Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2007-04-10
2007-04-10
Moazzami, Nasser (Department: 2136)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C726S025000
Reexamination Certificate
active
09654347
ABSTRACT:
A system and method are disclosed for detecting intrusions in a host system on a network. The intrusion detection system comprises an analysis engine configured to use continuations and apply forward- and backward-chaining using rules. Also provided are sensors, which communicate with the analysis engine using a meta-protocol in which the data packet comprises a 4-tuple. A configuration discovery mechanism locates host system files and communicates the locations to the analysis engine. A file processing mechanism matches contents of a deleted file to a directory or filename, and a directory processing mechanism extracts deallocated directory entries from a directory, creating a partial ordering of the entries. A signature checking mechanism computes the signature of a file and compares it to previously computed signatures. A buffer overflow attack detector compares access times of commands and their associated files. The intrusion detection system further includes a mechanism for checking timestamps to identify and analyze forward and backward time steps in a log file.
REFERENCES:
patent: 5471631 (1995-11-01), Beardsley et al.
patent: 5533123 (1996-07-01), Force et al.
patent: 5574898 (1996-11-01), Leblang et al.
patent: 5621889 (1997-04-01), Lermuzeaux et al.
patent: 5638509 (1997-06-01), Dunphy et al.
patent: 5649194 (1997-07-01), Miller et al.
patent: 5680585 (1997-10-01), Bruell
patent: 5724569 (1998-03-01), Andres
patent: 5757913 (1998-05-01), Bellare et al.
patent: 5778070 (1998-07-01), Mattison
patent: 5796942 (1998-08-01), Esbensen
patent: 5844986 (1998-12-01), Davis
patent: 5978791 (1999-11-01), Farber et al.
patent: 6170063 (2001-01-01), Golding
patent: 6321338 (2001-11-01), Porras et al.
patent: 6484203 (2002-11-01), Porras et al.
patent: 6704874 (2004-03-01), Porras et al.
patent: 6708212 (2004-03-01), Porras et al.
patent: 6711615 (2004-03-01), Porras et al.
Roebuck, T., “Time Stamps and Timing in Audit-Based Digital Forensic Systems Examination”, 2001, entire document, http://admin.usask.ca/˜roebuck/time.HTML.
Rebecca Bace, Introduction to Intrusion Detection Assesment, no date, for System and Network Security Management.
Gene H. Kim and Eugene H. Spafford, Writing, Supporting and Evaluating Tripware: A Publically Available Security Tool, Mar. 12, 1994, Purdue Technical Report; Purdue University.
Douglas B. Moran et al., Derbi: Diagnosis, Explanation and Recovery From Break-Ins, no date, Artificial Intelligence Center SRI International.
Mabry Tyson, Ph.D., Explaining and Recovering From Computer Break-Ins, Jan. 12, 2001, SRI International.
Aleph One, Smashing the Stack for Fun and Profit, no date, vol. Seven, Issue Forty-Nine; File 14 of 16 of BugTraq, r00t, and Underground. Org.
Donald C. Latham, Department of Defense Trusted Computer System Evaluation Criteria, Dec. 1985, Department of Defense Standard.
James P. Anderson Co., Computer Security Threat Monitoring and Surveillance, Feb. 26, 1980, Contract 79F296400.
Teresa F. Hunt et al., A Real-Time Intrusion-Detection Expert System (IDES), Feb. 28, 1992, SRI International Project 6784.
Robert Durst, Terrence Champion, Brian Witten, Eric Miller, and Luigi Spagnuolo,Testing and evaluating computer intrusion detection systems. Jul. 1999 Communications of the ACM, at http://www.acm.org/pubs/contents/journals/cacm/1999-42-7/p53-durst/p53-durst.pdf.
Andrew H. Gross,Analysing Computer Intrusions, Ph.D. thesis, Electrical and Computer Engineering (Communication Theory and Systems), San Diego Supercomputer Center, University of California, San Diego, 1997.
Robert W. Baldwin,Rule-Based Analysis of Computer Security, Massachusetts Institute of Technology, Jun. 1987.
Dan Zerkle and Karl Levitt,NetKuang—A Multi-Host Configuration Vulnerability Checker, Proceedings of the Sixth USENIX Security Symposium, San Jose, CA, Jul. 1996.
Dan Farmer and Eugene H. Spafford;The COPS Security Checker System, Proceedings of the Summer 1990 USENIX Conference, Anaheim, CA: pp. 165-170. Jun. 1990; Coast TR 94-01; Jun. 1990. http://www.cerias.purdue.edu/homes/spaf/tech-reps993.ps.
Internet Security Systems;Comparison between Internet Security Scanner(ISS)1.x and Internet Scanner 3.2, 1996. http://www.iss.net.
Internet Security Systems;Technical Specifications for Internet Scanner Version 3.0. [This document is undated—it is believed to be 1996 or earlier based on Item F which is version 3.2 of this document].
Samuel J. Leffler, Marshall Kirk McKusick, Michael J. Kaarels, and John S. Quarterman,The Design and Implementation of the 4.3 BSD UNIX Operating System, Addison-Wesley, 1989 Chapter 7 “The Filesystem”.
Phillip A. Porras and Peter G. Neumann, Emerald: Event Monitoring Enabling Responses to Anomalous Live Disturbances, 1997 National Information Systems Security Conference.
Lawrence Halme, Teresa Lunt, and J. Van Horne,Automated Analysis of Computer System Audit Trials for Security Purposes. Proceedings of the National Computer Security Conference, Washington, D.C., 1986.
Teresa Lunt,Automated Audit Trail Analysis and Intrusion Detection: A Survey. Proceedings of the Eleventh National Computer Security Conference, Washington, D.C., Oct. 1988.
Teresa F. Lunt, Ann Tamaru, Fred Gilham, R. Jagannathan, Peter G. Neumann, Caveh Jalali,IDES: A Progress Report. Proceedings of the Sixth Annual Computer Security Applications Conference, Tucson, AZ, Dec. 1990.
David R. Safford, Douglas Lee Schales and David K. Hess,The TAMU Security Package: An ongoing Response to Internet Intruders in an Academic Environment. Proceedings of the Fourth USENIX Security Symposium, Oct. 1993, Santa Clara, CA.
Karen L. Myers,A procedural knowledge approach to task-level control, in Proceedings of the Third International Conference on AI Planning Systems, AAAI Press, 1996.
Michael P. Georgeff, Francois Felix Ingrand,Real-Time Reasoning: The Monitoring and Control of Spacecraft Systems, in Proceedings of the Sixth IEEE Conference on Artificial Intelligence Applications, 1990.
Michael P. Georgeff, Francois Felix Ingrand,Decision-Making in an Embedded Reasoning System, in Proceedings of IJCAI89, Detroit, MI, 1989.
Michael P. Georgeff, Amy L. Lansky,Reactive reasoning and planning: an experiment with a mobile robot, in Proceedings of AAAI87, 1987.
Michael P. Georgeff, Amy L. Lansky,Procedural Knowledge, in Proceedings of the IEEE Special Issue on Knowledge Representation, vol. 74, pp. 1383-1398, 1986.
Michael P. Georgeff, Amy L. Lansky,A Procedural Logic, in Proceedings of IJCAI85, Los Angeles, CA, 1985.
Baum Ronald
Moazzami Nasser
Symantec Corporation
Van Pelt & Yi & James LLP
LandOfFree
System and method for using timestamps to detect attacks does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for using timestamps to detect attacks, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for using timestamps to detect attacks will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3801176