Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2006-04-04
2006-04-04
Morse, Gregory (Department: 2134)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
Reexamination Certificate
active
07024694
ABSTRACT:
One embodiment of the present invention provides content-based intrusion detection for a computer system by using an agile kernel-based auditing system. This auditing system operates by receiving an audit specification that specifies target attributes to be recorded during an auditing process. The audit specification also specifies an auditing criterion that triggers recording of the target attributes. Upon receiving the audit specification, the auditing system is configured to record the target attributes during system calls whenever the auditing criterion is satisfied. Next, an application program is monitored by the auditing system to produce an audit log containing the recorded target attributes. This audit log is examined in order to detect patterns for intrusion detection purposes. In one embodiment of the present invention, configuring the auditing system involves compiling the audit specification to produce a kernel module, and then loading the kernel module into a kernel of an operating system. It also involves linking code from within the kernel module into system calls within the operating system. In one embodiment of the present invention, in response to detecting an event during the auditing process, the system dynamically adjusts the auditing system to change the auditing criterion and/or the target attributes for subsequent operation of the auditing system.
REFERENCES:
patent: 4713754 (1987-12-01), Agarwal et al.
patent: 5278901 (1994-01-01), Shieh et al.
patent: 5485409 (1996-01-01), Gupta et al.
patent: 5513317 (1996-04-01), Borchardt et al.
patent: 5557742 (1996-09-01), Smaha et al.
patent: 5621889 (1997-04-01), Lermuzeaux et al.
patent: 5623601 (1997-04-01), Vu
patent: 6275942 (2001-08-01), Bernhard et al.
patent: 6347374 (2002-02-01), Drake et al.
patent: 6408391 (2002-06-01), Huff et al.
patent: 6584508 (2003-06-01), Epstein et al.
Kernighan et al., “The UNIX Programming Environment,” 1984., pp. 174, 201-217.
Microsoft Computer Dictionary, 5th Edition, pp. 42, 166, 264, 285, 286, 300, and 343.
Hamaty Christopher J.
Heneghan Matthew
McAfee, Inc.
Morse Gregory
Zilka-Kotab, PC
LandOfFree
Method and apparatus for content-based instrusion detection... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for content-based instrusion detection..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for content-based instrusion detection... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3596628