WO1997036246A1 - Procede de gestion de reseau informatique et dispositif correspondant - Google Patents
Procede de gestion de reseau informatique et dispositif correspondant Download PDFInfo
- Publication number
- WO1997036246A1 WO1997036246A1 PCT/JP1996/000754 JP9600754W WO9736246A1 WO 1997036246 A1 WO1997036246 A1 WO 1997036246A1 JP 9600754 W JP9600754 W JP 9600754W WO 9736246 A1 WO9736246 A1 WO 9736246A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- security
- computer
- software
- mobile security
- dedicated
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
Definitions
- the present invention relates to a method and an apparatus for managing a computer network, and more particularly to a technique for securing security.
- FIG. 9 is a diagram showing a conventional method.
- reference numerals 1001 to 1018 denote computers each having a communication function.
- a ⁇ sterilization signal '' is a series of scan symbols and repair information that informs the originating computer that it has been infected with a computer virus and that helps the recipient to detect and respond to the computer virus. is there. It is assumed that 1002, 1004, and 1006 of the computers 1002 to 1006 that have received the "sterilization signal" are already infected with the computer virus. It is also assumed that the computers 1007, 1008, 1011, 1013, and 1018 are infected with the computer virus at time 1.
- computers 1002, 1004, and 1006 infected with the computer virus repel the computer virus based on the "sterilization word” and gain immunity.
- Computers 1002, 1004, and 1006 then send similar "sterilization signals" to further nearby computers.
- Computers 1003 and 1005 that were not infected with the computer virus also immunize based on the "sterilization signal", but do not send the "sterilization signal” further.
- the speed at which the "sterilization signal" occurs in the network is reduced. If it is faster than the infection rate of computer viruses, it can prevent the spread of computer viruses to some extent.
- the first point of dissatisfaction is that if there are two or more computer virus infections at the initial stage, it may not be possible to sufficiently cope with them. For example, in Fig. 10, if the initial computer virus infection was found not only on computer 1001 but also on computer 1001, the "sterilization signal" from computer 1001 would be transmitted to computer 1010. The computer virus in computer 110 is not repelled. As a result, computer viruses that originate from computer 11010 may spread throughout the network via the further neighborhood. In this case, a computer virus was found at computer 1001, which was the infected site of the first computer virus, and a countermeasure was found, but it was not fully utilized.
- the second unsatisfactory point is that the reliability of the "sterilization signal” is questionable.
- computer 1002 is partially unreliable due to a computer virus. It has not been confirmed that it was completely restored at time 2.
- the computer 1002 operates according to the “sterilization signal” declared by the computer 1002 itself, but at this time, the computer 1002 has not been completely repaired, and a crazy “sterilization signal” is output and the entire network is output. May worsen.
- the above-mentioned known literature itself points out that in the conclusion section and states that it is an issue for the future.
- the third point of dissatisfaction does not consider illegal acts other than computer viruses, such as attempts to gain unauthorized access to computers from outside. For misconduct other than computer viruses, transmission of a germicidal message alone is not sufficient.
- software for countermeasures may be required. Need to be sent and run.
- the countermeasure software if there is no ⁇ suppression ⁇ '' that suppresses the operation at appropriate timing, the possibility of damage to the normal function or even the normal function due to runaway of the software increases. This is not mentioned.
- the fourth point of dissatisfaction is insufficient quarantine of data from external networks.
- a firewall is installed in a place connected by an external network, or when a magnetic disk or a compact disk is mounted, an illegal act is performed on each computer.
- vaccine software that does not contaminate working programs.
- a means by human administrators to ensure that the firewall settings are sufficient and to ensure that the latest vaccine software is activated on each computer There is no current situation.
- the fifth point of dissatisfaction is the lack of quarantine regarding the treatment of potential overnight misconduct.
- Conventional vaccine software fixed-type security software
- detects data based on the data structure that is characteristic when a virus is infested in a file system or memory. . Therefore, it is currently impossible to detect fraudulent activities by new viruses.
- An object of the present invention is to provide a computer network management method and apparatus capable of coping with the intrusion of a computer virus simultaneously at a plurality of locations in a computer network.
- Another object of the invention is to provide a computer network management method and apparatus capable of ensuring the reliability of security software.
- Another object of the present invention is to provide a method for managing a computer network capable of suppressing runaway of security software, and a method of managing the same. To get the equipment. ⁇
- Another object of the present invention is to provide a computer network management method and apparatus capable of improving the security of data from an external network.
- Another object of the present invention is to provide a computer network management method and apparatus capable of detecting the occurrence of a new type of computer virus quickly. Disclosure of the invention
- the present invention uses the following means.
- the mobile security-dedicated software is automatically transmitted when a computer sends an electronic mail or some kind of message such as database access data, and the message is sent automatically.
- the mobile security device departs and the function of the mobile security-dedicated software is executed in the fixed security-dedicated module at the destination.
- dedicated software for mobile security There are two types of dedicated software for mobile security: breeding type and non-breeding type.
- the breeding type recreates its own copy every time the communication destination is different and sends it out as soon as possible. It propagates throughout the network. This solves the first unsatisfactory point.
- the fixed security-dedicated module at the destination uses the digital signature to communicate with the mobile security-dedicated software and security. Verify that data has not been tampered with.
- the mobile security-dedicated software checks by itself whether the security communication data has been tampered with by periodically verifying it, and if it determines that the data has been tampered with itself. It invalidates itself by rewriting its contents.
- the mobile security-dedicated software-to-air outputs either “promotion” or “suppression” security communication data.
- the output data is transmitted to the other fixed security-dedicated module via the fixed security-dedicated module, and if the security communication data received there is "promoted", the inactive resource is deactivated.
- the mobile security-dedicated software in the active list moves to the active list, and the mobile security-dedicated software in the active list has its execution priority raised and is "suppressed.” In this case, the mobile security-dedicated software in the active list is moved to the inactive list, or is invalidated by rewriting itself by the mobile security-dedicated software.
- the active list and the inactive list are held in the fixed security-dedicated module, and if there is mobile security-dedicated software on the active list, they are executed. However, the mobile security-dedicated software listed in the inactive list is deleted from the inactive list if the state of not performing at regular time 1 / work continues. This resolves the third unsatisfactory point.
- the fixed security-dedicated software that can inquire about the computer on which the mobile security-dedicated software is activated If all computers are equipped with software and data is to be introduced from an external system, be sure to copy the data to the activated computer and introduce the “sterilized” data to the target computer.
- the mobile security-specific software stores the configuration of the computer when it was visited before, and executes it (by judging particularly suspicious data) with newly added or updated data. Move to a computer dedicated to countermeasures and isolate it from the network. After quarantine, if a virus causes misconduct, human administrators will take action. If the disease does not occur after a certain period of time, return to the original computer. This resolves the fifth point of dissatisfaction.
- a feature of the present invention is that, in a computer network system in which a plurality of computers are connected via a transmission line, when the computer transmits a message to another computer, the computer attaches the message to the other computer. Data that constitutes the mobile security-dedicated software to be transmitted and transmitted.When the message is received from another computer, the mobile security-dedicated software attached to the message is transmitted to the computer. It is a method for managing a computer network that executes the mobile security-dedicated software based on the data to be configured. Also, a feature of the present invention is that, in a computer network system in which a plurality of computers are connected via a transmission line, the computer transmits the message to another computer when transmitting the message to the other computer.
- the mobile security-dedicated software attached to the message is received.
- This is a management system of a computer network comprising a fixed security-dedicated module that executes the mobile security-dedicated software according to the data that configures the security device.
- FIG. 1 is a configuration diagram of a computer network system showing an embodiment of the present invention
- FIG. 2 is a flowchart showing a processing procedure of a security agent
- FIG. 3 is a flowchart showing a processing procedure of a security agent
- Fig. 4 is a flowchart showing the security agent processing procedure
- Fig. 5 is a system configuration diagram for dealing with computer viruses using a computer activated with security-only software
- Fig. 6 is a computer virus.
- Fig. 7 is a block diagram of isolating files suspected of being infected from a distributed system
- Fig. 7 is a flowchart of the procedure for dealing with computer viruses using a computer activated by dedicated security software
- Fig. 8 Procedures for isolating files suspected of being infected by computer viruses from distributed systems It is views
- FIG. 9 is an explanatory view for explaining a conventional security system.
- FIG. 1 is a diagram showing one embodiment of the present invention.
- a personal computer A101, a WWW server 102, a personal computer XI03, a personal computer Y104, and a personal computer 105 of Taro are provided on a network 107.
- a computer 106 as an quarantine center is connected.
- the fixed security module 108 in the personal computer A101 includes a public key list 9 for each evening, an activation list 111, an inactivation list 112, and a security message list.
- 113, WWW browser 110, and access control mechanism 114 are set.
- the access control mechanism 114 controls the exchange of data between the fixed security module 108 and the outside, and the exchanged data is always It is limited to those output from the WWW browser 110 or input to the WWW browser 110.
- the access control mechanism 114 prohibits unauthorized access to any other fixed security module 108.
- the WWW browser 110 outputs data A115 to the WWff server 102, and inputs data B116 from the WWW server 102.
- the data A115 is composed of security software E3 118, security software E3 118, and security software E3 generated by Taro's personal computer 105, in addition to the normal message 117 normally exchanged between the WWW server 102 and the WWW browser 110.
- the data B116 is a digital signature SB for the security software E4123 and the security software E4 generated by the quarantine prevention center 106, in addition to the normal message 122 normally exchanged between the WWW server 102 and the WWW browser 110.
- the activation list 111 which is composed of 126, is a first-in-first-out type stack in which data is sequentially input and accumulated from the upper side, and sequentially output from the lower side.
- a set 129 of security software E1 and its digital signature SB (E1) is stored, and a set 130 of security software E3 and its digital signature ST (E3) is stored second. .
- the passivation list 112 is a similar block, in which a set of security software E2 and its digital signature SB (E2) is stored.
- the security message list 131 is a similar stack, in which pairs of the character strings “suppression” and “E5” and the digital signature SB (E2) are stored. You.
- the public key list 109 by type includes the identifier “B: quarantine center” of the type “proliferation type”
- the public key “27F7EA98 * T: Taro's public key "76C3BBA8 * ⁇ ⁇ ] 128 is set.
- a quarantine center “27F7EA98, ⁇ ] 127 is a quarantine center such as digital signature SB (E1) 129, digital signature SB (E2) 112 and digital signature SB (E5) 113. It is used to verify the validity of the digital signature SB ( ⁇ ) created by 106.
- T: Taro's public key “76C3BBA8...] 128 is Taro's password, such as the digital signature ST (E3) 130. It is used to verify the validity of the digital signature ST ( ⁇ ) created by One Sonal Computer, Inc. 105.
- FIG. 2 shows a processing port of the WWW browser 110 when data A115 and data B116 are exchanged between the personal computer A101 and the WWW server 102.
- step 201 the operation of the WWW browser is started.
- step 202 a receiving operation is performed.
- step 203 the operation of the security function is started.
- step 204 it is checked whether or not security software is attached to the received data. If so, the process proceeds to step 205. Otherwise, the process proceeds to step 209.
- step 205 subroutine A is executed.
- step 206 if the return value of subroutine A is 0, the process proceeds to step 207. Otherwise, the process moves to step 209.
- step 207 it is checked whether or not the same security software as the received security software has already been registered in either the activation list 111 or the deactivation list 112. If so, go to step 208. Otherwise, go to step 209.
- step 208 the received security software is added to the upper side of the activation list 111 stack.
- step 209 check whether there is a transmission operation. Find out. If there is a transmission operation, go to step 210. Otherwise, go to step 219.
- step 210 it is checked whether the activation list 111 is empty. If empty, go to step 213. Otherwise, go to step 211.
- step 211 the security software is taken out from under the stack of the activation list 111.
- step 212 a copy of the security software is taken and the copy is returned to the original position on the activation list 111 stack. Then, the process proceeds to step 217.
- step 213 it is checked whether the inactivation list 112 is empty. If empty, go to step 219. Otherwise, go to step 214.
- step 214 the security software is taken out from under the stack of the inactivation list 112.
- step 215 the security software checks to see if it is proliferative. If so, proceed to step 216. Otherwise, go to step 217.
- Step 216 copies the security software and returns it to its original position on the inert list 112 stack.
- step 217 the transmission data is transmitted with security software attached.
- step 218, subroutine B is executed. Then, in step 219, the WWW browser is terminated.
- FIG. 3 is a processing flowchart of the subroutine A205, and this processing will be described below.
- step 301 the processing of subroutine A is started.
- step 302 it is determined whether the digital signature attached to the security software is valid. If so, go to step 303. Otherwise, go to step 307.
- step 303 if the creator of the digital signature is 106, the process proceeds to step 304. If the creator of the digital signature is Taro's personal computer, 105, then step 305 Proceed to. Otherwise, go to step 306.
- the security software is determined to be proliferative. Then, the return value is set to 0.
- the security software is determined to be non-replicating. Then, the return value is set to 0.
- the security software is invalidated by overwriting it with a meaningless character string. Then, set the return value to 1.
- it is checked whether a security message is attached to the received data. If yes, go to step 308. Otherwise, go to step 312.
- Step 308 checks whether the digital signature of the security message is valid. That is, check whether it is a digital signature created by the quarantine center. If so, go to step 309. Otherwise, go to step 312.
- step 309 if the content of the security message includes "promotion”, proceed to step 310. If “suppression” is included, go to step 311.
- step 310 if the security software specified in the security message is in the activation list or the deactivation list, move it to the bottom of the activation list. Otherwise, go to step 312.
- step 311 if the security software specified in the security message is in the activation list or the deactivation list, delete it. Otherwise, go to step 312. Then, in step 312, the subroutine A ends.
- FIG. 4 describes the procedure of subroutine 209 in detail. This shows a list process of the activation list 111 and the inactivation list 112 of this embodiment.
- the load is calculated from the memory and disk consumption and the CPU usage when the dedicated security software is activated. You. If this is inactive for a predetermined period of time, move to another computer (stop the process on the computer and start the process on another computer). It stops when it receives a "suppress" signal. Needless to say, it is necessary to have the qualities of dedicated security software to detect such operating conditions.
- step 401 it is checked whether or not there is an operation condition 1 (transmission operation for ordering suppression). If there is a transmission operation, proceed to step 407. Otherwise, go to step 402. In step 402, it is determined whether the activation list 111 is empty or not, and if it is empty, the process proceeds to step 407. Otherwise, go to step 4 03.
- operation condition 1 transmission operation for ordering suppression
- step 400 one security software is taken out from under the stack of the activation list 111. Then, in the following step 404, the security software is activated (activated). In step 405, the execution result of step 404 is added to the security message stack, and the execution result is transmitted to another computer. In step 406, the process of the security software in step 404 is stopped to make it inactive. Then, it is added to the list of the inactive list 112.
- step 407 it is checked whether or not there is an operation condition 2 (transmission operation for commanding activation). If there is a transmission operation, go to step 408. If not, go to step 210. In step 408, it is determined whether the deactivation list 112 is empty or not, and if it is empty, the process proceeds to step 210. Otherwise, go to step 409. In step 409, remove one security software from the bottom of the deactivation list 112 (in step 409, the security software is added to the deactivation list). It is checked whether or not a predetermined time has passed since the transfer, and if the predetermined time has passed, the process proceeds to step 414. If not, the process proceeds to 411. In step 411, the security software is started (activated).
- step 412 the execution result of step 411 is added to the security message stack, and the execution result is transmitted to another computer.
- the security software process in step 411 is stopped to make it inactive, and added to the stack of inactive list 112.
- step 4 14 the security software is no longer needed, so this security software is deleted.
- FIG. 5 and 7 show an embodiment showing another apparatus configuration of the present invention.
- Fig. 5 shows the system configuration
- Fig. 7 shows the processing procedure. This example shows that when data is introduced from an external system, a computer on which the mobile security leading software is activated is used as an entrance to the system, and the entire system is quarantined.
- 501 is the internal network.
- 502 is an external network.
- 511 and 521 are computers (terminals) connected to the network 501.
- the computer 5 11 owns the hard disk 5 12 and manages the file system 5 13.
- the computer 52 1 owns the hard disk 52 2 and manages the file system 52 3.
- .505 is a computer (server) connected to the external network502.
- Reference numeral 506 denotes a computer (firewall) that separates the external network 501 and the internal network 502.
- FIG. 5 illustrates the software configuration.
- Reference numeral 540 denotes a server program that runs on the computer 505, for example, a WWW server program.
- 514 is a client program that runs on the computer 511, for example, a WWW client program.
- Gram. 53 1 and 53 2 are software dedicated to security, which circulate through the computers in the network 501 or fixedly reside on a specific node.
- 531 is a fixed type software (referred to as security clerk) on the computer 511
- 532 is a mobile type software (a security clerk) activated on the computer 5 21. Liability agent).
- FIG. 7 will be described for each step.
- step 701 the client program 541 issues a file transfer request for data managed by the server program 540.
- step 720 the program 540 accepts the request of the client 541.
- step 703 the client program 541 issues a request to the security clerk 531 to request a sterilization of data to be downloaded.
- step 704 the security clerk 531 receives the request in step 704, and searches for a computer on which the security agent is activated. For example, the security agent (or security clerk) of all computers in the network 501 is inquired by broadcast communication, and the security agent activates the computer that has returned the quickest response.
- Security clerk 531 determines that there is Alternatively, when there are a plurality of active security agents, there is a method in which the security clerk 531 determines the number and types of active security agents. In step 705, based on the judgment in step 704, the security clerk 531 sends the request in step 703 to 532 which operates on the computer 521. In Step 706, the security agent 532 that has received the request prepares for operation.
- the file system 5 23 is mounted as a tree structure of a part of the file system 5 13. Then, the reason why the operation preparation is completed is returned to the security clerk 5 1 2.
- step 707 the security clerk 512 sends the information obtained in the steps 704 to 706 (the mount point of the remote file system 523, the security agent 512). Type, operation method, etc.) to the program 5 4 1.
- step 711 the program 541 downloads using a conventional file transfer protocol (eg, FTP).
- a conventional file transfer protocol eg, FTP
- the download location is the remote file system 52 3 in which the security agent 512 is activated.
- step 712 the program 541 uses the information obtained in step 707 to step (again through the security clerk 531) to the security agent 512. Request sterilization of the file downloaded in 708.
- step 7 13 the security agent 5 32 performs a sterilization operation. If abnormalities are found, delete the downloaded data. Then, the work result is returned to the program 5 41. In step 714, the program 541 moves the sterilized download data from the file system 523 to 513.
- step 7 2 program 5 4 1 (security clerk 5 Requests the security agent 54 1 to release the file system 52 3 (via 31).
- the security agent 5 41 releases the mounting of the file system 5 2 3.
- the security agent 541 notifies the program 541 of the completion of the post-processing (via the security break 531) and completes the processing operation.
- the program 531 is a fixed type and the program 532 is a mobile type software for the sake of simplicity, but it can be said that the program 531 is applicable regardless of the mobile type or the fixed type. Not even.
- the feature is that communication can be performed between the program 531 and the program 532 and they can operate in cooperation.
- the security effective for the computer (511 in this example) is effective.
- the dedicated software does not exist, the infection is likely to be transmitted.
- the existence of the software dedicated to the security is detected, and the presence of the mediation window program (Clark) enables more effective inspection. realizable.
- FIGS. 6 and 8 are examples showing another method of using the present invention.
- Figure 6 shows the system configuration
- Figure 8 shows the processing procedure.
- a file which may be fraudulent due to a new type of virus is isolated from a distributed system and quarantined by the entire system.
- FIG. 6 illustrates the hardware configuration
- the 601 is the internal network. 62, 61 1 and 62 1 are computers connected to the network 61.
- the computer 611 owns the hard disk 612.
- the computer 62 1 owns a storage medium, for example, a hard disk 62 2.
- the computer 621 also has a storage medium 623, for example, a magnetic tape, which can be separated from the hard disk 622.
- the hard disk 6 22 contains a file 6 13 that may now be infected.
- the computer 621 is a file server of the network 601.
- FIG. 6 illustrates the software configuration.
- Reference numeral 6550 denotes fixed security-dedicated software (hereinafter, referred to as a virus bath) that runs on the computer 62 1.
- Reference numeral 651 denotes mobile security software (referred to as a security agent) that traverses the network 61.
- the security agent 651 records the status (for example, the configuration of the file system, the contents of the hard disk, and the address of the resident program in the memory) when the computer 611 was visited last time.
- Own table Reference numeral 653 denotes fixed security dedicated software (security clerk) that mediates between the virus bus server 650 and the security agent 651.
- file 613 which may be infected now, is temporarily isolated by file server 621, and security programs 651, 650, 653, etc. cooperate. The operation to protect against a new type of computer virus is explained.
- step 800 the security agent 651 arrives at the computer 611, and starts searching.
- step 802 based on the security agent 651 and the list 652 created during the previous patrol, a file 613 suspected of being infected with a new type of computer virus was detected. To search. Suspicion criteria include, for example, newly created or updated files since the last visit.
- step 803 the security agent 651 sends a request for connection to the security clerk 653 between the file server 621 and the computer 611, via the network 61. Issue.
- step 804 the security agent 651 transfers the suspect file 613 to the file server 621.
- the file server 6 2 1 is- Security Ritieji I emissions collected by 6 [delta] 1: force, unless demand for al security Clark 6 5 3, if it is the form of cutting the network, in c Step 8 0 5 more 3 ⁇ 4 or correct, security Ritiejiwe down bets
- step 651 the file 613 transferred in step 803 notifies the virus bus 650 in advance of the procedure for moving to the hard disk 612 again. For example, it moves when the security agent 651 patrols the computer 611 again. Procedures, such as moving when no illness occurs after the time specified in the system has elapsed, are defined.
- the virus bus 650 monitors the computer 62 1 and the hard disk 62 2, and notifies the administrator if any fraud is detected.
- the virus bus server 650 separates and stores the files in which the disease has not been detected for a certain period of time and the files just transferred from the computer on the network. For example, evacuate to another medium (magnetic tape) that can be separated from the hard disk. In this embodiment, the data is divided into two stages according to the elapsed time and the number of media.
- step 821 Post-processing-In step 821, the security agent 6 ⁇ 1 follows the procedure defined in step 805, and the file 613 currently stored (having no disease) is stored in 623.
- a request to transfer to the original computer 6 1 1 is issued to the security class 6 5 3.
- the security clerk 6553 queries the virus bus 650 about the transfer request of step 821, and if the virus buster 650 permits, the computer 611 and the computer 621 And reconnect. Then, in step 823, the file 613 from the tape 623 of the computer 621 is transferred to the hard disk 612 of the computer 611.
- the normal message 117 sent from the personal computer A101 to the WWW server 102 is accompanied by security software 118, which is transmitted to all the personal computers XI03, Y104, etc., accessing the WWW server 102.
- the security software 123 generated by the quarantine protection server 106 is a multiplication type, which increases exponentially within the network 107 and moves around. Can be removed.
- the security software 118 generated by Taro's personal computer 105 is a non-proliferating type, it takes time to reach the entire network 107, but it is relatively slow to monitor and It is suitable for taking appropriate measures.
- the network 107 is a blood circulation system, and the message 117 normally circulates there as blood.
- Server 102 is the heart that pumps blood.
- the security software 118 and the security software 123 are immune cells that move with the flow of blood, and are transmitted and operated everywhere in the tissue, that is, all of the personal computers X103 and Y104. Eliminate intruders.
- the security software 118 generated by 105 is a macrophage and plays a complementary role in lymphocyte.
- the reliability of security software can be ensured. In other words, even if the security software 118 has been tampered with anywhere on the network 107, it will not continue to operate. No. This is because the validity of the digital signature 119 is always checked at the destination Gompyu evening. If this is compared to the human body, if the immunity cells (security software 118) go wrong, the immunity system (fixed security module 108) residing at the destination recognizes and kills them. Further, the security message 120 corresponds to an interleukin which is a communication signal between the immune systems, and the immune system (the fixed security module 108) recognizes and ignores the alteration even if the quality is altered (step 110). 309).
- the security software 125 registers the security message 125 containing the word “suppression” in the WWW server 102, and operates the security software. A signal to stop the operation can be transmitted to personal computer A. If we compare this to the human body, a security message containing "suppression” is equivalent to the interleukin secreted by sub-lesser T cells. Similarly, a security message that includes "enhancement” corresponds to a bite-a-mouth drink secreted by helper T cells.
- the security software that has been executed is retained in the inactive list 112 for a certain period of time (step 411). It is possible to maintain a state in which countermeasures can be taken immediately by receiving the “promotion” security message. This is equivalent to the action of immune cells in the human body.
- the computer virus can be sterilized through the place where the security software exists.
- this is an epidemic prevention function.
- it corresponds to the function of activating immune cells that have special functions for each organ such as the lungs and gastrointestinal tract, which are entry points from outside the body.
Description
Claims
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP53421497A JP3848684B2 (ja) | 1996-03-22 | 1996-03-22 | コンピュータネットワークシステムの管理方法,および,コンピュータネットワークシステムに用いるコンピュータ |
EP96906924A EP0893769A4 (en) | 1996-03-22 | 1996-03-22 | METHOD FOR MANAGING COMPUTER NETWORK AND CORRESPONDING DEVICE |
US09/155,153 US6311277B1 (en) | 1996-03-22 | 1996-03-22 | Method and device for managing computer network |
AU50147/96A AU5014796A (en) | 1996-03-22 | 1996-03-22 | Method and device for managing computer network |
PCT/JP1996/000754 WO1997036246A1 (fr) | 1996-03-22 | 1996-03-22 | Procede de gestion de reseau informatique et dispositif correspondant |
US09/897,400 US7139759B2 (en) | 1996-03-22 | 2001-07-03 | Method and a device for managing a computer network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP1996/000754 WO1997036246A1 (fr) | 1996-03-22 | 1996-03-22 | Procede de gestion de reseau informatique et dispositif correspondant |
Related Child Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09155153 A-371-Of-International | 1996-03-22 | ||
US09/155,153 A-371-Of-International US6311277B1 (en) | 1996-03-22 | 1996-03-22 | Method and device for managing computer network |
US09/897,400 Continuation US7139759B2 (en) | 1996-03-22 | 2001-07-03 | Method and a device for managing a computer network |
Publications (1)
Publication Number | Publication Date |
---|---|
WO1997036246A1 true WO1997036246A1 (fr) | 1997-10-02 |
Family
ID=14153098
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP1996/000754 WO1997036246A1 (fr) | 1996-03-22 | 1996-03-22 | Procede de gestion de reseau informatique et dispositif correspondant |
Country Status (5)
Country | Link |
---|---|
US (2) | US6311277B1 (ja) |
EP (1) | EP0893769A4 (ja) |
JP (1) | JP3848684B2 (ja) |
AU (1) | AU5014796A (ja) |
WO (1) | WO1997036246A1 (ja) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004520636A (ja) * | 1999-12-31 | 2004-07-08 | インカインターネット カンパニー リミテッド | オンライン上での有害情報遮断システム及び方法、並びにそのためのコンピュータで読出し可能な記録媒体 |
JP2006031718A (ja) * | 2004-07-21 | 2006-02-02 | Microsoft Corp | ワームの封じ込め |
JP2008146660A (ja) * | 2001-03-13 | 2008-06-26 | Fujitsu Ltd | フィルタリング装置、フィルタリング方法およびこの方法をコンピュータに実行させるプログラム |
Families Citing this family (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
AU5014796A (en) * | 1996-03-22 | 1997-10-17 | Hitachi Limited | Method and device for managing computer network |
US7117358B2 (en) * | 1997-07-24 | 2006-10-03 | Tumbleweed Communications Corp. | Method and system for filtering communication |
US7389413B2 (en) | 1998-07-23 | 2008-06-17 | Tumbleweed Communications Corp. | Method and system for filtering communication |
US7711714B2 (en) * | 1998-09-22 | 2010-05-04 | Hitachi, Ltd. | Method and a device for sterilizing downloaded files |
US6643686B1 (en) * | 1998-12-18 | 2003-11-04 | At&T Corp. | System and method for counteracting message filtering |
US6851057B1 (en) * | 1999-11-30 | 2005-02-01 | Symantec Corporation | Data driven detection of viruses |
US7080408B1 (en) | 2001-11-30 | 2006-07-18 | Mcafee, Inc. | Delayed-delivery quarantining of network communications having suspicious contents |
US7328241B2 (en) * | 2002-01-04 | 2008-02-05 | International Business Machines Corporation | Dynamic visualization of electronic mail propagation |
US7409717B1 (en) * | 2002-05-23 | 2008-08-05 | Symantec Corporation | Metamorphic computer virus detection |
US20040064722A1 (en) * | 2002-10-01 | 2004-04-01 | Dinesh Neelay | System and method for propagating patches to address vulnerabilities in computers |
US20040093514A1 (en) * | 2002-11-08 | 2004-05-13 | International Business Machines Corporation | Method for automatically isolating worm and hacker attacks within a local area network |
CA2464992A1 (en) * | 2004-04-20 | 2005-10-20 | Ibm Canada Limited - Ibm Canada Limitee | Deploying multiple e-commerce systems in a single computing platform |
US7765593B1 (en) * | 2004-06-24 | 2010-07-27 | Mcafee, Inc. | Rule set-based system and method for advanced virus protection |
US7917955B1 (en) * | 2005-01-14 | 2011-03-29 | Mcafee, Inc. | System, method and computer program product for context-driven behavioral heuristics |
US8539581B2 (en) * | 2006-04-27 | 2013-09-17 | The Invention Science Fund I, Llc | Efficient distribution of a malware countermeasure |
US8863285B2 (en) * | 2006-04-27 | 2014-10-14 | The Invention Science Fund I, Llc | Virus immunization using prioritized routing |
US8191145B2 (en) * | 2006-04-27 | 2012-05-29 | The Invention Science Fund I, Llc | Virus immunization using prioritized routing |
US9258327B2 (en) | 2006-04-27 | 2016-02-09 | Invention Science Fund I, Llc | Multi-network virus immunization |
US7934260B2 (en) * | 2006-04-27 | 2011-04-26 | The Invention Science Fund I, Llc | Virus immunization using entity-sponsored bypass network |
US7917956B2 (en) * | 2006-04-27 | 2011-03-29 | The Invention Science Fund I, Llc | Multi-network virus immunization |
US8151353B2 (en) * | 2006-04-27 | 2012-04-03 | The Invention Science Fund I, Llc | Multi-network virus immunization with trust aspects |
US8966630B2 (en) * | 2006-04-27 | 2015-02-24 | The Invention Science Fund I, Llc | Generating and distributing a malware countermeasure |
US7849508B2 (en) * | 2006-04-27 | 2010-12-07 | The Invention Science Fund I, Llc | Virus immunization using entity-sponsored bypass network |
US9417893B2 (en) | 2013-11-20 | 2016-08-16 | International Business Machines Corporation | Triggered controlled event listener learner |
US9978088B2 (en) | 2015-05-08 | 2018-05-22 | Hand Held Products, Inc. | Application independent DEX/UCS interface |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH07281980A (ja) * | 1994-04-08 | 1995-10-27 | Hitachi Ltd | ウイルス感染プロテクト方法 |
JPH0863352A (ja) * | 1994-08-25 | 1996-03-08 | Hitachi Software Eng Co Ltd | ウィルスチェックシステム |
Family Cites Families (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5577209A (en) * | 1991-07-11 | 1996-11-19 | Itt Corporation | Apparatus and method for providing multi-level security for communication among computers and terminals on a network |
US5440723A (en) * | 1993-01-19 | 1995-08-08 | International Business Machines Corporation | Automatic immune system for computers and computer networks |
US5369707A (en) * | 1993-01-27 | 1994-11-29 | Tecsec Incorporated | Secure network method and apparatus |
US5724425A (en) * | 1994-06-10 | 1998-03-03 | Sun Microsystems, Inc. | Method and apparatus for enhancing software security and distributing software |
US5708709A (en) * | 1995-12-08 | 1998-01-13 | Sun Microsystems, Inc. | System and method for managing try-and-buy usage of application programs |
AU5014796A (en) * | 1996-03-22 | 1997-10-17 | Hitachi Limited | Method and device for managing computer network |
GB9608696D0 (en) * | 1996-04-26 | 1996-07-03 | Europ Computer Ind Res | Electronic copy protection mechanism |
US6263442B1 (en) * | 1996-05-30 | 2001-07-17 | Sun Microsystems, Inc. | System and method for securing a program's execution in a network environment |
US5832228A (en) * | 1996-07-30 | 1998-11-03 | Itt Industries, Inc. | System and method for providing multi-level security in computer devices utilized with non-secure networks |
GB2318486B (en) * | 1996-10-16 | 2001-03-28 | Ibm | Data communications system |
US6154844A (en) * | 1996-11-08 | 2000-11-28 | Finjan Software, Ltd. | System and method for attaching a downloadable security profile to a downloadable |
US6167520A (en) * | 1996-11-08 | 2000-12-26 | Finjan Software, Inc. | System and method for protecting a client during runtime from hostile downloadables |
US6148401A (en) * | 1997-02-05 | 2000-11-14 | At&T Corp. | System and method for providing assurance to a host that a piece of software possesses a particular property |
US6108420A (en) * | 1997-04-10 | 2000-08-22 | Channelware Inc. | Method and system for networked installation of uniquely customized, authenticable, and traceable software application |
US6381698B1 (en) * | 1997-05-21 | 2002-04-30 | At&T Corp | System and method for providing assurance to a host that a piece of software possesses a particular property |
US6175924B1 (en) * | 1997-06-20 | 2001-01-16 | International Business Machines Corp. | Method and apparatus for protecting application data in secure storage areas |
US6195794B1 (en) * | 1997-08-12 | 2001-02-27 | International Business Machines Corporation | Method and apparatus for distributing templates in a component system |
US5978579A (en) * | 1997-08-12 | 1999-11-02 | International Business Machines Corporation | Architecture for customizable component system |
US6263362B1 (en) * | 1998-09-01 | 2001-07-17 | Bigfix, Inc. | Inspector for computed relevance messaging |
US6272469B1 (en) * | 1998-11-25 | 2001-08-07 | Ge Medical Systems Global Technology Company, Llc | Imaging system protocol handling method and apparatus |
-
1996
- 1996-03-22 AU AU50147/96A patent/AU5014796A/en not_active Abandoned
- 1996-03-22 US US09/155,153 patent/US6311277B1/en not_active Expired - Lifetime
- 1996-03-22 WO PCT/JP1996/000754 patent/WO1997036246A1/ja active Application Filing
- 1996-03-22 JP JP53421497A patent/JP3848684B2/ja not_active Expired - Lifetime
- 1996-03-22 EP EP96906924A patent/EP0893769A4/en not_active Withdrawn
-
2001
- 2001-07-03 US US09/897,400 patent/US7139759B2/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH07281980A (ja) * | 1994-04-08 | 1995-10-27 | Hitachi Ltd | ウイルス感染プロテクト方法 |
JPH0863352A (ja) * | 1994-08-25 | 1996-03-08 | Hitachi Software Eng Co Ltd | ウィルスチェックシステム |
Non-Patent Citations (2)
Title |
---|
ARTIFICIAL LIFE IV: PROCEEDINGS OF THE FOURTH INTERNATIONAL WORKSHOP ON THE SYNTHESIS AND SIMULATION OF LIVING SYSTEMS, 1994, MIT PRESS, JEFFREY O. KEPHART, "A Biologically Inspired Immune System for Computers", pages 130-139. * |
PROCEEDINGS OF THE INTERNATIONAL JOINT CONFERENCE ON ARTIFICIAL INTELLIGENCE 14TH, Vol. 1, 1995, JEFFERY O. KEPHART, "Biologically Inspired Defenses Against Computer Viruses", pages 985-996. * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
USRE42196E1 (en) | 1999-03-07 | 2011-03-01 | Inca Internet Co., Ltd. | System and method for blocking harmful information online, and computer readable medium therefor |
JP2004520636A (ja) * | 1999-12-31 | 2004-07-08 | インカインターネット カンパニー リミテッド | オンライン上での有害情報遮断システム及び方法、並びにそのためのコンピュータで読出し可能な記録媒体 |
JP2012069143A (ja) * | 1999-12-31 | 2012-04-05 | Inca Internet Co Ltd | オンライン上での有害情報を遮断するためのシステム及び方法 |
JP2012234579A (ja) * | 1999-12-31 | 2012-11-29 | Inca Internet Co Ltd | オンライン上での有害情報を遮断するためのシステム及び方法 |
JP2008146660A (ja) * | 2001-03-13 | 2008-06-26 | Fujitsu Ltd | フィルタリング装置、フィルタリング方法およびこの方法をコンピュータに実行させるプログラム |
JP2006031718A (ja) * | 2004-07-21 | 2006-02-02 | Microsoft Corp | ワームの封じ込め |
Also Published As
Publication number | Publication date |
---|---|
EP0893769A1 (en) | 1999-01-27 |
US20020016928A1 (en) | 2002-02-07 |
EP0893769A4 (en) | 2005-06-29 |
US7139759B2 (en) | 2006-11-21 |
JP3848684B2 (ja) | 2006-11-22 |
US6311277B1 (en) | 2001-10-30 |
AU5014796A (en) | 1997-10-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO1997036246A1 (fr) | Procede de gestion de reseau informatique et dispositif correspondant | |
US11947674B2 (en) | Systems and methods for providing security services during power management mode | |
TWI362196B (en) | Network isolation techniques suitable for virus protection | |
US7711714B2 (en) | Method and a device for sterilizing downloaded files | |
US10057284B2 (en) | Security threat detection | |
CN1291568C (zh) | 用于保护服务器场免受入侵的方法以及服务器场 | |
CN1783879B (zh) | 当网络通信受限时使虚拟网络中的网络设备能够通信 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AU CN JP KR SG US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 1996906924 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 09155153 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 1996906924 Country of ref document: EP |