US Patent 11611570 Attack signature generation

A computer implemented method to generate a signature of a network attack for a network-connected computing system, the signature including rules for identifying the network attack, the method including generating, at a trusted secure computing device, a copy of data distributed across a network; the computing device identifying information about the network attack stored in the copy of the data; and the computing device generating the signature for the network attack based on the information about the network attack so as to subsequently identify the network attack occurring on a computer network.