Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2007-06-19
2007-06-19
Zand, Kambiz (Department: 2134)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C726S022000
Reexamination Certificate
active
10289449
ABSTRACT:
The invention relates to event sequence detection suitable for an intrusion detection system (IDS), for example. An event sequence including two or more stages in order, each of the stages including one or more events, is defined. Also defined is a filtering function for each of the stages, each filtering function providing a TRUE indication, when one of the events belonging to the respective event is received, and a FALSE indication otherwise. Still further at least one binding function for each of the stages is defined such that a pair of binding functions in two successive stages links the events in these two successive stages. Received event data is continuously evaluated with the filtering functions. When the evaluation results in a TRUE indication from one of the filter functions, at least one key value is derived from the received event data by the corresponding at least one binding function. Finally, it is determined that that the sequence has been detected, when a TRUE indication has been obtained in each stage in a timely order and the derived key values link the detected events in the successive stages.
REFERENCES:
patent: 6370648 (2002-04-01), Diep
patent: 7032114 (2006-04-01), Moran
patent: 2002/0078381 (2002-06-01), Farley et al.
Koral Ilgun et al., “State Transition Analysis: A Rule-Based Intrusion Detection Approach,” IEEE Transactions on Software Engineering, IEEE (New York), vol. 21 (No. 3), p. 181-199, (Mar. 21, 1995).
Noelle McAuliffe et al., “Is Your Computer Being Misused? A Survey of Current Intrusion Detection System Technology,” Proc., Computer Security Applications Conference, IEEE, p. 260-272, (Dec. 3, 1990).
Herve Debar et al., “Towards a taxonomy of intrusion-detection systems,” Computer Networks, Elsevier Science Publishers B.V. (Amsterdam, NL), vol. 31 (No. 8), p. 805-822, ( Apr. 23, 1999).
Barnes & Thornburg LLP
Stonesoft Corporation
Tran Ellen C.
Zand Kambiz
LandOfFree
Event sequence detection does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Event sequence detection, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Event sequence detection will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3827998