Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2002-05-03
2009-10-13
Barron, Jr., Gilberto (Department: 2432)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
Reexamination Certificate
active
07603709
ABSTRACT:
In one embodiment of a method and apparatus for predicting and preventing network attacks, data is collected from network devices during an attack. The collected data is analyzed to identify specific temporal precursors of the attack. The future network activity is then monitored for the presence of the identified temporal attack precursors. When the presence of a precursor is detected, appropriate protective action is taken. Preferably, all steps in this process occur automatically. In the preferred embodiment, the process is performed under the control of one or more network or element management systems. The possible network domain includes data, voice, and video networks and multiple, interconnected network technologies. In one embodiment, triggers responsive to the presence of the identified precursors are placed into a network or element management system. The preferred embodiment of the invention utilizes machine-learning algorithms for discovering precursors of attacks, but any suitable algorithm may be used. The invention may be used in “attack autopsy” mode only, monitoring mode only, or both. Among other uses, the invention allows integration of Intrusion Detection Systems with Network Management Systems.
REFERENCES:
patent: 6370648 (2002-04-01), Diep
patent: 6647400 (2003-11-01), Moran
patent: 6839850 (2005-01-01), Campbell et al.
patent: 6886102 (2005-04-01), Lyle
patent: 7203962 (2007-04-01), Moran
patent: 7240368 (2007-07-01), Roesch et al.
patent: 2002/0120853 (2002-08-01), Tyree
patent: 2002/0166063 (2002-11-01), Lachman et al.
patent: 2003/0051026 (2003-03-01), Carter et al.
patent: 2007/0157315 (2007-07-01), Moran
K. Boudaoud, H. Labiod, R. Boutaba, and Z. Guessoum, “Network Security Management with Intelligent Agents,”Proceedings of NOMS, 2000, IEEE Publishing.
P. J. Criscuolo, “Distributed Denial of Service—Trin00, Tribe Flood Network, Tribe Flood Network 2000, and Stacheldraht,” Technical Report CIAC-2319, Feb. 2000, Department of Energy—CIAC (Computer Incident Advisory Capability).
Z. Fu, H. Huang, T. Wu, S. Wu, F. Gong, C. Xu, and I. Baldine, “ISCP: Design and Implementation of an Inter-Domain Security Management Agent (SMA) Coordination Protocol,”Proceedings of NOMS, 2000, IEEE Publishing.
C.W.J. Granger, “Investigating causal relations by econometric models and crossspectral methods,”Econometrica, 1969, 424-438, vol. 43.
J. Hamilton,Time Series Analysis, 1994, Princeton University Press.
K. Kendall, “A database of computer attacks for the evaluation of intrusion detection systems,” Master's thesis, Jun. 1999, Massachusetts Institute of Technology.
W. Lee, S. J. Stolfo, and K. W. Mok, A data mining framework for building intrusion detection models,Proceedings of the IEEE Symposium on Security and Privacy, 1999.
R. K. Mehra, K. M. Nagpal, and R. K. Prasanth, “Deterministic-stochastic realization algorithms (DSRA)” Technical report, 1997, Scientific Systems Company, Inc.
B. Mukherjee, L. T. Heberlein, and K. N. Levitt, “Network intrusion detection”IEEE Network, May 1994, pp. 26-41, vol. 8(3).
P. Van Overschee and B. De Moor,Subspace Identification for Linear Systems, 1996, Kluwer Academic Publishers, Norwell, MA.
Science and Technology Section, Internet Security—Anatomy of an Attack,The Economist, Feb. 19, 2000, pp. 80-81.
W. R. Stevens,TCP/IP Illustrated, vol. 1: The Protocols, 1994, Addison-Wesley.
M. Subramanian,Network Management—Principles and Practice, 2000, Addison-Wesley.
M. Thottan and C. Ji, “Proactive anomaly detection using distributed agents,”IEEE Network, Sep. 1998, pp. 21-27.
R. Agrawal, T. Imielinski, and A. Swami, “Database Mining: A Performance Perspective, ”IEEE Transactions on Knowledge and Data Engineering, Dec. 1993 pp. 914-925, vol. 5(6).
J. Allen, A. Christie, W. Fithen, J. McHugh, J. Pickel, and E. Stoner, “State of the Practice of Intrusion Detection Technologies,” Technical Report CMU/SEI-99-TR-028, Jan. 2000, Carnegie Mellon University—Software Engineering Institute.
E. Amoroso,Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Traps, Trace Back and Response, First edition, 1999, Intrusion.Net Books.
S. Axelsson, “The base-rate fallacy and its implications for the difficulty of intrusion detection,”Proceedings of the 6th ACM Conference on Computer and Communications Security, Nov. 1999, Singapore.
G. Casella and R. L. Berger,Statistical Inference, 1990, Duxbury Press, Belmont, CA.
G. Das, K.-I. Lin, H. Mannila, G. Renganathan, and P. Smyth, “Rule discovery from time series,”Proceedings of the 4th International Conference on Knowledge Discovery and Data Mining, 1998, pp. 16-22.
D. Denning, “An intrusion detection model,”IEEE Transactions on Software Engineering, Feb. 1987, pp. 222-232, vol. 13(2).
S. Kent, “On the trail of intrusions into information systems,”IEEE Spectrum, pp. 52-56, Dec. 2000.
H. Mannila, H. Toivonen, and A. I. Verkamo, “Discovery of frequent episodes in event sequences,”Data Mining and Knowledge Discovery, 1997, pp. 259-289, vol. 1(3).
S. Northcutt,Network Intrusion Detection—An Analyst's Handbook, 1999, New Riders Publishing.
D. Schnackenberg, K. Djahandari, and D. Sterne, “Infrastructure for intrusion detection and response,”Proceedings of DARPA Information Survivability Conference and Exposition, Jan. 2000, Hilton Head Island, SC.
F. B. Schneider, ed.,Trust in Cyberspace, 1998, National Academy Press.
B. Schneier,Secrets and Lies: Digital Security in a Networked World, 2000, Wiley.
H. Chang, R. Narayan, S. Wu, B. Vetter, X. Wang, M. Brown, J. Yuill, C. Sarger,J. Jou, and F. Gong, “Decid UouS: Decentralized Source Identification for Network-Based Intrusions,”Integrated Network Management, 1999, vol. 6, IEEE Publishing.
J. Geweke, R. Meeses, and W. Dent, “Comparing alternative tests of causality in temporal systems—analytic results and experimental evidence,”Journal of Econometrics, 1983, pp. 161-194, vol. 21.
J. E. Gaffney, Jr. and J. W. Ulvila, “Evaluation of Intrusion Detectors: a Decision Theory Approach,”Proceedings of the IEEE Symposium on Security and Privacy, May 2001.
Allen, et al. “State of the Practice of Intrusion Detection Technologies.” Technical Report CMU/SEI-99-TR-028.
Amoroso, Edward.Intrusion Detection: An Introduction to Internet Surveillance. Correlation, Trace Back, Traps, and Response. First Edition, Intrusion.Net Books, 1999, pp. 1-218.
Boudaoud, et al. “Network Security Management with Intelligent Agents.”Proceedings of NOMS, IEEE Publishing, 2000, pp. 579-592.
Chang, et al. DecIdUouS: Decentralized Source Identification for Network-Based Intrusions. Integrated Network Management, IEEE Publishing, 1999, vol. 6, pp. 701-714.
Denning, D. “An Intrusion-Detection Model.” IEEE Transactions on Software Engineering, Feb. 1987, vol. SE-13, No. 2, pp. 222-232.
Huang, et al. ISCP: Design and Implementation of An Inter-Domain Security Management Agent (SMA) Coordination Protocol.Proceedings of NOMS, 2000, IEEE Publishing, pp. 565-578.
Mukherjee, et al. “Network Intrusion Dection: Intrusion Detection is a new, retrofit approach for providing a sense of security in existing computers and data networks, while allowing them to operate in their current “open” mode.” IEEE Network, May 1994, vol. 8(3)26-41.
Schnackenberg, et al. “Infrastructure for Intrusion Detection and Response.”Proceedings of DARPA Information Survivability Conference and Exposition. Jan. 2000, Hilton Head Island, SC, pp. 3-11.
M. Evans, N. Hastings, and B. Peacock,Statistical Distributions, Second Edition, 1993, John Wiley and Sons, Inc., New York.
Trust in Cyberspace, National Academy Press, 1999.
Cabrera Joao B. D.
Lewis Lundy M.
Mehra Raman K.
Barron Jr. Gilberto
Computer Associates Think Inc.
Nobahar Abdulhakim
Pillsbury Winthrop Shaw & Pittman LLP
LandOfFree
Method and apparatus for predicting and preventing attacks... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for predicting and preventing attacks..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for predicting and preventing attacks... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4143120