Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2005-03-10
2010-12-14
Lanier, Benjamin E (Department: 2432)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
Reexamination Certificate
active
07854003
ABSTRACT:
A method and system is provided for detecting correlated connections in an extended connection. A plurality of stepping stone detection algorithms are executed in parallel (400), each of the plurality of stepping stone detection algorithms generating a result. The results are scored for each of the plurality of stepping stone detection algorithms (402). A consensus attack path is generated based upon the scored results (404).
REFERENCES:
patent: 6513065 (2003-01-01), Hafez et al.
patent: 2002/0019764 (2002-02-01), Mascarenhas
patent: 2003/0182282 (2003-09-01), Ripley
Yin Zhang, Vern Paxson, “Detecting Stepping Stones”, 2000, pp. 1-21.
Wang, X., Reeves, D.S., Wu, S.F. and Yuill, J.—Sleepy Watermark Tracing: An Active Network-Based Intrusion Response Framework (16 pages) Jun. 2001.
Yoda, K. and Etoh, H.—Finding a Connection Chain for Tracing Intruders (15 pages) Oct. 2000.
Zhang, Y. and Paxson, V.—Detecting Stepping Stones (21 pages) Aug. 2000.
Belenky, A., and Ansari, on IP Traceback.IEEE Communications Magazine 41, 7(2003), 142-153.
Bellovin, S.M., Leech, M., and Taylor, T. ICMP traceback messages. Internet Draft, Oct. 2001. draft-ietf-itrace-01.text (work in progress).
Bloom, B.H. Space/time trade-offs in hash coding with allowable errors. Communicationsof ACM 13, 7 (Jul. 1970), 422-426.
Buchholz, F.P. and Shields, C. Providing process origin information to aid in network traceback.In Proc. USENIX Annual Technical Conference(Jun. 2002).
Burch, H., and Cheswick, B. Tracing anonymous packets to their approximate source. InProc. USENIX LISA '00(Dec. 2000).
Cappe, O., Moulines, E. Pesquet, J.C., Petropulu, A., Yang, X. Long-range dependence and heavy-tail modeling for teletraffic data.IEEE Signal Processing Magazine 19-3(2002), 14-27.
Carrier, B., and Shields, C. A recursive session token protocol for use in computer forensics and tcp traceback. InProc. IEEE Infocom '02(Jun. 2002).
Donoho, D.L., Flesia, A.G., Shankar, U., Paxson, V., Coit, J., and Staniford, S. Multiscale stepping-stone detection: Detecting pairs of jittered interactive streams by exploiting maximum tolerable delay.In Proc. International Symposium on Recent Advances in Intrusion Detection(Oct. 2002), pp. 14-35.
Egevang, K., and Francis, P. The ip network address translator. RFC 1631, May 1994.
Fan, L., Cao, P. Almeida, J., and Broder, A.Z. Summary cache: a scalable wide-area web cache sharing protocol.ACM/IEEE Trans. On Networking 8, 3 (2000), 281-293.
Ferguson, P. and Senie, D. Network ingress filtering: Defeating denial of service attacks which employ IP source address spoofing. RFC 2267, Jan. 1998.
Hazeyama, H., Oe, M., and Kadobayashi, Y. A layer-2 extension to hash-based IP traceback.IEICE Trans. on Information&Systems, Nov. 2003.
Howard, J.D. An analysis of security incidents on the internet. 1989-1995. PhD Thesis. Apr. 1997. http://www.cert.org/research/JHThesis/Start.html.
Johns, M. S. Identification Protocol. RFC 1413, Feb. 1993.
Jones, C.E., Tchakountio, F., Snoeren, A.C., Schwartz, B., Clements, R.C., Condell, M., Partridge, C., and Strayer, W.T. Traceback of ip packet transformations. Internal technical memo, BBN Technologies, 2002.
Jung, H.T., Kim, H.L., Seo, Y., Choe, G., Min, S.L., and Kim, C.S. Caller identification system in the internet environment. InProc. USENIX Security Symposium'93 (Oct. 1993).
Lee, S.C., and Shields, C. Tracing the source of network attack: A technical, legal and societal problem. In Proc.IEEE Systems, Man, and Cybernetics Information Assurance Workshop(2001).
Libes, D. The Expect home page. Tech. rep., National Institute of Standards and Technology. http://expect.nist.gov/. Jun. 11, 2004.
Mankin, A., Massey, D., Wu, C.L. Wu, S.F., and Zhang, L. On design and evaluation of “intention-driven” ICMP traceback. InProc. IEEE International Conference on Computer Communications and Networks(Oct. 2001).
Partridge, C., Cousins, D.B., Jackson, A.W., Krishnan, R., Saxena, T., and Strayer, W.T. Using signal processing to analyze wireless data traffic. In Proc.ACM Workshop on Wireless Security(WiSe) (Sep. 2002).
Paxson, V. Bro: A system for detecting network intruders in real-time. InProc. USENIX Security Symposium, Jan. 1998.
Paxson, V. An analysis of using reflectors for distributed denial-of-service attacks.ACM Comp. Comm. Review 31.3(2001).
Perkins, C.E. IP mobility support for IPv4. RFC 3344. Aug. 2002.
Rekhter, Y., Moskowitz, B., Karrenberg, D., De Groot, G.J., and Lear, E. Address allocation for private internets. RFC 1918, Feb. 1996.
Sager, G. Security fun with OCxmon and cflowd. Internet 2 Working Group Meeting, Nov. 1998. http://www.caida.org/projects/NGI/content/security/1198.
Sanchez, L.A., Milliken, W.C., Snoeren, A.C., Tchakountio, F., Jones, C.E., Kent, S.T., Partridge, C., and Strayer, W.T. Hardware support for a hash-based IP traceback.In Proc. Second DARPA Information Survivability Conference and Exposition(Jun. 2001), vol. 2, pp. 146-152.
Savage, S., Wetherall, D., Karlin, A., and Anderson, T. Network support for IP traceback.ACM/IEEE Trans. on Networking 9, 3(Jun. 2001), 226-239.
Schnackenberg, D., Djahandari, K., and Sterne, D. Infrastructure for intrusion detection and response. InProc. First DARPA Information Survivability Conference and Exposition(Jan. 2000).
Snapp, S.R., Brentano, J., Dias, G.V., Goan, T.L., Heberlein, L.T., Ho, C.L., Levitt, K.N., Mukherjee, B., Smaha, S.E., Grance, T., Teal, D.M., and Mansur, D. DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype. InProc. National Computer Security Conference(Oct. 1991), pp. 167-176.
Snoeren, A.C., Partridge, C., Sanchez, L.A., Jones, C.E., Tchakountio, F., Schwartz, B., Kent, S.T., and Strayer, W.T. Single-packet IP traceback.ACM/IEEE Trans. on Networking(Dec. 2002).
Song, D.X., and Perrig, A. Advanced and authenticated marking schemes for IP traceback. InProc. IEEE Infocom '01(Apr. 2001).
Staniford-Chen, S., and Heberlein, L.T. Holding intruders accountable on the internet. InProc. IEEE Symposium on Security and Privacy '95(May 1995), pp. 39-49.
Stone, R. CenterTrack: An IP overlay network for tracking DoS floods. InProc. USENIX Security Symposium '00(Aug. 2000).
Wang, X., and Reeves, D.S. Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays. InProc. ACM Symposium on Computer and Communications Security(CCS) (Oct. 2003).
Castineyra Isidro Marcos
Hain Regina Rosales
Jones Christine Elaine
Strayer William Timothy
Lanier Benjamin E
Verizon Corporate Services Group Inc. & Raytheon BBN Techno
Zecher Cordelia
LandOfFree
Method and system for aggregating algorithms for detecting... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for aggregating algorithms for detecting..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for aggregating algorithms for detecting... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4168761