Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2007-12-11
2007-12-11
Moise, Emmanuel L. (Department: 2137)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C726S025000, C709S224000
Reexamination Certificate
active
10442008
ABSTRACT:
A method of progressive response for invoking and suspending blocking measures that defend against network anomalies such as malicious network traffic so that false positives and false negatives are minimized. When an anomaly is detected, the detector notifies protective equipment such as a firewall or a router to invoke a blocking measure. The blocking measure is maintained for an initial duration, after which it is suspended while another test for the anomaly is made. If the anomaly is no longer evident, the method returns to the state of readiness. Otherwise, a loop is executed to re-applying the blocking measure for a specified duration, then suspend the blocking measure and test again for the anomaly. If the anomaly is detected, the blocking measure is re-applied, and its duration is adapted. If the anomaly is no longer detected, the method returns to the state of readiness.
REFERENCES:
patent: 5557742 (1996-09-01), Smaha et al.
patent: 5621889 (1997-04-01), Lermuzeaux et al.
patent: 5991881 (1999-11-01), Conklin et al.
patent: 6282546 (2001-08-01), Gleichauf et al.
patent: 6301668 (2001-10-01), Gleichauf et al.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6405318 (2002-06-01), Rowland
patent: 6460141 (2002-10-01), Olden
patent: 6477651 (2002-11-01), Teal
patent: 6487666 (2002-11-01), Shanklin et al.
patent: 6530024 (2003-03-01), Proctor
patent: 6647400 (2003-11-01), Moran
patent: 6704874 (2004-03-01), Porras et al.
patent: 6775657 (2004-08-01), Baker
patent: 7017186 (2006-03-01), Day
patent: 2002/0087882 (2002-07-01), Schneier et al.
patent: 2002/0101819 (2002-08-01), Goldstone
patent: 2003/0009699 (2003-01-01), Gupta et al.
patent: 2003/0043853 (2003-03-01), Doyle et al.
patent: 2003/0105976 (2003-06-01), Copeland, III
patent: 2003/0154399 (2003-08-01), Zuk et al.
patent: 2003/0188189 (2003-10-01), Desai et al.
patent: 2003/0236992 (2003-12-01), Yami
patent: 2004/0010718 (2004-01-01), Porras et al.
patent: 2004/0098623 (2004-05-01), Scheidell
patent: 2004/0117658 (2004-06-01), Klaes
patent: 2004/0205360 (2004-10-01), Norton et al.
patent: 2005/0044406 (2005-02-01), Stute
patent: 2006/0117386 (2006-06-01), Gupta et al.
patent: 2001057554 (2001-02-01), None
patent: 2002252654 (2002-09-01), None
patent: WO 0116708 (2001-03-01), None
patent: WO0225402 (2002-03-01), None
Raeth, P. et al. “Finding Events Automatically in Continuously Sampled Data Streams via Anomaly Detection”, IEEE National Aerospace and Electronics conference (NAECON) Oct. 2000, pp. 580-587.
Danford Robert William
Farmer Kenneth M.
Jeffries Clark Debs
Sisk Robert B.
Walter Michael A.
Davis Zachary A.
Irvin David R.
Moise Emmanuel L.
Pivnichny John R.
LandOfFree
Applying blocking measures progressively to malicious... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Applying blocking measures progressively to malicious..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Applying blocking measures progressively to malicious... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3854359