Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
2006-01-03
2006-01-03
Sheikh, Ayaz (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000, C713S152000, C706S012000, C709S224000, C709S223000, C717S117000
Reexamination Certificate
active
06983380
ABSTRACT:
One embodiment of the present invention provides a system that automatically generates a valid behavior specification for use in an intrusion detection system for a computer system. The system operates by receiving an exemplary set of system calls that includes positive examples of valid system calls, and possibly negative examples of invalid system calls. The system automatically constructs the valid behavior specification from the exemplary set of system calls by selecting a set of rules covering valid system calls. This set of rules is selected to cover all positive examples in the exemplary set of system calls without covering negative examples. Moreover, the process of selecting a rule for the valid behavior specification involves using an objective function that seeks to maximize the number of positive examples covered by the rule while seeking to minimize the number of possible system calls covered by the rule. In one embodiment of the present invention, the system additionally monitors an executing program. During this monitoring process, the system receives a system call generated by the executing program. The system next determines whether the system call is covered by a rule from within the valid behavior specification. If not, the system generates and indication that the system call is invalid.
REFERENCES:
patent: 5481650 (1996-01-01), Cohen
patent: 6779120 (2004-08-01), Valente et al.
Warrender “Detection Intrusions Using System Calls: Alternative Data Models” Dept. of Computer Science, University of New Mexico (or IEEE Computer Society, Symposium on Security and Privacy, pp. 133-145), 1999.
Ko “Automated Detection of Vulnerabilities in Priveleged Programs by Executing Monitoring” Dept. of Computer Science, University of New Mexico, (or Proceeding of the 10-th annual Computer Security Applications Conference, pp. 134-144), Dec. 1994.
Hofmeyr “Intrusion Detection using Sequence of System Calls” Dept. of Computer Science, University of New Mexico (or Journal of Computer Security, 6:151-180), Aug. 18, 1998.
Chai Longbit
Hamaty Christopher J.
Networks Associates Technology Inc.
Sheikh Ayaz
Zilka-Kotab, PC
LandOfFree
Automatically generating valid behavior specifications for... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Automatically generating valid behavior specifications for..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Automatically generating valid behavior specifications for... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3564575