Frederic G. Thiele, Broomfield, CO (US);

Michael A. Walter, Longmont, CO (US);

Inventors:

Frederic G. Thiele, Broomfield, CO (US);

Michael A. Walter, Longmont, CO (US);

Assignee:

International Business Machines Corporation, Armonk, NY (US);

Attorney:

Arthur J. Samodovitz

Primary Examiner:

Minh Dinh

Assistant Examiner:

Venkat Perungavoor

Int. Cl.
CPC ...
H04L 29/14 (2006.01); H04L 29/02 (2006.01);
U.S. Cl.
CPC ...
Abstract

A computer system and program product for automatically determining if a packet is a new, exploit candidate. First program instructions determine if the packet is a known exploit or portion thereof. Second program instructions determine if the packet is network broadcast traffic presumed to be harmless. Third program instructions determine if the packet is network administration traffic. If the packet is a known exploit or portion thereof, network broadcast traffic, or network administration traffic, the packet is not considered a new, exploit candidate. If the packet is not a known exploit or portion thereof, network broadcast traffic, or network administration traffic, the packet is an exploit candidate. Alternately, the first program instructions determine if the packet is a known exploit or portion thereof. The second program instructions determine if the packet is network broadcast traffic presumed to be harmless. Third program instructions determine if the packet is another type presumed or known from experience to be harmless. If the packet is a known exploit or portion thereof, network broadcast traffic, or the other type, the packet is not considered a new, exploit candidate. If the packet is not a known exploit or portion thereof, network broadcast traffic, or the other type, the packet is an exploit candidate.

Find Patent Forward Citations

Loading…