Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2011-03-22
2011-03-22
Moazzami, Nasser (Department: 2436)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
Reexamination Certificate
active
07913304
ABSTRACT:
The embodiments of the present invention disclose an event detection method and device. The method includes: predefining event-based detection rules with a predicative context-free grammar; generating by parsing the detection rules a parsing table of pushdown automaton which supports parallel parsing; receiving an event to be detected; and analyzing by a controller the event to be detected according to the parsing table, to obtain a detection result. The present invention is especially applicable to detection of network attack events. The embodiments of the present invention detect the attacks with a predicative context-free grammar on the basis of events, and ensure a close combination of a protocol parsing process and an attack detection process, as well as a close combination of multiple attack detection rules, thus decreasing unnecessary calculations. In addition, with an optimized parallel pushdown automaton, the embodiments of the present invention can efficiently analyze the predicative context-free grammar. Consequently, besides hierarchical processing capability and state description capability, the embodiments of the present invention deliver high efficiency.
REFERENCES:
patent: 5105353 (1992-04-01), Charles et al.
patent: 7546234 (2009-06-01), Deb et al.
patent: 2003/0036900 (2003-02-01), Weise
patent: 2003/0084344 (2003-05-01), Tarquini et al.
patent: 2005/0216770 (2005-09-01), Rowett et al.
patent: 2006/0253273 (2006-11-01), Feldman et al.
patent: 2006/0259508 (2006-11-01), Sikdar et al.
patent: 2007/0220063 (2007-09-01), O'Farrell et al.
Roesch M., “Snort—Lightweight Intrusion Detection for Networks”,The USENIX Association, Proceedings of LISA '99: 13thSystems Administration Conference: 229-238 (1999).
Kumar S. et al., “A Pattern Matching Model for Misuse Intrusion Detection”,National Institute of Standards and Technology/National Computer Security Center, 17thNational Computer Security Conference: 11-21 (1994).
Lee W. et al., “Automated Intrusion Detection Using NFR: Methods and Experiences”USENIX Association, Proceedings of the Workshop on Intrusion Deteection and Network Monitoring(ID '99): 62-72 (1999).
Paxson V. “Bro: a system for detecting network intruders in real-time”Computer Networks 31: 2435-2463 (1999).
Eckmann S. T. et al., “STATL: An attack language for state-based intrusion detection”Journal of Computer Security 10: 71-103 (2002).
Cuppens F. et al., “LAMBDA: A Language to Model a Database for Detection of Attacks”Springer-Verlag Berlin Heidelberg: 197-216 (2000).
Michel C. et al., Edited by Dupuy M et al., “ADELE: An Attack Description Language for Knowledge Based Intrusion Detection”Trusted Information, The New Decade Challenge, Kluwer Academic Publishers: 353-368 (2001).
Pouzol J-P et al., “From Declarative Signatures to Misuse IDS”Springer-Verlag Berlin Heidelberg: 1-21 (2001).
Sekar R. et al., “A High-Performance Network Intrusion Detection System” ACM: 8-17 (1999).
Cao Bin
Wang Yong
McNally Michael S
Moazzami Nasser
Neusoft Corporation
Scully , Scott, Murphy & Presser, P.C.
LandOfFree
Event detection method and device does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Event detection method and device, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Event detection method and device will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2686217