Information security – Monitoring or scanning of software or data including attack... – Vulnerability assessment
Reexamination Certificate
2007-02-27
2007-02-27
Moazzami, Nasser (Department: 2136)
Information security
Monitoring or scanning of software or data including attack...
Vulnerability assessment
C726S022000, C726S023000, C726S026000, C713S151000, C709S203000, C709S224000, C709S227000, C705S051000
Reexamination Certificate
active
10000396
ABSTRACT:
A flow-based intrusion detection system for detecting intrusions in computer communication networks. Data packets representing communications between hosts in a computer-to-computer communication network are processed and assigned to various client/server flows. Statistics are collected for each flow. Then, the flow statistics are analyzed to determine if the flow appears to be legitimate traffic or possible suspicious activity. A concern index value is assigned to each flow that appears suspicious. By assigning a value to each flow that appears suspicious and adding that value to the total concern index of the responsible host, it is possible to identify hosts that are engaged in intrusion activity. When the concern index value of a host exceeds a preset alarm value, an alert is issued and appropriate action can be taken.
REFERENCES:
patent: 5437244 (1995-08-01), Van Gilst
patent: 5557686 (1996-09-01), Brown et al.
patent: 5557742 (1996-09-01), Smaha et al.
patent: 5621889 (1997-04-01), Lermuzeaux et al.
patent: 5796942 (1998-08-01), Esbensen
patent: 5825750 (1998-10-01), Thompson
patent: 5970227 (1999-10-01), Dayan et al.
patent: 5991881 (1999-11-01), Conklin et al.
patent: 6119236 (2000-09-01), Shipley
patent: 6182226 (2001-01-01), Reid et al.
patent: 6275942 (2001-08-01), Bernhard et al.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6363489 (2002-03-01), Comay et al.
patent: 6453345 (2002-09-01), Trcka et al.
patent: 6502131 (2002-12-01), Vaid et al.
patent: 6628654 (2003-09-01), Albert et al.
patent: 6853619 (2005-02-01), Grenot
patent: 6891839 (2005-05-01), Albert et al.
patent: 2002/0104017 (2002-08-01), Stefan
patent: 2002/0133586 (2002-09-01), Shanklin et al.
patent: 2004/0187032 (2004-09-01), Gels et al.
patent: 2004/0237098 (2004-11-01), Watson et al.
patent: PCT/US99/29080 (2000-06-01), None
patent: PCT/US00/29490 (2001-05-01), None
Javitz H S et al.: “The SRI IDES Statistical Anomaly Detector”, Proceedings of the Symposium on Research in Security and Privacy US Los Alamitos, IEEE Comp. Soc. Press, v. Symp. 12, pp. 316-326 XP000220803ISBN; 0-8186-2168-0, p. 316, col. 1, line 1, p. 318, col. 1, line 3.
Lunt T F et al: “Knowledge-based Intrusion Detection”, Proceedings of the Annual Artificial Intelligence Systems in Government Conf. US, Washington, IEEE Comp. Soc. Press, vol. Conf. 4, pp. 102-107 XP000040018 p. 102, col. 1, line 1, p. 105, col. 2, line 21.
Mahoney, M., “Network Traffic Anomaly Detection Based on Packet Bytes”, ACM, 2003, Fl. Institute of Technology, entire document, http://www.cs.fit.edu/˜mmahoney/paper6.pdf.
Copeland, John A., et. al., “IP Flow Identification for IP Traffic Carried Over Switched Networks,” The International Journal of Computer Telecommunications Networking Computer Networks 31 (1999), pp. 493-504.
Cooper, Mark “An Overview of Intrusion Detection Systems,” Zinetica White Paper, (www.xinetica.com) Nov. 19, 2001.
Newman, P., et. al. “RFC 1953: Ipsilon Flow Management Protocol Specification for IPv4 Version 1.0” (www.xyweb.com/rfc/rfc1953.html) May 19, 1999.
Paxson, Vern, “Bro: A System for Detecting Network Intruders in Real-Time,” 7th USENIX Security Symposium, Lawrence Berkkeley National Laboratory, San Antonio, TX Jan. 26-29, 1998.
Mukherjee, Biswanath, et. al., “Network Intrusion Detection,” IEEE Network, May/Jun. 1994.
“Network-vs Host-Based Intrusion Detection: A Guide to Intrusion Detection,” ISS Internet Security Systems, Oct. 2, 1998, Atlanta, GA.
Barford, Paul, et. al. “Characteristics of Network Traffic Flow Anomalies,” ACM SIGCOMM Internet Measurement Workshop 2001 (http://www.cs.wisc.edu/pb/ublications.html) Jul. 2001.
Frincke, Deborah, et. al., “A Framework for Cooperative Intrusion Detection” 21st National Information Systems Security Conference, Oct. 1998, Crystal City, VA.
Phrack Magazine, vol. 8, Issue 53, Jul. 8, 1998, Article 11 of 15.
“LANSleuth Fact Sheet,” LANSleuth LAN Analyzer for Ethernet and Token Ring Networks, (www.lansleuth.com/features.html), Aurora, Illinois.
“LANSleuth General Features,” (www.lansleuth.com/features.html), Aurora, Illinois.
Copeland, John A., et al, “IP Flow Identification for IP Traffic Carried Over Switched Networks,” The International Journal of Computer and Telecommunications Networking Computer Networks 31 (1999), pp. 493-504.
Cooper, Mark “An Overview of Instrusion Detection Systems,” Xinetica White Paper, (www.xinetica.com) Nov. 19, 2001.
Newman, P., et al. “RFC 1953: Ipsilon Flow Management Protocol Specificaiton for IPv4 Version 1.0” (www.xyweb.com/rfc/rfc1953.html) May 19, 1999.
Baum Ronald
Lancope, Inc.
Moazzami Nasser
Morris Manning & Martin LLP
LandOfFree
Flow-based detection of network intrusions does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Flow-based detection of network intrusions, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Flow-based detection of network intrusions will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3827471