Security risks, including risks associated with harmful computer codes, continue to proliferate as computers become increasingly interconnected over networks, such as the Internet. Computer viruses, worms, and Trojan horses are examples of harmful computer codes that may be inserted into legitimate computer programs and subsequently executed on computers. Every time infected computer programs are executed, the viruses or worms may cause damage to the target system by destroying valuable information and/or further infecting and spreading to other machines on the network.
To complicate matters, some viruses have an ability to modify their constituent code making their identification and removal more difficult. Furthermore, new viruses may escape detection until they become widely known and recognized.
Trojan horses are similar to viruses, but do not replicate themselves. Trojan horses may remain undetected in a target computer and may be manipulated from a remote site to take control of the target computer. A critical component of viruses and Trojan horses is that they typically require help from unsuspecting computer users to successfully infect computers or corporate networks.
As many groups have discovered, connecting private networks to the Internet may have devastating consequences in the absence of adequate security mechanisms. One well-known security system that provides limited protection against intrusions from harmful computer codes is a network firewall system (“firewall”). A firewall is a system that restricts the flow of traffic between two networks based on pre-programmed access control policies. The firewall constantly scans incoming network traffic for known types of harmful computer codes. In these systems, an attack may be detected based on content of data passing through the firewall. The corrupted data may be isolated and processed accordingly. Current systems are deficient at least because they do not both detect harmful computer codes and prevent subsequent attacks. In other words, current systems may implement defensive measures to control an attack but do not take offensive measures to avert further attack. Other drawbacks exist.
Security mechanisms are also available for scanning incoming File Transfer Protocol (FTP) and HyperText Transport Protocol (HTTP) files sent from unknown sites, including monitoring source addresses to detect incoming data packets from sources that are known to be a threat and inspecting email messages for files attached thereto. Under existing implementations, target systems may be configured to scan data packets received from prior sources of harmful computer codes. However, prior sources of harmful computer codes may remain infected after an initial detection of an attack and therefore produce increased volumes of network traffic to the target network that includes the harmful computer codes. The increased traffic received from the attacking source may consume resources of the target network and may greatly reduce the availability of target system bandwidth. Various other drawbacks exist.
Furthermore, even if harmful computer codes are identified and cleansed by target systems, the threat of continuing attacks from prior sources of harmful computer codes remains. Prior attacking sources may possess an ability to send mutations of the originally sent harmful computer codes. The constant stream of network traffic attempting to repeatedly attack a target system consumes bandwidth and slows service availability to all users of the target system. Other drawbacks exist.
Other drawbacks exist with these and other known systems.