Automatic generation of policy-driven anti-malware signatures and mitigation of DoS (denial-of-service) attacks

摘要

A system and method for specification of a policy to trigger automatic signature generation, refinement, and confidence characterization is provided. The system monitors incoming payloads and identifies untrusted payloads based on specified characteristics of the process including process name, triggering action, prior actions and/or state and/or conditions. Signatures are automatically generated for untrusted payloads and stored. Additionally, the system enables denial-of-service (DoS) protection based on the number of signature-generation attempts that allows the server process to continue providing service on unaffected interfaces.