Detection of unauthorized access in a network

Information security – Monitoring or scanning of software or data including attack... – Vulnerability assessment

Reexamination Certificate

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C726S023000, C726S022000

Reexamination Certificate

active

07461404

ABSTRACT:
A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.

REFERENCES:
patent: 5550807 (1996-08-01), Kuroshita
patent: 5978568 (1999-11-01), Abraham et al.
patent: 6182146 (2001-01-01), Graham-Cumming, Jr.
patent: 6269330 (2001-07-01), Cidon et al.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6484203 (2002-11-01), Porras et al.
patent: 6947996 (2005-09-01), Assa et al.
patent: 6986161 (2006-01-01), Billhartz
patent: 7043759 (2006-05-01), Kaashoek et al.
patent: 7222366 (2007-05-01), Bruton, III et al.
patent: 7234168 (2007-06-01), Gupta et al.
patent: 7266100 (2007-09-01), Le et al.
patent: 2001/0014868 (2001-08-01), Herz et al.
patent: 2002/0031134 (2002-03-01), Poletto et al.
patent: 2002/0032855 (2002-03-01), Neves et al.
patent: 2002/0032871 (2002-03-01), Malan et al.
patent: 2002/0069200 (2002-06-01), Cooper et al.
patent: 2002/0095492 (2002-07-01), Kaashoek et al.
patent: 2003/0069952 (2003-04-01), Tams et al.
patent: 2003/0217039 (2003-11-01), Kurtz et al.
patent: 2003/0226034 (2003-12-01), Howard et al.
patent: 2004/0199576 (2004-10-01), Tan
patent: 2004/0215976 (2004-10-01), Jain
Symantec Antivirus For Macintosh—SAM. Cupertino, CA, pp. 4-9, 4-10, 5-6, 5-7.
Central Point Virus Detection, Removal and Prevention, 1991, pp. 46.
Steve Bellovin. DDoS Attacks and Pushback. NANOG2 1, Feb. 18, 2001 http:/lwww.aciri.org/pushback.
Ratul Manajan, Steven M. Bellovin, Sally Floyd, Vern Paxson, Scott Shenker, and John Ioannidis. Controlling High Bandwidth Aggregates in the Network. draft paper, Feb. 2001. http://www.aciri.org/pushback.
Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson. Practical Network Support for IP Traceback. Proceedings of 2000 ACM SIGCOMM. Stockholm, Sweden, Aug. 2000. http://www.cs.washington.edu/homes/savage/traceback.html.
Steve Bellovin. ICMP Traceback Messages. AT&T Labs Research, Mar. 2000. http://www.research.att.com/-smb/papers/draft-bellovin-itrace-00.txt.
Cisco. Characterizing and Timing Packet Floods Using Cisco Routers. http://www.cisco.com/warp/public/707/22.html.
D. Senie. RFC2644 (BCP34), Changing the Default for Directed Broadcasts in Routers. IETF, , Aug. 1999. http://w\nu.ietf.orglrfc/rfc2644.ixt.
P. Ferguson, D. Senie. RFC2827 (BCP38): Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing. IETF, May 2000. http://www.ietf.orglrfdrfc2827.txt.
David G. Andersen, Hari Balakrishnan, and M. Frans Kaashoek, Robert Moms. The Case for Resilient Overlay Networks.. Proc. of HotOS-VIII, Schlosr Elmau, Germany, May 2001. http:Nnms.lcs.mit.edu/papers/ron-hotos20I0.pdf.
Cisco. Web-Site Security and Denial-of-Service Protection. http://www.cisco.com/warp/public/cdpd/si/11000/prodlit/cswwis.hc tm.
Analysis of a Denial of Service Attack on TCP by Schuba et al Proceedings of the 1997 IEEE Symposium on Security and Privacy (IEEE Computer Society Press, May 1997.
Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson. Practical Network Support for IP Traceback. Work in progress Technical Report UW-CSE-00-02-01. Date unknown. http://www.cs.washington.edu/homes/savagd˜ceback.html.
Web page entitled “Aggregate Based Congestion Control and Pushback” last modified Apr. 2001 Found at http://www.a˜iri.or˜/˜˜sh.
D. Song et al., “Advanced and Authenticated Marking Schemes for IP Traceback”, Proc. IEEE MFOCOM, Apr. 2001, pp. 878-886.
R. Stone, “CenterTrack: An IP Overlay Network for Tracking DoS Floods”, Proceedings of 9thUSENIX Security Symposium, Denver, CO, Aug. 2000, pp. 199-212.
H. Burch et al., “Tracing Anonymous Packets to Their Approximate Source”, Proc. USENIX LISA 00, Dec. 2000, pp. 319-327.
Ohta, Kohei Detection, Defense, and Tracking of Internet Wide Illegal Access in a Distributed Manner, INET Proceedings, Jul. 18-21, 2000.

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Detection of unauthorized access in a network does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Detection of unauthorized access in a network, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Detection of unauthorized access in a network will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-4044282

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.