Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2011-05-10
2011-05-10
Kim, Jung (Department: 2432)
Information security
Monitoring or scanning of software or data including attack...
C726S023000, C726S024000
Reexamination Certificate
active
07941853
ABSTRACT:
The invention relates to a distributed system for detecting eThreats that propagate in a network, which comprises: (a) graphs database storing at least one propagation graph, each graph describing the typical propagation over time of one eThreat class or a legitimate executable class within the network; (b) plurality of agents that are distributed in corresponding plurality of hosts within the network, each of said agents continuously monitoring the corresponding host and reporting to a Central Decision Maker (CDM) the identity of any new suspected executable, and the time in which said suspected executable has been first detected by said agent; (c) a CDM for: (c.1) receiving all said reports from said plurality of agents; (c.2) creating from said reports for each suspected executable a corresponding propagation graph which reflects the propagation characteristics over time of said suspected executable within the network, and (c.3) comparing each of said created graphs with said stored at least one propagation graph; (c.4) upon finding a similarity above a predefined threshold between a created graph and one of the stored graphs, concluding respectively that said executable belongs to the class as defined by said stored graph; and (c.5) conveying said conclusion to said agents, for optionally taking an appropriate action.
REFERENCES:
patent: 7490355 (2009-02-01), Wong
patent: 2008/0307524 (2008-12-01), Singh et al.
patent: 2009/0249184 (2009-10-01), Dieberger et al.
D. Moore, C. Shannon, and J. Brown. Code-Red: A Case Study on the Spread and Victims of an Internet Worm. In Proceedings of the ACM Internet Measurement Workshop, Nov. 2002.
C. C. Zou, et al., Monitoring and early warning for internet worms. In Proceedings of the 10th ACM conference on Computer and communications security, Washington, 2003.
S. Singh, C. Estan, G. Varghese, and S. Savage. Automated Worm Fingerprinting. In Proceedings of the 6th Symposium on Operating System Design and Implementation (OSDI), 2004.
J, Newsome, B. Karp and D. Song. Polygraph: automatically generating signatures for polymorphic worms. In Proceedings of the Security and Privacy, 2005 IEEE Symposium.
Spitzner. Honeypots: Tracking Hackers. Addison Wesley, 2003.
G. Portokalidis, A. Slowinska and H. Bos. Argos: an Emulator for Fingerprinting Zero-Day Attacks. In Proceedings of ACM SIGOPS ETJROSYS 2006, Leuven, Belgium, Apr. 2006.
T. Vogt. Simulating and Optimizing Worm Propagation Algorithms. Sep. 2003. http://www.securityfocus.com/1ibrary/WormPropagation.pdf.
Symantec Internet Security Threat Report. http://www.symantec.com.bo/region/se/seresc/download/istr—sept—2004.pdf.
Brent N. Chun, Jason Lee and Hakim Weatherspoon. Netbait: a Distributed Worm Detection Service. Intel Research Berkeley Technical Report IRB-TR-03-033, Sep. 2003.
C. Kreiblch et al., Honeycomb—creating intrusion detection signatures using Honeypots. In Proceed. of the 2nd Workshop on Hot Topics in Networks (HotNets-II), Nov. 2003.
H.A. Kim and B. Karp. Autograph: toward automated, distributed worm signature detection. In Proceedings of the 13th USENIX Security Symposium, Aug. 2004.
S. Forrest. A Sense of Self for UNIX Processes. In Proceedings of the IEEE Symposium on Security and Privacy. Oakland, CA. 120-128. 1996.
R. Thommes and M. Coates. Epidemiological Modeling of Peer-to-Peer Viruses and Pollution. In Proceedings of IEEE Infocom 2006.
C.C. Zou et al., Modeling and Simulation Study . . . of Internet E-mail Worms. IEEE Transactions on dependable and secure computing, vol. 4, No. 2, Apr.-Jun. 2007.
R. M. Anderson and R. M. May, Infectious diseases in humans, (Oxford University Press, Oxford, 1992).
R. Pastor-Satorras, A. Vespignani. Epidemic dynamics and endemic states in complex networks, Physical Review E 63, 2001.
Y. Moreno, R. Pastor-Satorras, and A. Vespignani. Epidemic outbreaks in complex heterogeneous networks. Eur. Phys. J. B 26, 521-529 (2002).
R. Pastor-Satorras and A. Vespignani. Epidemic spreading in scale-free networks. Phys. Rev. Lett. 86, 3200-3203 (2001).
C. Faloutsos, M. Faloutsos, P. Faloutsos. On power-law relationships of the Internet topology. In Proceedings of ACM SIGCOMM, Aug. 1999.
D. Moore, V. Paxson, S. Savage,C. Shannon, S. Staniford, N. Weaver. Inside the Slammer worm. Security & Provacy, IEEE, Jul.-Aug. 2003.
S. Staniford, V. Paxson, N. Weaver. How to own the Internet in your spare time. In Proceedings of USENIX Security Symposium, Aug. 2002.
C. Zou, D. Towsley, and W. Gong. On the Performance of Internet Worm Scanning Strategies. Performance Evaluation Journal, vol. 63, No. 7, Jul. 2006.
CERT, Advisory CA-2000-04, Love Letter Worm at http://www.cert.org/advisories/CA-2000-04.html.
M. Tubi, R. Puzis, Y. Elovici. Deployment of DNIDS in Social Networks, ISI 2007: 59-65.
Network Worms at http://www.viruslist.com/.
Elovici Yuval
Gudes Ehud
Rozenberg Boris
Deutsche Telekom AG
Kim Jung
McCarthy Kevin D.
Nobahar Abdulhakim
Roach Brown McCarthy & Gruber P.C.
LandOfFree
Distributed system and method for the detection of eThreats does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Distributed system and method for the detection of eThreats, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Distributed system and method for the detection of eThreats will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2642398