Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2006-03-21
2006-03-21
Song, Hosuk (Department: 2135)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C726S022000, C709S224000
Reexamination Certificate
active
07017186
ABSTRACT:
An intrusion detection system (IDS). An IDS which has been configured in accordance with the present invention can include a traffic sniffer for extracting network packets from passing network traffic; a traffic parser configured to extract individual data from defined packet fields of the network packets; and, a traffic logger configured to store individual packet fields of the network packets in a database. A vector builder can be configured to generate multi-dimensional vectors from selected features of the stored packet fields. Notably, at least one self-organizing clustering module can be configured to process the multi-dimensional vectors to produce a self-organized map of clusters. Subsequently, an anomaly detector can detect anomalous correlations between individual ones of the clusters in the self-organized map based upon at least one configurable correlation metric. Finally, a classifier can classify detected anomalous correlations as one of an alarm and normal behavior.
REFERENCES:
patent: 5311593 (1994-05-01), Carmi
patent: 5414833 (1995-05-01), Hershey et al.
patent: 5526299 (1996-06-01), Coifman et al.
patent: 5621889 (1997-04-01), Lermuzeaux et al.
patent: 5692124 (1997-11-01), Holden et al.
patent: 5787253 (1998-07-01), McCreery et al.
patent: 5835726 (1998-11-01), Shwed et al.
patent: 5850386 (1998-12-01), Anderson et al.
patent: 5918223 (1999-06-01), Blum et al.
patent: 5968176 (1999-10-01), Nessett et al.
patent: 5991881 (1999-11-01), Conklin et al.
patent: 6026442 (2000-02-01), Lewis et al.
patent: 6044401 (2000-03-01), Harvey
patent: 6088804 (2000-07-01), Hill et al.
patent: 6115393 (2000-09-01), Engel et al.
patent: 6134664 (2000-10-01), Walker
patent: 6263444 (2001-07-01), Fujita
patent: 6279113 (2001-08-01), Vaidya
patent: 6282546 (2001-08-01), Gleichauf et al.
patent: 6301668 (2001-10-01), Gleichauf et al.
patent: 6304262 (2001-10-01), Maloney et al.
patent: 6304903 (2001-10-01), Ward
patent: 6327550 (2001-12-01), Vinberg et al.
patent: 6651099 (2003-11-01), Dietz et al.
patent: 2002/0032880 (2002-03-01), Poletto et al.
patent: 2002/0035683 (2002-03-01), Kaashoek et al.
patent: 0 985 995 (2000-03-01), None
patent: WO 00/34847 (2000-06-01), None
Hagan, Neueral Network Design, 1996, PWS Publishing Company, pp. 14-5 to 14-13.
Planquart, Application of Neural Networks to Intrusion Detection, Jul. 29, 2001, http://.www.sans.org/rr/whitepapers/detection/.
G. Bigna, et al.,NetSTAT: A Network-based Intrusion Detection Approach, Proc. of the 14th Annual Computer Security Application Conf., Scottsdale, AZ, (Dec. 1998).
C. Prosise, et al.,Catch Hackers in the Act, <http://builder.cnet.com/webbuilding/0-7532-8-4011019-4.html>, (Dec. 13, 2000).
The Science of Intrusion Detection System Attack Identification, Cisco Systems, Inc., (2002).
C. Gerg,A Platform-Independent Discussion of Network Security, Information Security Bulletin, pp. 29-33, (May 2001).
A. Allan,Intrusion Detection Systems (IDSs): Perspective, Gartner, (Jan. 4, 2002).
Snort Overview, <http://www.snort.org/docs/writing—rules/chap1.html>, (Jul. 15, 2002).
W. Simonds,Bad Packets: Snort—The Dobermans Behind the Firewall, searchNetworking.com, (Feb. 28, 2002).
Roundtable—IDS At the Crossroads, Information Security Magazine, (Jun. 2002).
E. Duggan,Hackers Warn of ‘Crackers’, The South Florida Business Journal, (Jul. 5-11, 2002).
Christopher & Weisberg P.A.
Greenberg Steven M.
Klimach Paula
Song Hosuk
Steelcloud, Inc.
LandOfFree
Intrusion detection system using self-organizing clusters does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Intrusion detection system using self-organizing clusters, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Intrusion detection system using self-organizing clusters will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3528642