(1) Field of the Invention
The invention related to the field of security systems for computer networks.
(2) Description of Related Art
Computer networks today are as vulnerable as ever from unauthorized intrusions by external entities. The increased complexity and variety of computer systems in operation means that an even wider array of intrusive strategies is possible, in turn requiring ever more sophisticated protective mechanisms.
Although simultaneous attacks are often launched against entire networks, most existing security systems are focused at the level of the individual machine—ports are monitored for suspicious activity, incoming files are scanned for viruses, and user accounts are protected from unauthorized access. Network-level security is much harder to control—and it may take time for coordinated threats to be detected and counteracted. For example, a virus may have several days to spread and attack individual machines before public awareness of the threat emerges, and even then it may take several more days for security experts to create and disseminate a countermeasure. In the first few days of such an attack individual system operators may not realize that their systems' problems are not simply localized disturbances, but rather a network-level problem, and it is during this window of time that much of the damage is done both directly and indirectly by replication and propagation across the network(s).