Flow-based detection of network intrusions

Information security – Monitoring or scanning of software or data including attack... – Vulnerability assessment

Reexamination Certificate

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C726S022000, C726S023000, C726S026000, C713S151000, C709S203000, C709S224000, C709S227000, C705S051000

Reexamination Certificate

active

10000396

ABSTRACT:
A flow-based intrusion detection system for detecting intrusions in computer communication networks. Data packets representing communications between hosts in a computer-to-computer communication network are processed and assigned to various client/server flows. Statistics are collected for each flow. Then, the flow statistics are analyzed to determine if the flow appears to be legitimate traffic or possible suspicious activity. A concern index value is assigned to each flow that appears suspicious. By assigning a value to each flow that appears suspicious and adding that value to the total concern index of the responsible host, it is possible to identify hosts that are engaged in intrusion activity. When the concern index value of a host exceeds a preset alarm value, an alert is issued and appropriate action can be taken.

REFERENCES:
patent: 5437244 (1995-08-01), Van Gilst
patent: 5557686 (1996-09-01), Brown et al.
patent: 5557742 (1996-09-01), Smaha et al.
patent: 5621889 (1997-04-01), Lermuzeaux et al.
patent: 5796942 (1998-08-01), Esbensen
patent: 5825750 (1998-10-01), Thompson
patent: 5970227 (1999-10-01), Dayan et al.
patent: 5991881 (1999-11-01), Conklin et al.
patent: 6119236 (2000-09-01), Shipley
patent: 6182226 (2001-01-01), Reid et al.
patent: 6275942 (2001-08-01), Bernhard et al.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6363489 (2002-03-01), Comay et al.
patent: 6453345 (2002-09-01), Trcka et al.
patent: 6502131 (2002-12-01), Vaid et al.
patent: 6628654 (2003-09-01), Albert et al.
patent: 6853619 (2005-02-01), Grenot
patent: 6891839 (2005-05-01), Albert et al.
patent: 2002/0104017 (2002-08-01), Stefan
patent: 2002/0133586 (2002-09-01), Shanklin et al.
patent: 2004/0187032 (2004-09-01), Gels et al.
patent: 2004/0237098 (2004-11-01), Watson et al.
patent: PCT/US99/29080 (2000-06-01), None
patent: PCT/US00/29490 (2001-05-01), None
Javitz H S et al.: “The SRI IDES Statistical Anomaly Detector”, Proceedings of the Symposium on Research in Security and Privacy US Los Alamitos, IEEE Comp. Soc. Press, v. Symp. 12, pp. 316-326 XP000220803ISBN; 0-8186-2168-0, p. 316, col. 1, line 1, p. 318, col. 1, line 3.
Lunt T F et al: “Knowledge-based Intrusion Detection”, Proceedings of the Annual Artificial Intelligence Systems in Government Conf. US, Washington, IEEE Comp. Soc. Press, vol. Conf. 4, pp. 102-107 XP000040018 p. 102, col. 1, line 1, p. 105, col. 2, line 21.
Mahoney, M., “Network Traffic Anomaly Detection Based on Packet Bytes”, ACM, 2003, Fl. Institute of Technology, entire document, http://www.cs.fit.edu/˜mmahoney/paper6.pdf.
Copeland, John A., et. al., “IP Flow Identification for IP Traffic Carried Over Switched Networks,” The International Journal of Computer Telecommunications Networking Computer Networks 31 (1999), pp. 493-504.
Cooper, Mark “An Overview of Intrusion Detection Systems,” Zinetica White Paper, (www.xinetica.com) Nov. 19, 2001.
Newman, P., et. al. “RFC 1953: Ipsilon Flow Management Protocol Specification for IPv4 Version 1.0” (www.xyweb.com/rfc/rfc1953.html) May 19, 1999.
Paxson, Vern, “Bro: A System for Detecting Network Intruders in Real-Time,” 7th USENIX Security Symposium, Lawrence Berkkeley National Laboratory, San Antonio, TX Jan. 26-29, 1998.
Mukherjee, Biswanath, et. al., “Network Intrusion Detection,” IEEE Network, May/Jun. 1994.
“Network-vs Host-Based Intrusion Detection: A Guide to Intrusion Detection,” ISS Internet Security Systems, Oct. 2, 1998, Atlanta, GA.
Barford, Paul, et. al. “Characteristics of Network Traffic Flow Anomalies,” ACM SIGCOMM Internet Measurement Workshop 2001 (http://www.cs.wisc.edu/pb/ublications.html) Jul. 2001.
Frincke, Deborah, et. al., “A Framework for Cooperative Intrusion Detection” 21st National Information Systems Security Conference, Oct. 1998, Crystal City, VA.
Phrack Magazine, vol. 8, Issue 53, Jul. 8, 1998, Article 11 of 15.
“LANSleuth Fact Sheet,” LANSleuth LAN Analyzer for Ethernet and Token Ring Networks, (www.lansleuth.com/features.html), Aurora, Illinois.
“LANSleuth General Features,” (www.lansleuth.com/features.html), Aurora, Illinois.
Copeland, John A., et al, “IP Flow Identification for IP Traffic Carried Over Switched Networks,” The International Journal of Computer and Telecommunications Networking Computer Networks 31 (1999), pp. 493-504.
Cooper, Mark “An Overview of Instrusion Detection Systems,” Xinetica White Paper, (www.xinetica.com) Nov. 19, 2001.
Newman, P., et al. “RFC 1953: Ipsilon Flow Management Protocol Specificaiton for IPv4 Version 1.0” (www.xyweb.com/rfc/rfc1953.html) May 19, 1999.

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Flow-based detection of network intrusions does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Flow-based detection of network intrusions, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Flow-based detection of network intrusions will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-3827471

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.