Information security – Access control or authentication – Network
Reexamination Certificate
2005-03-01
2010-11-30
Korzuch, William R (Department: 2431)
Information security
Access control or authentication
Network
C726S011000, C726S023000, C713S151000, C719S317000, C719S318000, C709S224000, C709S225000
Reexamination Certificate
active
07844999
ABSTRACT:
Device discovery can be made efficient using certain embodiments of the present invention. In one embodiment, the present invention includes accessing a message in a message log, wherein the message log associates a host identifier with the message, the host identifier being an identifier of a host that sent the message to the message log. Then a list of parsers associated with the host identifier associated with the message can be accessed and parsing the message using parsers from the list of parsers associated with the host identifier can be attempted. If the parsing is unsuccessful, a device type of an originator of the message can be discovered, and a parser associated with the discovered device type can be added to the list of parsers associated with the host identifier.
REFERENCES:
patent: 5557742 (1996-09-01), Smaha et al.
patent: 5717919 (1998-02-01), Kodavalla et al.
patent: 5802178 (1998-09-01), Holden et al.
patent: 5850516 (1998-12-01), Schneier
patent: 5956404 (1999-09-01), Schneier et al.
patent: 5963742 (1999-10-01), Williams
patent: 5978475 (1999-11-01), Schneier et al.
patent: 6009203 (1999-12-01), Liu et al.
patent: 6070244 (2000-05-01), Orchier et al.
patent: 6134664 (2000-10-01), Walker
patent: 6192034 (2001-02-01), Hsieh et al.
patent: 6275942 (2001-08-01), Bernhard et al.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6408391 (2002-06-01), Huff et al.
patent: 6408404 (2002-06-01), Ladwig
patent: 6484203 (2002-11-01), Porras et al.
patent: 6542075 (2003-04-01), Barker et al.
patent: 6694362 (2004-02-01), Secor et al.
patent: 6704874 (2004-03-01), Porras et al.
patent: 6708212 (2004-03-01), Porras et al.
patent: 6711615 (2004-03-01), Porras et al.
patent: 6839850 (2005-01-01), Campbell et al.
patent: 6907564 (2005-06-01), Burchhardt et al.
patent: 6928556 (2005-08-01), Black et al.
patent: 6966015 (2005-11-01), Steinberg et al.
patent: 6985920 (2006-01-01), Bhattacharya et al.
patent: 6988208 (2006-01-01), Hrabik et al.
patent: 7039953 (2006-05-01), Black et al.
patent: 7043727 (2006-05-01), Bennett et al.
patent: 7089428 (2006-08-01), Farley et al.
patent: 7127743 (2006-10-01), Khanolkar et al.
patent: 7159237 (2007-01-01), Schneier et al.
patent: 7171689 (2007-01-01), Beavers
patent: 7188346 (2007-03-01), Martin et al.
patent: 7191362 (2007-03-01), Boudnik et al.
patent: 7219239 (2007-05-01), Njemanze et al.
patent: 7260844 (2007-08-01), Tidwell et al.
patent: 7278160 (2007-10-01), Black et al.
patent: 7308689 (2007-12-01), Black et al.
patent: 7333999 (2008-02-01), Njemanze
patent: 7376969 (2008-05-01), Njemanze et al.
patent: 7483972 (2009-01-01), Bhattacharya et al.
patent: 7596793 (2009-09-01), Grabarnik et al.
patent: 7644365 (2010-01-01), Bhattacharya et al.
patent: 2002/0019945 (2002-02-01), Houston et al.
patent: 2002/0099958 (2002-07-01), Hrabik et al.
patent: 2002/0104014 (2002-08-01), Zobel et al.
patent: 2002/0141449 (2002-10-01), Johnson
patent: 2002/0147803 (2002-10-01), Dodd et al.
patent: 2002/0184532 (2002-12-01), Hackenberger et al.
patent: 2003/0084349 (2003-05-01), Friedrichs et al.
patent: 2003/0093514 (2003-05-01), Valdes et al.
patent: 2003/0093692 (2003-05-01), Porras
patent: 2003/0101358 (2003-05-01), Porras et al.
patent: 2003/0187972 (2003-10-01), Bauchot
patent: 2003/0188189 (2003-10-01), Desai et al.
patent: 2003/0221123 (2003-11-01), Beavers
patent: 2004/0010718 (2004-01-01), Porras et al.
patent: 2004/0024864 (2004-02-01), Porras et al.
patent: 2004/0044912 (2004-03-01), Connary et al.
patent: 2004/0221191 (2004-11-01), Porras et al.
patent: 2005/0022207 (2005-01-01), Grabarnik et al.
patent: 2005/0027845 (2005-02-01), Secor et al.
patent: 2005/0204404 (2005-09-01), Hrabik et al.
patent: 2005/0251860 (2005-11-01), Saurabh et al.
patent: 2006/0069956 (2006-03-01), Steinberg et al.
patent: 2006/0095587 (2006-05-01), Bhattacharya et al.
patent: 2006/0101516 (2006-05-01), Sudaharan et al.
patent: 2006/0168515 (2006-07-01), Dorsett et al.
patent: 2006/0212932 (2006-09-01), Patrick et al.
patent: 2007/0118905 (2007-05-01), Morin et al.
patent: 2007/0136437 (2007-06-01), Shankar et al.
patent: 2007/0150579 (2007-06-01), Morin et al.
patent: 2007/0162973 (2007-07-01), Schneier et al.
patent: 2007/0169038 (2007-07-01), Shankar et al.
patent: 2007/0234426 (2007-10-01), Khanolkar et al.
patent: 2007/0260931 (2007-11-01), Aguilar-Macias et al.
patent: 2008/0104046 (2008-05-01), Singla et al.
patent: 2008/0104276 (2008-05-01), Lahoti et al.
patent: 2008/0162592 (2008-07-01), Huang et al.
patent: 2008/0165000 (2008-07-01), Morin et al.
patent: 2009/0157574 (2009-06-01), Lee
patent: 2010/0058165 (2010-03-01), Bhattacharya et al.
patent: 2010/0083281 (2010-04-01), Malladi et al.
patent: WO 02/045315 (2002-06-01), None
patent: WO 02/060117 (2002-08-01), None
patent: WO 02/078262 (2002-10-01), None
patent: WO 02/101988 (2002-12-01), None
patent: WO 03/009531 (2003-01-01), None
patent: WO 2004/019186 (2004-03-01), None
patent: WO 2005/001655 (2005-01-01), None
patent: WO 2005/026900 (2005-03-01), None
Heberlein, L. T., et al., “A Method to Detect Intrusive Activity in a Networked Environment,” Proceedings of the Fourteenth National Computer Security Conference, NIST/NCSC, Oct. 1-4, 1991, Washington, D.C., pp. 362-371.
Javitz, H. S., et al., “The NIDES Statistical Component Description and Justification,” SRI Project 3131, Contract N00039-92-C-0015, Annual Report, A010, Mar. 7, 1994.
Jou, Y. F., et al., “Architecture Design of a Scalable Intrusion Detection System for the Emerging Network Infrastructure,” MCNC, Technical Report CDRL A005, Apr. 1997.
Porras, P. A., et al., “Live Traffic Analysis of TCP/IP Gateways,” Symposium on Networks and Distributed Systems Security, Internet Society, Mar. 1998.
Robinson, S. L., “Memorandum Opinion” inSRI International, Inc. v.Internet Security Systems, Inc. and Symantec Corporation(D. Del., Civ. No. 04-1199-SLR), Oct. 17, 2006.
Valdes, A., et al., “Statistical Methods for Computer Usage Anomaly Detection Using NIDES (Next-Generation Intrusion Detection Expert System),” Proceedings of the Third International Workship on Rough Sets and Soft Computing (RSSC 94), Jan. 27, 1995, San Jose, CA, pp. 306-311.
Arcsight, “About ArcSight Team,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/about—team.htm>.
Arcsight, “About Overview,” Oct. 14, 2002, [online] [Retrieved on Apr. 21, 2006] Retrieved from the Internet <URL: http://web.archive.org/web/20021014041614/http://www.arcsight.com/about.htm>.
Arcsight, “Contact Info,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/contact.htm>.
Arcsight, “Enterprise Coverage: Technology Architecture,” date unknown, [online] Retrieved from the Internet <URL: http://www.snaiso.com/Documentation/Arcsight/arcsight—archdta.pdf>.
Arcsight, “Managed Process: ArcSight Reporting System,” date unknown, [online] Retrieved from the Internet <URL: http://www.snaiso.com/Documentation/Arcsight/arcsight—reportsys.pdf>.
Arcsight, “Managed Process: Console-Based Management,” date unknown, [online] Retrieved from the Internet <URL: http://www.snaiso.com/Documentation/Arcsight/arcsight—console.pdf >.
Arcsight, “Precision Intelligence: SmartRules™ and Cross-Correlation,” date unknown, [online] Retrieved from the Internet <URL: http://www.snaiso.com/Documentation/Arcsight/arcsight—correlation.pdf>.
Arcsight, “Precision Intelligence: SmartAgent™,” date unknown, [online] Retrieved from the Internet <URL: http://www.ossmanagement.com/SmartAgent.pdf>.
Arcsight, “Product Info: Product Overview and Architecture,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/product.htm>.
A
Aguilar-Macias Hector
Subrahmanyam Rajiv
ArcSight, Inc.
Fenwick & West LLP
Korzuch William R
Su Sarah
LandOfFree
Message parsing in a network security system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Message parsing in a network security system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Message parsing in a network security system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4217508