Multiplex communications – Pathfinding or routing – Switching a message which includes an address header
Reexamination Certificate
2011-06-07
2011-06-07
Yao, Kwang B. (Department: 2473)
Multiplex communications
Pathfinding or routing
Switching a message which includes an address header
C726S013000, C726S023000
Reexamination Certificate
active
07957372
ABSTRACT:
A detection and response system including a set of algorithms for detecting within a stream of normal computer traffic a subset of (should focus on network traffic eliciting a response) TCP or UDP packets with one IP Source Address (SA) value, one or a few Destination Address (DA) values, and a number exceeding a threshold of distinct Destination Port (DP) values. A lookup mechanism such as a Direct Table and Patricia search tree record and trace sets of packets with one SA and one DA as well as the set of DP values observed for the given SA, DA combination. The detection and response system reports the existence of such a subset and the header values including SA, DA, and multiple DPs of the subset. The detection and response system also includes various administrative responses to reports.
REFERENCES:
patent: 5414833 (1995-05-01), Hershey et al.
patent: 5652796 (1997-07-01), Barraza et al.
patent: 5983348 (1999-11-01), Ji
patent: 5991881 (1999-11-01), Conklin et al.
patent: 6167516 (2000-12-01), Camion et al.
patent: 6275942 (2001-08-01), Bernhard et al.
patent: 6279113 (2001-08-01), Vaidya
patent: 6282546 (2001-08-01), Gleichauf et al.
patent: 6330610 (2001-12-01), Docter et al.
patent: 6338141 (2002-01-01), Wells
patent: 6363489 (2002-03-01), Comay et al.
patent: 6405318 (2002-06-01), Rowland
patent: 6477651 (2002-11-01), Teal
patent: 6487204 (2002-11-01), Dacier et al.
patent: 6487666 (2002-11-01), Shanklin et al.
patent: 2002/0133586 (2002-09-01), Shanklin et al.
patent: 2003/0101353 (2003-05-01), Tarquini et al.
patent: 2003/0110274 (2003-06-01), Pazi et al.
patent: 2003/0200441 (2003-10-01), Jeffries et al.
patent: 2004/0128550 (2004-07-01), Govindarajan et al.
patent: 2004/0210588 (2004-10-01), Simkins et al.
patent: 2005/0007958 (2005-01-01), Auerbach
patent: 2005/0018618 (2005-01-01), Mualem et al.
patent: 2005/0027854 (2005-02-01), Boulanger et al.
patent: 2006/0253903 (2006-11-01), Krumel
patent: 2010/0146612 (2010-06-01), Toomey
patent: 1 081 894 (2001-03-01), None
patent: 2002-124996 (2002-04-01), None
patent: 02/48959 (2002-06-01), None
patent: WO 2005/015871 (2005-02-01), None
K. Daley et al., “A Structural Framework for Modeling Multi-Stage Network Attacks”, IEEE Proceedings of the International Conference on Parallel Processing Workshops, '02, 4 pages.
P. Liu, et al., “Multi-Phase Damage Confinement in Database Systems for Intrusion Tolerance”, Proceedings 14thIEEE Computer Security Foundations Workshop, p. 191-205, Jun. 2001.
Cho, K., et al., An Aggregation Technique for Traffic Monitoring, Proceedings of the 2002 Symposium on Applications and the Internet (SAINT'02w), IEEE, pp. 74-81 (2002).
Kaizaki, R., et al., Detection of Denial of Service attacks using AGURI, Proceeding of the International Conference on Telecommunications, vol. 1, pp. 808-812 (2002).
International Search Report for International Application No. PCT/EP2005/053518 dated Oct. 28, 2005.
Partial Translation office action, Japanese Patent Application No. 2007-521949, Mailing date of office action : Sep. 7, 2010.
Boulanger Alan David
Danford Robert William
Himberger Kevin David
Jeffries Clark Debs
Dillon & Yudell LLP
International Business Machines - Corporation
Tran Tung Q
Yao Kwang B.
LandOfFree
Automatically detecting distributed port scans in computer... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Automatically detecting distributed port scans in computer..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Automatically detecting distributed port scans in computer... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2636150