Automatically generating valid behavior specifications for...

Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer

Reexamination Certificate

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C713S152000, C713S152000, C706S012000, C709S224000, C709S223000, C717S117000

Reexamination Certificate

active

06983380

ABSTRACT:
One embodiment of the present invention provides a system that automatically generates a valid behavior specification for use in an intrusion detection system for a computer system. The system operates by receiving an exemplary set of system calls that includes positive examples of valid system calls, and possibly negative examples of invalid system calls. The system automatically constructs the valid behavior specification from the exemplary set of system calls by selecting a set of rules covering valid system calls. This set of rules is selected to cover all positive examples in the exemplary set of system calls without covering negative examples. Moreover, the process of selecting a rule for the valid behavior specification involves using an objective function that seeks to maximize the number of positive examples covered by the rule while seeking to minimize the number of possible system calls covered by the rule. In one embodiment of the present invention, the system additionally monitors an executing program. During this monitoring process, the system receives a system call generated by the executing program. The system next determines whether the system call is covered by a rule from within the valid behavior specification. If not, the system generates and indication that the system call is invalid.

REFERENCES:
patent: 5481650 (1996-01-01), Cohen
patent: 6779120 (2004-08-01), Valente et al.
Warrender “Detection Intrusions Using System Calls: Alternative Data Models” Dept. of Computer Science, University of New Mexico (or IEEE Computer Society, Symposium on Security and Privacy, pp. 133-145), 1999.
Ko “Automated Detection of Vulnerabilities in Priveleged Programs by Executing Monitoring” Dept. of Computer Science, University of New Mexico, (or Proceeding of the 10-th annual Computer Security Applications Conference, pp. 134-144), Dec. 1994.
Hofmeyr “Intrusion Detection using Sequence of System Calls” Dept. of Computer Science, University of New Mexico (or Journal of Computer Security, 6:151-180), Aug. 18, 1998.

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Automatically generating valid behavior specifications for... does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Automatically generating valid behavior specifications for..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Automatically generating valid behavior specifications for... will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-3564575

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.