Apparatus method and medium for detecting payload anomaly...

Multiplex communications – Communication techniques for information carried in plural... – Assembly or disassembly of messages having address headers

Reexamination Certificate

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C726S013000

Reexamination Certificate

active

07639714

ABSTRACT:
A method, apparatus and medium are provided for detecting anomalous payloads transmitted through a network. The system receives payloads within the network and determines a length for data contained in each payload. A statistical distribution is generated for data contained in each payload received within the network, and compared to a selected model distribution representative of normal payloads transmitted through the network. The model payload can be selected such that it has a predetermined length range that encompasses the length for data contained in the received payload. Anomalous payloads are then identified based on differences detected between the statistical distribution of received payloads and the model distribution. The system can also provide for automatic training and incremental updating of models.

REFERENCES:
patent: 5452442 (1995-09-01), Kephart
patent: 5761191 (1998-06-01), VanDervort et al.
patent: 5835888 (1998-11-01), Kanevsky et al.
patent: 6157905 (2000-12-01), Powell
patent: 6253337 (2001-06-01), Maloney et al.
patent: 6347374 (2002-02-01), Drake et al.
patent: 6587432 (2003-07-01), Putzolu et al.
patent: 6651099 (2003-11-01), Dietz et al.
patent: 6732149 (2004-05-01), Kephart
patent: 6785815 (2004-08-01), Serret-Avila et al.
patent: 6907430 (2005-06-01), Chong et al.
patent: 7023861 (2006-04-01), Makinson et al.
patent: 7031311 (2006-04-01), MeLampy et al.
patent: 7043759 (2006-05-01), Kaashoek et al.
patent: 7054930 (2006-05-01), Cheriton
patent: 7086089 (2006-08-01), Hrastar et al.
patent: 7181768 (2007-02-01), Ghosh et al.
patent: 7188173 (2007-03-01), Anderson et al.
patent: 7225468 (2007-05-01), Waisman et al.
patent: 7313100 (2007-12-01), Turner et al.
patent: 7331060 (2008-02-01), Ricciulli
patent: 7362707 (2008-04-01), MeLampy et al.
patent: 2002/0129140 (2002-09-01), Peled et al.
patent: 2002/0194490 (2002-12-01), Halperin et al.
patent: 2003/0014662 (2003-01-01), Gupta et al.
patent: 2004/0003284 (2004-01-01), Campbell et al.
patent: 2004/0024736 (2004-02-01), Sakamoto et al.
patent: 2004/0025044 (2004-02-01), Day
patent: 2004/0054498 (2004-03-01), Shipp
patent: 2004/0093513 (2004-05-01), Cantrell et al.
patent: 2004/0107361 (2004-06-01), Redan et al.
patent: 2004/0111632 (2004-06-01), Halperin
patent: 2005/0044208 (2005-02-01), Jones et al.
patent: 2005/0044406 (2005-02-01), Stute
patent: 2005/0265331 (2005-12-01), Stolfo
patent: 2006/0015630 (2006-01-01), Stolfo et al.
Fu et al., “On Countermeasures To Measures To Traffic Analysis Attacks”, Jun. 2003, ISBN:0-7803-7808-3, pp. 188-195.
Park et al., “Anomaly Detection Scheme Using Data Mining in Mobile Environment”, Jan. 1, 2003, ISBN 978-3-540-40121-2, pp. 978.
Stolfo et al. “Data Mining-Based Intrusion Detectors: An Overview of the Columbia IDS Project”, Sep. 9, 2001, ISSN 0163-5808, pp. 5-14.
Armstrong, D. et al. “Controller-Based Autonomic Defense System.” Proc. of DISCEX. (2003).
Damashek, M. “Gauging similarity with n-grams: language-independent categorization of text.” Science, 267(5199):843-848. (1995).
Forrest, S. et al. “A Sense of self for Unix Processes.” Proc. of IEEE Symposium on Computer Security and Privacy. (1996).
Ghosh, A. K. et al. “A study in using neural networks for anomaly and misuse detection.” Proc. 8th USENIX Security Symposium. (1999).
Heberlein, L. T.; Mukherjee, B.; Levitt, K. N.: Internet Security Monitor: An Intrusion Detection System for Large-Scale Networks, in Proc. of the 15th National Computer Security Conference, Baltimore, MD, Oct. 1992, 262-271.
Heberlein, Todd. “Worm Detection and Prevention: Concept, approach and experience.” Net Squared Inc. Report. (Aug. 14, 2002).
Javitz, H. S. and A. Valdes. “The NIDES statistical component: Description and justification.” Technical report, SRI International, Computer Science Laboratory. (1994).
Knuth, D. E. “The Art of Computer Programming, vol. 1 Fundamental Algorithms.” Addison-Wesley, 2nd edition. (1973).
Krugel, C. et al. “Service Specific Anomaly Detection for Network Instrusion Detection.” In Symposium on Applied Computing (SAC); Spain. (Mar. 2002).
Lee, W. and S. Stolfo. “A Framework for Constructing Features and Models for Instrusion Detection Systems.” ACM Transactions on Information and System Security, 3(4): 227-261. (Nov. 2000).
Lippmann, R. et al. “The 1999 DARPA Off-Line Intrusion Detection Evaluation.” Computer Networks, 34(4):579-595. (2000).
Mahoney, M. “Network Traffic Anomaly Detection Based on Packet Bytes.” Proc. ACM-SAC. (Feb. 3, 2003).
Mahoney, M. and P. K. Chan. “An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection.” RAID, pp. 220-237. (2003).
Mahoney, M. and P. K. Chan. “Learning Models of Network Traffic for Detecting Novel Attacks.” Florida Tech. Technical report, http://cs.fit.edu/tr/ (2002).
Mahoney, M. and P. K. Chan. “Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks.” Proc. SIGKDD, pp. 376-385. (2002).
Paxson, V. “Bro: A system for detecting network intruders in real-time.” USENIX Security Symposium. San Antonio, Texas. (1998).
Porras, P. and P. Neumann, “EMERALD: Event Monitoring Enabled Responses to Anomalous Live Disturbances.” National Information Systems Security Conference. (1997).
Roesch, M. “Snort: Lightweight intrusion detection for networks.” USENIX LISA Conference. (1999).
Schultz, M. G. et al. “MEF: Malicious Email Filter—A UNIX Mail Filter that Detects Malicious Windows Executables.” USENIX Annual Technical Conference—FREENIX Track, Boston, MA. (Jun. 2001).
Sekar, R. et al. “Specification Based Anomaly Detection: A New Approach for Detecting Network Intrusions.” Proc ACM CCS. (2002).
Staniford, S. et al. “Practical Automated Detection of Stealthy Portscans.” Silicone Defense. (2000).
Staniford-Chen, Stuart and L. Todd Heberlein. “Holding Intruders Accountable on the Internet.” Department of Computer Science, University of California at Davis (1994).
Taylor, C. and J. Alves-Foss. “NATE—Network Analysis of Anomalous Traffic Events, A Low-Cost approach.” New Security Paradigms Workshop. (2001).
Vigna, G. and Kemmerer. “NetSTAT: A Network-based intrusion detection system.” Journal of Computer Security, 7:37-71. (1999).
International Search Report and the Written Opinion of the International Searching Authority, International Patent Application No. PCT/US04/37653, Mar. 21, 2006.
International Search Report and the Written Opinion of the International Searching Authority, International Patent Application No. PCT/US04/37654, Mar. 20, 2006.
International Search Report and the Written Opinion of the International Searching Authority, International Patent Application No. PCT/US04/37650, Mar. 30, 2006.

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Apparatus method and medium for detecting payload anomaly... does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Apparatus method and medium for detecting payload anomaly..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Apparatus method and medium for detecting payload anomaly... will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-4125042

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.