Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2002-06-13
2009-11-24
LaForgia, Christian (Department: 2439)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C726S022000, C705S051000, C705S052000, C705S053000, C705S054000, C713S189000, C713S190000, C713S191000, C713S192000, C713S193000, C717S174000, C717S175000, C717S176000, C717S177000, C717S178000
Reexamination Certificate
active
07624444
ABSTRACT:
A method of detecting intrusions on a computer includes the step of identifying an internet protocol field range describing fields within internet protocol packets received by a computer. A connectivity range is also established which describes a distribution of network traffic received by the computer. An internet protocol field threshold and a connectivity threshold are then determined from the internet protocol field range and connectivity range, respectively. During the operation of the computer, values are calculated for the internet protocol field range and connectivity range. These values are compared to the internet protocol metric threshold and connectivity metric threshold so as to identify an intrusion on the computer.
REFERENCES:
patent: 4888800 (1989-12-01), Marshall et al.
patent: 5557742 (1996-09-01), Smaha et al.
patent: 5621889 (1997-04-01), Lermuzeaux et al.
patent: 5769942 (1998-06-01), Maeda
patent: 5798706 (1998-08-01), Kraemer et al.
patent: 5805801 (1998-09-01), Holloway et al.
patent: 5812763 (1998-09-01), Teng
patent: 5864683 (1999-01-01), Boebert et al.
patent: 5892903 (1999-04-01), Klaus
patent: 5898830 (1999-04-01), Wesinger, Jr. et al.
patent: 5905859 (1999-05-01), Holloway et al.
patent: 5919257 (1999-07-01), Trostle
patent: 5919258 (1999-07-01), Kayashima et al.
patent: 5940591 (1999-08-01), Boyle et al.
patent: 5960170 (1999-09-01), Chen et al.
patent: 6038317 (2000-03-01), Magliveras et al.
patent: 6052531 (2000-04-01), Waldin et al.
patent: 6052788 (2000-04-01), Wesinger, Jr. et al.
patent: 6079020 (2000-06-01), Liu
patent: 6088804 (2000-07-01), Hill et al.
patent: 6119236 (2000-09-01), Shipley
patent: 6154844 (2000-11-01), Touboul et al.
patent: 6178509 (2001-01-01), Nardone et al.
patent: 6185678 (2001-02-01), Arbaugh et al.
patent: 6185689 (2001-02-01), Todd, Sr. et al.
patent: 6243815 (2001-06-01), Antur et al.
patent: 6279113 (2001-08-01), Vaidya
patent: 6301668 (2001-10-01), Gleichauf et al.
patent: 6301699 (2001-10-01), Hollander et al.
patent: 6353385 (2002-03-01), Molini et al.
patent: 6393568 (2002-05-01), Ranger et al.
patent: 6405318 (2002-06-01), Rowland
patent: 6484203 (2002-11-01), Porras et al.
patent: 6487666 (2002-11-01), Shanklin et al.
patent: 6490680 (2002-12-01), Scheidt et al.
patent: 6546486 (2003-04-01), Perlman et al.
patent: 6647400 (2003-11-01), Moran
patent: 6704874 (2004-03-01), Porras et al.
patent: 6775657 (2004-08-01), Baker
patent: 6789202 (2004-09-01), Ko et al.
patent: 6883101 (2005-04-01), Fox et al.
patent: 6910135 (2005-06-01), Grainger
patent: 6944673 (2005-09-01), Malan et al.
patent: 6947936 (2005-09-01), Suermondt et al.
patent: 6968336 (2005-11-01), Gupta
patent: 7234168 (2007-06-01), Gupta et al.
patent: 7308715 (2007-12-01), Gupta et al.
patent: 2002/0019945 (2002-02-01), Houston et al.
patent: 2002/0078381 (2002-06-01), Farley et al.
patent: 2002/0087882 (2002-07-01), Schneier et al.
patent: 2002/0104025 (2002-08-01), Wrench, Jr.
patent: 2002/0112185 (2002-08-01), Hodges
patent: 2002/0131366 (2002-09-01), Sharp et al.
patent: 2002/0133586 (2002-09-01), Shanklin et al.
patent: 2002/0143963 (2002-10-01), Converse et al.
patent: 2002/0147925 (2002-10-01), Lingafelt et al.
patent: 2003/0004688 (2003-01-01), Gupta et al.
patent: 2003/0004689 (2003-01-01), Gupta et al.
patent: 2003/0014662 (2003-01-01), Gupta et al.
patent: 2003/0105859 (2003-06-01), Garnett et al.
patent: 2004/0193482 (2004-09-01), Hoffman et al.
patent: 2005/0235360 (2005-10-01), Pearson
patent: 01/91418 (2001-11-01), None
patent: 02/15479 (2002-02-01), None
patent: WO 02/101516 (2002-12-01), None
Pettinari, Dave, Investigating Cyber Crime/Hacking and Intrusions Apr. 1, 2000, Standard Operatinf Procedures Pueble High-Tech Crimes Unit pp. 1-8.
Giovanni Vigna, et al., “NetSTAT: A Network-Based Intrusion Detection System,” Department of Computer Science,University of California Santa Barbara, pp. 1-46. Supported under Agreement No. F30602-97-1-0207.
Y. F. Jou, et al., and S.F. Wu, et al., “Design and Implementation of a Scalable Intrusion Detection System for the Protection of Network Infrastructure,”Advanced Networking Research, MCNC, RTP, NC, et al., pp. 15.
Ivan Krsul, “Computer Vulnerability Analysis Thesis Proposal,” The COAST Laboratory, Department of Computer Sciences,Purdue University, IN, Technical Report CSD-TR-97-026. Apr. 15, 1997, pp. 1-23.
Matt Bishop, “Vulnerabilities Analysis,” Department of Computer Science,Universiry of California at Davis, pp. 1-12.
Matt Bishop, “A Taxonomy of UNIX System and Network Vulnerabilities,”CSE-95-10, May 1995, pp. 17.
Matt Bishop, et al., “A Critical Analysis of Vulnerability Taxonomics,”CSE-96-11, Sep. 1996, pp. 1-14.
Dawn X. Song, et al., “Advanced and Authenticated Marking Schemes for IP Traceback,” Report No. UCB/CSD-00-1107, Computer Science Division (EECS),University of California, Berkeley, Jun. 2000, pp. 1-11.
Chien-Lung Wu, et al., IPSec/PHIL (Packet Header Information List): Design, Implementation, and Evaluation,NC State University, Raleigh, NC, et al., pp. 6.
Allison Mankin, et al., “On Design and Evaluation of “Intention-Driven” ICMP Traceback,”USC/ISI, et al., pp. 7.
Brian Carrier, et al., “A Recursive Session Token Protocol for Use in Computer Forensic and TCP Traceback,” CERIAS,Purdue University, West Lafayette, IN, et al., 2002 IEEE, pp. 7.
Stefan Savage, et al., “Practical Network Support for IP Traceback,” Department of Computer Science and Engineering,University of Washington, Seattle, WA. Copyright 2000, pp. 12.
Diheng Qu, et al., “Statistical Anomaly Detection for Link-State Routing Protocols,” Computer Science Department,North Carolina State University, Raleigh, NC, et al . . . , Supported under Contract No. F30602-96-C-0325, pp. 9.
Office Action Summary from U.S. Appl. No. 10/172,803 mailed on Mar. 2, 2006.
Final Office Action Summary from U.S. Appl. No. 10/172,803 mailed on Aug. 15, 2006.
Office Action Summary from U.S. Appl. No. 10/171,805 mailed on Dec. 12, 2005.
Final Office Action Summary from U.S. Appl. No. 10/171,805 mailed on May 22, 2006.
Office Action Summary from U.S. Appl. No. 10/172,764 mailed on Jan. 12, 2006.
Final Office Action Summary from U.S. Appl. No. 10/172,764 mailed on Jun. 21, 2006.
Office Action Summary from U.S. Appl. No. 11/331,730 mailed on Jun. 4, 2009.
Amidon Keith E.
Gong Fengmin
Gupta Ramesh M.
Haeffele Steve M.
Jain Parveen K.
LaForgia Christian
McAfee, Inc.
Tolentino Roderick
Zilka-Kotab, PC
LandOfFree
Method and apparatus for detecting intrusions on a computer... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for detecting intrusions on a computer..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for detecting intrusions on a computer... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4108718