Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2007-08-21
2007-08-21
Vu, Kim (Department: 2135)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C726S011000, C726S013000, C726S014000, C726S025000, C726S027000, C713S194000, C709S223000
Reexamination Certificate
active
11367950
ABSTRACT:
An intrusion detection system (IDS). An IDS which has been configured in accordance with the present invention can include a traffic sniffer for extracting network packets from passing network traffic; a traffic parser configured to extract individual data from defined packet fields of the network packets; and, a traffic logger configured to store individual packet fields of the network packets in a database. A vector builder can be configured to generate multi-dimensional vectors from selected features of the stored packet fields. Notably, at least one self-organizing clustering module can be configured to process the multi-dimensional vectors to produce a self-organized map of clusters. Subsequently, an anomaly detector can detect anomalous correlations between individual ones of the clusters in the self-organized map based upon at least one configurable correlation metric. Finally, a classifier can classify detected anomalous correlations as one of an alarm and normal behavior.
REFERENCES:
patent: 5278901 (1994-01-01), Shieh et al.
patent: 5311593 (1994-05-01), Carmi
patent: 5414833 (1995-05-01), Hershey et al.
patent: 5526299 (1996-06-01), Coifman et al.
patent: 5621889 (1997-04-01), Lermuzeaux et al.
patent: 5692124 (1997-11-01), Holden et al.
patent: 5787253 (1998-07-01), McCreery et al.
patent: 5835726 (1998-11-01), Shwed et al.
patent: 5850386 (1998-12-01), Anderson et al.
patent: 5918223 (1999-06-01), Blum et al.
patent: 5968176 (1999-10-01), Nessett et al.
patent: 5991881 (1999-11-01), Conklin et al.
patent: 6026442 (2000-02-01), Lewis et al.
patent: 6044401 (2000-03-01), Harvey
patent: 6088804 (2000-07-01), Hill et al.
patent: 6115393 (2000-09-01), Engel et al.
patent: 6134664 (2000-10-01), Walker
patent: 6263444 (2001-07-01), Fujita
patent: 6279113 (2001-08-01), Vaidya
patent: 6282546 (2001-08-01), Gleichauf et al.
patent: 6301668 (2001-10-01), Gleichauf et al.
patent: 6304262 (2001-10-01), Maloney et al.
patent: 6304904 (2001-10-01), Sathyanarayan et al.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6327550 (2001-12-01), Vinberg et al.
patent: 2002/0032880 (2002-03-01), Poletto et al.
patent: 2002/0035683 (2002-03-01), Kaashoek et al.
patent: 0 985 995 (2000-03-01), None
patent: WO 00/34847 (2000-06-01), None
Roesch, Snort—Lightweight Intrusion Detection for Networks, 1999, Usenix, pp. 1-2.
G. Bigna, et al., NetSTAT: A Network-based Intrusion Detection Approach,Proc. of the 14th Annual Computer Security Application Conf., Scottsdale, AZ, (Dec. 1998).
C. Prosise, et al.,Catch Hackers in the Act, <http://builder.cnet.com/webbuilding/0-7532-8-4011019-4.html>, (Dec. 13, 2000).
The Science of Intrusion Detection System Attack Identification, Cisco Systems, Inc., (2002).
C. Gerg, A Platform-Independent Discussion of Network Security,Information Security Bulletin, pp. 29-33, (May 2001).
A. Allan, Intrusion Detection Systems (IDSs): Perspective,Gartner, (Jan. 4, 2002).
Snort Overview, <http://www.snort.org/docs/writing—rules.chap1.html>, (Jul. 15, 2002).
W. Simonds,Bad Packets: Snort—The Dobermans Behind the Firewall, searchNetworking.com, (Feb. 28, 2002).
Roundtable—IDS At the Crossroads,Information Security Magazine, (Jun. 2002).
E. Duggan, Hackers Warn of ‘Crackers’,The South Florida Business Journal, (Jul. 5-11, 2002).
Greenberg, Esq. Steven M.
Klimach Paula
Steelcloud, Inc.
Vu Kim
LandOfFree
Intrusion detection system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Intrusion detection system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Intrusion detection system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3857547