Electrical computers and digital processing systems: multicomput – Computer network managing – Computer network monitoring
Reexamination Certificate
2003-11-03
2010-11-02
Barqadle, Yasin (Department: 2456)
Electrical computers and digital processing systems: multicomput
Computer network managing
Computer network monitoring
C709S217000, C709S229000, C726S022000
Reexamination Certificate
active
07827272
ABSTRACT:
A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.
REFERENCES:
patent: 5550807 (1996-08-01), Kuroshita
patent: 5978568 (1999-11-01), Abraham et al.
patent: 6115393 (2000-09-01), Engel et al.
patent: 6182146 (2001-01-01), Graham-Cumming, Jr.
patent: 6269330 (2001-07-01), Cidon et al.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6484203 (2002-11-01), Porras et al.
patent: 6510164 (2003-01-01), Ramaswamy et al.
patent: 6678835 (2004-01-01), Shah et al.
patent: 6874106 (2005-03-01), Suzuyama et al.
patent: 6947996 (2005-09-01), Assa et al.
patent: 6986161 (2006-01-01), Billhartz
patent: 7043759 (2006-05-01), Kaashoek et al.
patent: 7076803 (2006-07-01), Bruton et al.
patent: 7120930 (2006-10-01), Maufer et al.
patent: 7222366 (2007-05-01), Bruton, III et al.
patent: 7254133 (2007-08-01), Govindarajan et al.
patent: 7359930 (2008-04-01), Jackson et al.
patent: 7492720 (2009-02-01), Pruthi et al.
patent: 2001/0014868 (2001-08-01), Herz et al.
patent: 2002/0031134 (2002-03-01), Poletto et al.
patent: 2002/0032855 (2002-03-01), Neves et al.
patent: 2002/0032871 (2002-03-01), Malan et al.
patent: 2002/0069200 (2002-06-01), Cooper et al.
patent: 2002/0095492 (2002-07-01), Kaashoek et al.
patent: 2002/0105911 (2002-08-01), Pruthi et al.
patent: 2002/0141342 (2002-10-01), Furman et al.
patent: 2003/0069952 (2003-04-01), Tams et al.
patent: 2003/0217039 (2003-11-01), Kurtz et al.
patent: 2003/0226034 (2003-12-01), Howard et al.
patent: 2004/0199576 (2004-10-01), Tan
patent: 2004/0215976 (2004-10-01), Jain
Symantec Antivirus for Macintosh—SAM. Cupertino, CA, pp. 4-9, 4-10, 5-6, 5-7.
Central Point Virus Detection, Removal and Prevention, 1991, pp. 46.
Steve Bellovin. DDoS Attacks and Pushback. NANOG2 1, Feb. 18, 2001 http:/1www.aciri.org/pushback.
Ratul Manajan, Steven M. Bellovin, Sally Floyd, Vern Paxson, Scott Shenker, and John Ioannidis. Controlling High Bandwidth Aggregates in the Network. draft paper, Feb. 2001. http://www.aciri.org/pushback.
Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson. Practical Network Support for IP Traceback. Proceedings of 2000 ACM SIGCOMM. Stockholm, Sweden, Aug. 2000. http://www.cs.washington.edu/homes/savage/traceback.html.
Steve Bellovin. ICMP Traceback Messages. AT&T Labs Research, Mar. 2000. http://www.research.att.com/-smb/papers/draft-bellovin-itrace-00.txt.
Cisco. Characterizing and Timing Packet Floods Using Cisco Routers. http://www.cisco.com/warp/public/707/22.html.
D. Senie. RFC2644 (BCP34), Changing the Default for Directed Broadcasts in Routers. IETF, , Aug. 1999. http://w\nu.ietf.orglrfc/rfc2644.ixt.
P. Ferguson, D. Senie. RFC2827 (BCP38): Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing. IETF, May 2000. http://www.ietf.orglrfdrfc2827.txt.
David G. Andersen, Hari Balakrishnan, and M. Frans Kaashoek, Robert Moms. The Case for Resilient Overlay Networks.. Proc. of HotOS-VIII, Schlosr Elmau, Germany, May 2001. http:Nnms.1cs.mit.edu/papers/ron-hotos20I0. pdf.
Cisco. Web-Site Security and Denial-of-Service Protection. http://www.cisco.com/warp/public/cdpd/si/11000/prodlit/cswwis.hc tm.
Analysis of a Denial of Service Attack on TCP by Schuba et al Proceedings of the 1997 IEEE Symposium on Security and Privacy (IEEE Computer Society Press, May 1997.
Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson. Practical Network Support for IP Traceback. Work in progress Technical Report UW-CSE-00-02-01. Date unknown. http://www.cs.washington.edu/homes/savagd˜ceback.html.
Web page entitled “Aggregate Based Congestion Control and Pushback” last modified Apr. 2001 Found at http://www.a˜iri.or˜/˜˜sh.
D. Song et al., “Advanced and Authenticated Marking Schemes for IP Traceback”, Proc. IEEE MFOCOM, Apr. 2001, pp. 878-886.
R. Stone, “CenterTrack: An IP Overlay Network for Tracking DoS Floods”, Proceedings of 9thUSENIX Security Symposium, Denver, CO, Aug. 2000, pp. 199-212.
H. Burch et al., “Tracing Anonymous Packets to Their Approximate Source”, Proc. USENIX LISA 00, Dec. 2000, pp. 319-327.
Ohta, Kohei Detection, Defense, and Tracking of Internet Wide Illegal Access in a Distributed Manner, INET Proceedings, Jul. 18-21, 2000.
Dudfield Anne Elizabeth
Poletto Massimiliano Antonio
Ratin Andrew
Barqadle Yasin
Park Vaughan Fleming & Dowler LLP
Riverbed Technology, Inc.
LandOfFree
Connection table for intrusion detection does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Connection table for intrusion detection, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Connection table for intrusion detection will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4208322