The present invention relates generally to intrusion prevention, computer worm filtering, and prevention of denial of service (DOS) attacks and more specifically it relates to a method and apparatus for accurate detection and automatic prevention of intrusions, filtering of computer worms, and prevention of DOS attacks.
History of Intrusion Detection and Computer Worms
In 1980, James P. Anderson published a study outlining ways to improve computer security auditing and surveillance at customer sites. The original idea behind automated Intrusion Detection (ID) is often credited to him.
Between 1984 and 1986, Dorothy Denning and Peter Neumann researched and developed the first model of real time Intrusion Detection System (IDS). The prototype was named Intrusion Detection Expert System (IDES).
The report published by James P Anderson and the work on IDES was the start of research on IDS throughout 1980s and 1990s.
A computer worm is a self-contained program (or set of programs) that is able to spread functional copies of itself or its segments to other computer systems (usually via network connections). Unlike viruses, worms do not need to attach themselves to a host program.
The first ever program that could be called a worm, as per definition, was developed for the assistance of air traffic controllers by Bob Thomas in 1971. This “worm” programmer would notify air traffic controllers when the controls of a plane moved from one computer to another. In fact, this worm named “creeper” would travel from one computer screen to the other on the network showing the message, “I'm creeper! Catch me if you can!” The difference from most worms was that this creeper did not reproduce itself.