Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2007-12-11
2007-12-11
Zia, Syed A. (Department: 2131)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C709S223000, C709S224000, C713S155000, C713S168000, C713S188000
Reexamination Certificate
active
09966227
ABSTRACT:
An intrusion detection system is improved by altering its signatures and thresholds during a denial of service attack, in order to decrease the rate at which an intrusion detection sensor sends alerts to an intrusion detection server. A governor within the sensor is associated with each signature. The governor may include an alert log, a timer, an alert-generation-rate threshold, and rules that prescribe actions to be taken when the alert-generation-rate threshold is exceeded. The governor records the generation time of each alert by the sensor, and determines the rate at which the sensor is presently generating alerts. When the present alert-generation rate exceeds the alert-generation-rate threshold, the governor alters the associated signature threshold to decrease the alert generation rate of the intrusion detection sensor.
REFERENCES:
patent: 5440688 (1995-08-01), Nishida
patent: 5919258 (1999-07-01), Kayashima et al.
patent: 6006016 (1999-12-01), Faigon et al.
patent: 6012087 (2000-01-01), Freivald et al.
patent: 6070191 (2000-05-01), Narendran et al.
patent: 6279113 (2001-08-01), Vaidya
patent: 6328135 (2001-12-01), Sirag et al.
patent: 6425006 (2002-07-01), Chari et al.
patent: 6487204 (2002-11-01), Dacier et al.
patent: 6487666 (2002-11-01), Shanklin et al.
patent: 6513129 (2003-01-01), Tentij et al.
patent: 6570968 (2003-05-01), Marchand et al.
patent: 6704874 (2004-03-01), Porras et al.
patent: 6725377 (2004-04-01), Kouznetsov
patent: 6772349 (2004-08-01), Martin et al.
patent: 6826697 (2004-11-01), Moran
patent: 6909692 (2005-06-01), Sharma et al.
patent: 6928556 (2005-08-01), Black et al.
patent: 6981280 (2005-12-01), Grupe
patent: 6996843 (2006-02-01), Moran
patent: 7032114 (2006-04-01), Moran
patent: 7069588 (2006-06-01), Call et al.
patent: 7203962 (2007-04-01), Moran
patent: 00/62167 (2000-10-01), None
Lunt, Teresa, “Detecting Intruders in Computer Systems”, 1993 Conference of Auditing and Computer Systems, www.alw.nih.gov/Security/FIRST/papars/unix
ides/canada93.ps.
Muller, N. J. 1997. Improving Network Operations With Intelligent Agents. Int. J. Netw. Manag. 7, 3 (Jul. 1997), 116-126.
Kargl, F., Maier, J., and Weber, M. 2001. Protecting web servers from distributed denial of service attacks. In Proceedings of the 10th international Conference on World Wide Web (Hong Kong, Hong Kong, May 1-5, 2001). WWW '01. ACM Press, New York, NY, 514-524.
IBM Technical Disclosure Bulletin, vol. 39, No. 09. Sep. 1996 “Security Feature for Local Area Network Switches”.
Feingold, R. et al. “Verifying the Secure Setup of Unix Client/Servers and Detection of Network Intrusion”, Proceedings of the SPIE, The International Society for Optical Engineering, vol. 2616, pp. 55-64, 1996.
Nong, Ye et al. “Application of Decision Tree Classifiers to Computer Intrusion Detection”, Data Mining II. Second International Conference on Data Mining, pp. 381-390, Jul. 2000.
Hashim, SJ et al. “Computer Network Intrusion Detection Software Development” 2000 TENCON Proceedings. Intelligent Systems and Technologies for the New Millennium, IEEE Region 10, vol. 3, pp. 117-123, 2000.
Kent, S. “On the Trail of Intrusions into Information Systems” IEEE Spectrum, vol. 37, No. 12, pp. 52-56, Dec. 2000.
Wen, BS “Open-Source Intrusion-Detection Tools for Linux” Linux Journal, No. 78, pp. 104-110, Oct. 2000.
Dickerson, JE et al. “Fuzzy Network Profiling for Intrusion Detection”, PeachFuzz 2000. 19thInternational Conference of the North American Fuzzy Information Processing Society, IEEE System, pp. 301-306, Jul. 2000.
Manganaris, S. et al. “A Data Mining Analysis of RTID Alarms” IBM Corp. Computer Networks, vol. 34, No. 4, pp. 571-577, Oct. 2000.
Petersen, KL. “IDA—Intrusion Detection Alert”, Proceedings, The Sixteenth Annual International Computer Software and Applications Conference, IEEE, pp. 306-311, Sep. 1992.
Bardsley Jeffrey Scott
Brock Ashley Anderson
Kim Nathaniel Wook
Lingafelt Charles Steven
Henning Matthew T
Irvin David R.
Pivnichny John R.
Schmeiser Olsen & Watts
Zia Syed A.
LandOfFree
Limiting the output of alerts generated by an intrusion... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Limiting the output of alerts generated by an intrusion..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Limiting the output of alerts generated by an intrusion... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3862778