Data processing: database and file management or data structures – Database and file access – Record – file – and data search and comparisons
Reexamination Certificate
2005-05-06
2011-10-25
Bétit, Jacob F (Department: 2169)
Data processing: database and file management or data structures
Database and file access
Record, file, and data search and comparisons
C707S781000, C707S952000, C726S023000
Reexamination Certificate
active
08046374
ABSTRACT:
A database intrusion detection system (DIDS) automatically trains itself to account for changes to the database. The DIDS monitors upstream queries sent to the database and downstream data provided in response to the queries. The DIDS classifies an upstream query as legitimate or anomalous. If the query is anomalous, the DIDS determines whether the anomaly resulted from a change in the database by performing one or more tests. One test determines whether the query references new fields or tables. Another test determines the frequency at which the query is received, and/or whether the query is received from multiple sources. A third test determines whether the query accesses sensitive information. Together, the results of these tests describe whether the query should be classified as anomalous or legitimate.
REFERENCES:
patent: 4959849 (1990-09-01), Bhusri
patent: 5040214 (1991-08-01), Grossberg et al.
patent: 5355474 (1994-10-01), Thuraisngham et al.
patent: 5584024 (1996-12-01), Shwartz
patent: 5664172 (1997-09-01), Antoshenkov
patent: 5694595 (1997-12-01), Jacobs et al.
patent: 5742806 (1998-04-01), Reiner et al.
patent: 5768422 (1998-06-01), Yaeger
patent: 5826076 (1998-10-01), Bradley et al.
patent: 5961582 (1999-10-01), Gaines
patent: 6088803 (2000-07-01), Tso et al.
patent: 6128740 (2000-10-01), Curry et al.
patent: 6282546 (2001-08-01), Gleichauf et al.
patent: 6311278 (2001-10-01), Raanan et al.
patent: 6314409 (2001-11-01), Schneck et al.
patent: 6321337 (2001-11-01), Reshef et al.
patent: 6356887 (2002-03-01), Berenson et al.
patent: 6584569 (2003-06-01), Reshef et al.
patent: 6598038 (2003-07-01), Guay et al.
patent: 6769009 (2004-07-01), Reisman
patent: 6775657 (2004-08-01), Baker
patent: 6775827 (2004-08-01), Harkins
patent: 6839850 (2005-01-01), Campbell et al.
patent: 6851113 (2005-02-01), Hemsath
patent: 6928553 (2005-08-01), Xiong et al.
patent: 7047369 (2006-05-01), Gruper et al.
patent: 7050936 (2006-05-01), Levy et al.
patent: 7085780 (2006-08-01), Sakamoto et al.
patent: 7085928 (2006-08-01), Schmid et al.
patent: 7120645 (2006-10-01), Manikutty et al.
patent: 7120933 (2006-10-01), Mattsson
patent: 7124173 (2006-10-01), Moriarty
patent: 7185232 (2007-02-01), Leavy et al.
patent: 7237265 (2007-06-01), Reshef et al.
patent: 7240201 (2007-07-01), Neufeld et al.
patent: 7254626 (2007-08-01), Kommula et al.
patent: 7296274 (2007-11-01), Cohen et al.
patent: 7308715 (2007-12-01), Gupta et al.
patent: 7444331 (2008-10-01), Nachenberg et al.
patent: 2002/0065896 (2002-05-01), Burakoff et al.
patent: 2002/0083343 (2002-06-01), Crosbie et al.
patent: 2002/0087882 (2002-07-01), Schneier et al.
patent: 2002/0157020 (2002-10-01), Royer
patent: 2003/0037251 (2003-02-01), Frieder et al.
patent: 2003/0051026 (2003-03-01), Carter et al.
patent: 2003/0069880 (2003-04-01), Harrison et al.
patent: 2003/0101355 (2003-05-01), Mattsson
patent: 2003/0133554 (2003-07-01), Nykanen et al.
patent: 2003/0145226 (2003-07-01), Bruton et al.
patent: 2003/0154402 (2003-08-01), Pandit et al.
patent: 2003/0167229 (2003-09-01), Ludwig et al.
patent: 2003/0188189 (2003-10-01), Desai et al.
patent: 2003/0204719 (2003-10-01), Ben-Itzhak
patent: 2003/0221123 (2003-11-01), Beavers
patent: 2003/0233583 (2003-12-01), Carley
patent: 2004/0098617 (2004-05-01), Sekar
patent: 2004/0098623 (2004-05-01), Scheidell
patent: 2004/0193656 (2004-09-01), Pizzo et al.
patent: 2004/0199535 (2004-10-01), Zuk
patent: 2004/0199647 (2004-10-01), Ramarao et al.
patent: 2004/0205360 (2004-10-01), Norton et al.
patent: 2004/0220915 (2004-11-01), Kline et al.
patent: 2004/0250127 (2004-12-01), Scoredos et al.
patent: 2004/0250134 (2004-12-01), Kohler et al.
patent: 2004/0260945 (2004-12-01), Raikar et al.
patent: 2005/0071643 (2005-03-01), Moghe
patent: 2005/0086529 (2005-04-01), Buchsbaum
patent: 2005/0097149 (2005-05-01), Vaitzblit et al.
patent: 2005/0138006 (2005-06-01), Bennett et al.
patent: 2005/0138110 (2005-06-01), Redlich et al.
patent: 2005/0138425 (2005-06-01), Kim et al.
patent: 2005/0138426 (2005-06-01), Styslinger
patent: 2005/0154733 (2005-07-01), Meltzer et al.
patent: 2005/0192995 (2005-09-01), Li et al.
patent: 2005/0203886 (2005-09-01), Wong
patent: 2005/0203921 (2005-09-01), Newman et al.
patent: 2005/0273859 (2005-12-01), Chess et al.
patent: 2005/0289187 (2005-12-01), Wong et al.
patent: 2006/0070128 (2006-03-01), Heimerdinger et al.
patent: 2006/0117386 (2006-06-01), Gupta et al.
patent: 2006/0212438 (2006-09-01), Ng
patent: 2006/0212941 (2006-09-01), Bronnikov et al.
patent: 2006/0242136 (2006-10-01), Hammond et al.
patent: 2006/0265689 (2006-11-01), Kuznetsov et al.
patent: 2007/0074188 (2007-03-01), Huang et al.
patent: 2007/0094728 (2007-04-01), Julisch et al.
patent: 2007/0169194 (2007-07-01), Church et al.
patent: WO 01/71499 (2001-09-01), None
Christopher Kruegel, Giovanni Vigna; “Anomaly Detection of Web-based Attacks,” Oct. 2003; CCS'03; p. 251-261.
AirCERT web page, last updated Sep. 18, 2000 [online]. Cert.org [retrieved Apr. 18, 2003]. Retrieved from the Internet<URL:http://www.cert.org/kb/aircert/>.
Change log for Analysis Console for intrusion Detection (Acid), indicating release date of Sep. 8, 2000 [online]. Andrew.cmu.edu [retrieved Apr. 18, 2003]. Retrieved from the Internet:<URL:http://www.andrew.cmu.edu/˜rdanyliw/snort/CHANGELOG>.
CyberGuard Corporation, “CyberGuard and Webwasher: The Value Proposition,” A CyberGuard Corporation White Paper, May 2004, 6 pages.
e=SECURITY, INC., Correlation Technology for Security Event Management, Oct. 7, 2002 [online]. eSecurityins.com [retrieved Apr. 18, 2003]. Retrieved from the Internet:<URL:http://www.esecurityinc.com/downloads/Correlation—WP.pdf>.
Marketing, “Digital Certificates—Best Practices—A Microdasys Whitepaper,” bestpractice.doc, Revision 1.1 (Jul. 31, 2003), 6 pages, Czech Republic.
Microdasys, “S C I P. Secured Content Inspection: Protecting the Enterprise from CryptoHacks,” 2003 by Microdasys Inc., 2 pages, Czech Republic.
MyNetWatchman.com web pages indicating 9/00 beta release [online]. MyNetWatchman.com [retrieved Apr. 18, 2003]. Retrieved from the Intemet<URL:http://www.mynetwatchman.com/mynetwatchman>.
Parkhouse, Jayne, “Pelican Save TNet 2.0,” [online] Jun. 2000, SC Magazine Product Review, [retrieved Dec. 1, 2003] Retrieved from the Internet<URL:http://www.scmagazine.com/standalone/pelican/sc—pelican.html>.
“PostgreSQL Interactive Documentation,” May 2001, [online] [Archived by http://archive.org on Jun. 6, 2001; Retrieved on Dec. 19, 2006] Retrieved from the internet<URL:http://web.archive.org/web/20010606011227/www.postgresql.org/idocs/index.php?overv...>.
2000 Review of eSecurity product on Network Security web page [online]. SCMagazine.com [retrieved Apr. 18, 2003]. Retrieved from the Internet<URL:http://www.scmagazine.com/scmagazine/2000—12/testc
etwork.htm#Open>.
Schneier, Bruce. Managed Security Monitoring: Network Security for the 21stCentury, 2001 [online]. Conterpane.com [retrieved Apr. 18, 2003]. Retrieved from the Internet<URL:http://www.counterpane.com/msm.pdf>.
Slashdot.org web pages describing Dshield, dated Nov. 27, 2000 [online]. Slashdot.org [retrieved Apr. 18, 2003]. Retrieved from the Internet:<URL:http://slashdot.org/article.pl?sid=00/11/27/1957238&mode=thread>.
SSL Stripper Home Page, “Security Solutions: Sample Screenshots,” [online]. Retrieved on Mar. 18, 2005. Retrieved from the Ineternet<URL:http://www.vroyer.org/ssIstripper/index.html>, 2 pages, Oct. 15, 2004, U.S.A.
SSL Stripper Sample Screenshots. “Security Solutions: Sample Screenshots,” [online]. Retrieved on Mar. 18, 20056. Retrieved from the Internet<URL:http://www.vroyer.org/ssIstripper/screenshots.html>, 3 pages, Oct. 15, 2004, U.S.A.
Symantec™ Incident Manager http://enterprisesecurity.symantec.com, copyright date Jun. 2003.
Web page, announcing Nov. 11, 2000 rel
Bétit Jacob F
Fenwick & West LLP
Symantec Corporation
Truong Dennis
LandOfFree
Automatic training of a database intrusion detection system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Automatic training of a database intrusion detection system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Automatic training of a database intrusion detection system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4278788