1. Field of the Invention
The field of the invention relates to computer systems and computer networks, and more particularly, to systems and methods for detecting content of computer and network traffic.
2. Background of the Invention
The generation and spreading of computer viruses are major problems in computer systems and computer networks. A computer virus is a program that is capable of attaching to other programs or sets of computer instructions, replicating itself, and/or performing unsolicited or malicious actions on a computer system. Viruses may be embedded in email attachments, files downloaded from Internet, and macros in MS Office files. The damage that can be done by a computer virus may range from mild interference with a program, such as a display of unsolicited messages or graphics, to complete destruction of data on a user's hard drive or server.
To provide protection from viruses, most organizations have installed virus scanning software on computers in their network. However, these organizations may still be vulnerable to a virus attack until every host in their network has received updated anti-virus software. With new attacks reported almost weekly, organizations are constantly exposed to virus attacks, and spend significant resources ensuring that all hosts are constantly updated with new anti-virus information. In addition, anti-virus programs that operate at the application-level require enormous computing resources, making such anti-virus programs expensive to deploy and manage. For example, some existing anti-virus programs detect virus by extracting a signature using a fixed length of instruction stream, and then using the signature to detect virus. However, such method may require tremendous processing time, thereby preventing network content from being efficiently passed to an end user.
Accordingly, improved systems and methods for detecting content of computer and network traffic would be useful.