Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2005-11-07
2009-08-04
Revak, Christopher A (Department: 2431)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
Reexamination Certificate
active
07571478
ABSTRACT:
A real-time approach for detecting aberrant modes of system behavior induced by abnormal and unauthorized system activities that are indicative of an intrusive, undesired access of the system. This detection methodology is based on behavioral information obtained from a suitably instrumented computer program as it is executing. The theoretical foundation for the present invention is founded on a study of the internal behavior of the software system. As a software system is executing, it expresses a set of its many functionalities as sequential events. Each of these functionalities has a characteristic set of modules that is executed to implement the functionality. These module sets execute with clearly defined and measurable execution profiles, which change as the executed functionalities change. Over time, the normal behavior of the system will be defined by the boundary of the profiles. An attempt to violate the security of the system will result in behavior that is outside the normal activity of the system and thus result in a perturbation of the system in a manner outside the scope of the normal profiles. Such violations are detected by an analysis and comparison of the profiles generated from an instrumented software system against a set of known intrusion profiles and a varying criterion level of potential new intrusion events.
REFERENCES:
patent: 5675711 (1997-10-01), Kephart et al.
patent: 5907834 (1999-05-01), Kephart et al.
patent: 5991881 (1999-11-01), Conklin et al.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6347374 (2002-02-01), Drake et al.
patent: 6370648 (2002-04-01), Diep
patent: 6405318 (2002-06-01), Rowland
patent: 6681331 (2004-01-01), Munson et al.
patent: 6963983 (2005-11-01), Munson et al.
patent: 7096499 (2006-08-01), Munson
patent: 7185367 (2007-02-01), Munson
Frank, “Artificial Intelligence and Intrusion Detection: Current and Future Direction”, Jun. 9, 1994, Division of Computer Science, University of California at Davis, p. 1-12.
“Real-Time Attack Recognition and Response: A Solution for Tightening Network Security”, 1997, Internet Security Systems, p. 1-1.
Lankewicz et al, “Real-Time Anomaly Detection Using a Nonparametric Pattern Recognition Approach”, 1991, IEEE, p. 80-89.
Cannady, “Artificial Neural Networks for Misuse Detection”, Oct. 1998, School of Computer and Information Sciences Nova Southeastern University, p. 1-14.
Cannady et al, “The Application of Artificial Neural Networks to Misuse Detection: Initial Results”, Mar. 10, 1997, Georgia Tech Research Institute Georgia Institute of Technology, p. 1-13.
Herringshaw, “Detecting Attacks on Networks”, Dec. 1997, Industry Trends, p. 16-17.
Mukherjee et al, “Network Intrusion Detection”, May/Jun. 1994, IEEE Network, p. 26-41.
Lane et al, “Sequence Matching and Learning in Anomaly Detection for Computer Security”, 1997, School of Electrical and Computer Engineering Purdue University, p. 1-7.
Elbaum Sebastian G.
Munson John C.
Judson David H.
Reflex Security, Inc.
Revak Christopher A
LandOfFree
Method of and system for detecting an anomalous operation of... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method of and system for detecting an anomalous operation of..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method of and system for detecting an anomalous operation of... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4106507