Browse Prior Art Database

Real Time Detection and Disablement of Viruses in a Data Communications Network

IP.com Disclosure Number: IPCOM000117657D
Original Publication Date: 1996-Apr-01
Included in the Prior Art Database: 2005-Mar-31
Document File: 4 page(s) / 152K

Publishing Venue

IBM

Related People

Hershey, PC: AUTHOR [+2]

Abstract

Disclosed are methods for the real time detection and disablement of viruses in a data communications network. Within a node of a data communication network, the detection of the bit patterns of known viruses can result in a signal. The signal can be sent to circuitry designed to embed a marker pattern in any detected virus during its transmission through the network. In this way the virus can be both disabled and easily located at a later time. If required, the data packet containing the virus could be discarded. Another option is to both place a marker pattern over a portion of the virus and either zero or change all other bits in the virus to ensure it is no longer able to function.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 43% of the total text.

Real Time Detection and Disablement of Viruses in a Data Communications
Network

      Virus Detection and Alarm System

      Disclosed are methods for the real time detection and
disablement of viruses in a data communications network.  Within a
node of a data communication network, the detection of the bit
patterns of known viruses can result in a signal.  The signal can be
sent to circuitry designed to embed a marker pattern in any detected
virus during its transmission through the network.  In this way the
virus can be both disabled and easily located at a later time.  If
required, the data packet containing the virus could be discarded.
Another option is to both place a marker pattern over a portion of
the virus and either zero or change all other bits in the virus to
ensure it is no longer able to function.

      The key problem solved is that once a virus has been detected
on a real time basis, steps must be taken to immediately disable the
virus.  This insures that the virus does not contaminate destination
location processing equipment.

      Real time monitoring for viruses is accomplished using the
Event Driven Interface invention described in (1).  The event driven
interface can be programmed to include partial (signature) or
complete patterns for all known viruses.  A single marker pattern can
also be stored in an accompanying register, and the marker pattern
can be substituted for at least a portion of the virus.  In addition,
an output from the virus detection circuitry the Event Driven
Interface can be applied to a bit flipping circuit which is coupled
to the data communications medium.  The combination of embedding a
marker pattern and bit flipping completely disables the virus.  The
marker pattern can be an easily identifiable pattern which can be
located in the destination processor.  The destination processor can
then look for the marker pattern and clean out its memory of any
residual, disabled viruses.

      For example, if there are 30 known viruses, each respective
bit pattern can be scanned for in real time using the Event Driven
Interface (EDI) described in (1).  After any virus has passed the
monitoring point, but before passing the bit flipping point in the
communications network, a signal can cause the bit flipping circuitry
to change all or preselected bits in the virus.  Alternately, either
part of the bits or all of the bits in the virus can be set to a
binary one or a binary zero, uniformly.  In this manner, the space
occupied by the virus is retained in order to maintain the bit count
identified in the header of the message, and yet the virus'
pernicious effect has been nullified.  An additional feature is the
inclusion of a cyclic redundancy encoding mechanism which will
recompute the cyclic redundancy code for entry into the message in
order to accommodate the reconfigured binary expression for the
disabled virus.  It is necessary to maintain the number of bits in
the...