1. Field of the Invention
The present invention relates generally to communication networks and more particularly to an enhanced system for protecting communication networks from malware.
2. Description of the Related Art
Sophisticated attacks against computer systems are increasing dramatically. For example, aerospace and defense contractors are especially targeted by foreign entities. It is extremely difficult to guard a system against these attacks. Many attacks now utilize zero-day (unknown before hand) attack factors that are not recognized by virus scanners. Attacks often combine highly sophisticated social-engineering and custom exploits to induce victims to load malicious software. These custom exploits are not recognized by available anti-virus/anti-spyware systems. Subverted machines use standard mechanisms to leak information. Exploits use standard protocols (i.e. HTTP) to transmit information, with network traffic indistinguishable from legitimate traffic.
U.S. Publicn. No. 2005/0262558, entitled “ON-LINE CENTRALIZED AND LOCAL AUTHORIZATION OF EXECUTABLE FILES,” discloses a system and method for controlling the execution of executable files. The executables are identified by either a cryptographic digest or a digital certificate. The cryptographic digest is computed from the binary image of the executable. An executable that is attempting to execute is intercepted by a protection module that consults a database of stored rules over a secure channel to determine whether or not the executable can be identified as a permitted executable and whether or not it has permission to execute on a particular computer system under certain specified conditions. If a stored permission is available, it is used to control the execution. Otherwise, the user is consulted for permission.
U.S. Publicn. No. 2010/0077445, entitled “GRADUATED ENFORCEMENT OF RESTRICTIONS ACCORDING TO AN APPLICATION′S REPUTATION,” discloses security software on a client that observes a request for a resource from an application on the client and then determines the application's reputation. The application's reputation may be measured by a reputation score obtained from a remote reputation server. The security software determines an access policy from a graduated set of possible access policies for the application based on the application's reputation. The security software applies the access policy to the application's request for the resource. In this way, the reputation-based system uses a graduated trust scale and a policy enforcement mechanism that restricts or grants application functionality for resource interactivity along a graduated scale.