Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2011-06-21
2011-06-21
Parthasarathy, Pramila (Department: 2436)
Information security
Monitoring or scanning of software or data including attack...
C726S023000, C726S013000
Reexamination Certificate
active
07966658
ABSTRACT:
Detecting attacks against computer systems by automatically detecting signatures based on predetermined characteristics of the intrusion. One aspect looks for commonalities among a number of different network messages, and establishes an intrusion signature based on those commonalities. Data reduction techniques, such as a hash function, are used to minimize the amount of resources which are necessary to establish the commonalities. In an embodiment, signatures are created based on the data reduction hash technique. Frequent signatures are found by reducing the signatures using that hash technique. Each of the frequent signatures is analyzed for content, and content which is spreading is flagged as being a possible attack. Additional checks can also be carried out to look for code within the signal, to look for spam, backdoors, or program code.
REFERENCES:
patent: 6477651 (2002-11-01), Teal
patent: 6578147 (2003-06-01), Shanklin et al.
patent: 6738814 (2004-05-01), Cox et al.
patent: 6829635 (2004-12-01), Townshend
patent: 6988208 (2006-01-01), Hrabik et al.
patent: 7080408 (2006-07-01), Pak et al.
patent: 7089592 (2006-08-01), Adjaoute
patent: 7535909 (2009-05-01), Singh et al.
patent: 2002/0107953 (2002-08-01), Ontiveros et al.
patent: 2003/0014662 (2003-01-01), Gupta et al.
patent: 2003/0445485 (2003-06-01), Milliken
patent: 2004/0054925 (2004-03-01), Etheridge et al.
patent: 2004/0064737 (2004-04-01), Milliken et al.
patent: 2004/0073617 (2004-04-01), Milliken et al.
patent: 2006/0098585 (2006-05-01), Singh et al.
patent: 2006/0150249 (2006-07-01), Gassen et al.
patent: 2006/0242703 (2006-10-01), Abeni
patent: 2007/0094728 (2007-04-01), Julisch et al.
patent: 2007/0112714 (2007-05-01), Fairweather
patent: 2007/0192863 (2007-08-01), Kapoor et al.
patent: 2008/0307524 (2008-12-01), Singh et al.
patent: 2005/103899 (2005-11-01), None
Bloom, Burton, “Space/time trade-offs in hash coding with allowable errors,” Communications of the ACM 13(7): 422-426, 1970.
Snort web site, www.snort.org, (accessed on May 23, 2007).
Microsoft Computer Dictionary, 5thEdition, Copyright 2002 by Microsoft Corporation, p. 144 (including a definition of “data reduction”).
Chambers Dictionary of Science and Technology, Copyright 1999 by Chambers Harrap Publishers Ltd., p. 303 (including a definition of “data reduction”).
McGraw-Hill Dictionary of Scientific and Technical Terms, 6thEdition, Copyright 2003, . . . by The McGraw-Hill Companies, Inc., p. 505 (including a definition of “data reduction”).
Estan et al., “Building a Better NetFlow,” SIGCOMM 2004 Tech Report, Portland Oregon, Aug. 30-Sep. 3, 2004 (12 pages).
Fan et al., “Summary Cache: A Scalable wide-area Web cache sharing protocol,” ACM SIGCOMM 98, Vancouver, British Columbia, Sep. 2-4, 1998 (12 pages).
Graham, Paul, “A Plan for Spam,” http://www.paulgraham.com/spam.html , Aug. 2002, 12 pages, (accessed May 23, 2007).
Manber, Udi “Finding Similar Files In a Large File System”, Proc. 1994 Winter Usenix Technical Conference, Jan. 1994, pp. 1-10.
Moore et al., “Inferring Internet Denial-of-Service Activity,” Proceedings of the 10thUSENIX Security Symposium, Aug. 13-17, 2001, Washington, D.C, 15 pages.
Moore et al., “Internet Quarantine: Requirements for Containing Self-Propagating Code,” The 22ndAnnual Joint Conference of the IEEE Computer and Communications Societies, San Francisco, CA, U.S.A. (Apr. 1-3, 2003).
Rabin, Michael O., “Fingerprinting by random polynomials,” Center for Research in Computing Technology, Harvard University, Report TR-15-91, 1981.
Singh et al., “Automated Worm Fingerprinting,” OSDI '04: 6thSymposium on Operating Systems Design and Implementation, San Francisco, CA, U.S.A., USENIX Association, pp. 45-60 (Dec. 6-8, 2004).
Estan Cristi
Savage Stefan
Singh Sumeet
Varghese George
Parthasarathy Pramila
Perkins Coie LLP
The Regents of the University of California
LandOfFree
Detecting public network attacks using signatures and fast... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Detecting public network attacks using signatures and fast..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Detecting public network attacks using signatures and fast... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2644520