Abstract: The present invention relates to a method and apparatus for combating web-based surreptitious binary installations. One embodiment of a method combating web-based surreptitious binary installations on a computing device includes intercepting a download of a file to a local file system of the computing device, storing the file in the local file system when the file is correlated with a user consent, and storing the file in a secure zone of the computing device when the file is not correlated with a user consent, wherein files stored in the secure zone cannot be executed or propagated.

Abstract: In one embodiment, the present invention is a method and apparatus for identifying wireless transmitters. In one embodiment, a method for identifying a transmitter in a wireless computing network includes extracting one or more radio frequency signal characteristics from a communication from the transmitter and generating a fingerprint of the transmitter in accordance at least one of the extracted radio frequency signal characteristics.

Abstract: In one embodiment, the present invention is a method and apparatus for wireless network security. In one embodiment, a method for securing a wireless computing network includes receiving a communication from an unidentified transmitter, identifying the transmitter in accordance with a fingerprint generated from one or more radio frequency signal characteristics extracted from the communication, and taking action in response to an identity of the transmitter.

Abstract: A method and apparatus are provided for combating malicious code. In one embodiment, a method for combating malicious code in a network includes implementing a resource-limiting technique to slow a propagation of the malicious code and implementing a leap-ahead technique in parallel with the resource-limiting technique to defend against the malicious code reaching a full saturation potential in the network.

Abstract: A method and apparatus are provided for performing real-time correlation of data collected from biological sensors, including, but not limited to, sensors adapted to analyze biological material (e.g., blood or tissue samples) and environmental material (e.g., air or water samples). In one embodiment, a method for correlating biological data over a broad (geographic or demographic) domain includes receiving data relating to at least two samples of biological material, where the samples originate at two different regions of the broad domain. This data is then correlated to produce a domain-wide view of the biological data, thereby enabling the rapid identification of domain-wide medical emergencies. Moreover, this correlated information may be provided to lower-level correlation sources or to the biological sensors in order to increase the sensitivities of the correlation sources or biological sensors to emerging threats.

Abstract: A method includes, in a server, receiving parameters pertinent to host systems connected to a local area network and deploying a host-based intrusion detection system from the server to each of the host systems based on the received parameters.

Abstract: A method of network surveillance includes receiving network packets handled by a network entity and building at least one long-term and a least one short-term statistical profile from a measure of the network packets that monitors data transfers, errors, or network connections. A comparison of the statistical profiles is used to determine whether the difference between the statistical profiles indicates suspicious network activity.