Excavating
Patent
1994-03-07
1996-09-17
Beausoliel, Jr., Robert W.
Excavating
371 671, 39518501, G06F 1134
Patent
active
055577423
ABSTRACT:
A processing system intrusion and misuse detection system and method utilizes instructions for and steps of processing system inputs into events and processing the events with reference to a set of selectable misuses in a misuse engine to produce one or more misuse outputs. The system and method convert processing system generated inputs to events by establishing an event data structure that stores the event. The event data structure includes authentication information, subject information, and object information. Processing system audit trail records, system log file data, and system security state data are extracted from the processing system to form the event data structure. A signature data structure stores signatures that the misuse engine compares and matches to selectable misuses. The signature data structure includes an initial state for each selectable misuse, an end state for each selectable misuse, one or more sets of transition functions for each selectable misuse, and one or more states for each selectable misuse, which can include the end state or the initial state. Furthermore, a misuse output and an index are utilized so that for each selectable misuse element there is a mechanism for loading the signature data structure.
REFERENCES:
patent: 4672609 (1987-06-01), Humphrey et al.
patent: 4773028 (1988-07-01), Tallman
patent: 5210704 (1993-05-01), Husseiny
H. Debar, M. Becker, D. Siboni, "A Neural Network Component for an Intrusion Detection System", IEEE 1992, pp. 240-250.
D. Denning, "An Intrusion Detection Model", IEEE Transactions of Software Engineering, vol. SE-13, No. 2, Feb. 1987, pp. 222-232.
C. Dowell and P. Ramstedt, "The Computerwatch Data Reduction Tool", AT&T Bell Laboratories, pp. 99-108.
T. Garvey and T. Lunt, "Model-Based Intrusion Detection", Proceedings of the 14th National Computer Security Conference, Washington, DC, Oct. 1991, pp. 1-14.
H. Javitz and A. Valdez, "The SRI IDES Statistical Anomaly Detector", Proceedings of the 1991 IEEE Symposium on Security and Privacy, Oakland, CA, May, 1991, pp. 1-11.
L. Lankewicz and M. Benard, "Real-Time Anomaly Detection Using a Nonparametric Pattern Recognition Approach", Department of Computer Science, Tulane University, pp. 80-89.
G. Liepins and H. Vaccaro, "Anomaly Detection: Purpose and Framework", pp. 495-504.
T. Lunt and R. Jagannathan, "A Prototype Real-Time Intrusion-Detection Expert System,", Proceedings of the 1988 IEEE Symposium on Security and Privacy, Apr. 1988, pp. 1-8.
T. Lunt, "Automated Audit Trail Analysis and Intrusion Detection: A Survey", Proceedings of the 11th National Computer Security Conference, Oct., 1988, pp. 1-9.
T. Lunt, R. Jagannathan, R. Lee, A. Whitehurst, and S. Listgarten, "Knowledge-BasedIntrusion Detection", pp. 102-107.
M. Sebring, E. Shellhouse, M. Hanna, and R. Whitehurst, "Expert Systems in Intrusion Detection: A Case Study", pp. 74-81.
K. Fox, R. Henning, J. Reed, and R. Simonian, "A Neural Network Approach Towards Intrusion Detection", Harris Corporation, Government Information Systems Division, Jul. 2, 1990, pp. 125-134.
S. Smaha, "Haystack: An Intrusion Detection System", Proceedings of the IEEE Fourth Aerospace Computer Security Applications Conference, 1988, pp. 37-44.
S. Snapp, "Signature Analysis and Communication Issues in a Distributed Intrusion Detection System", MS Thesis, Division of Computer Science, University of California at Davis, 1991, pp. 1-40.
S. Snapp, J. Brentano, G. Dias, T. Goan, T. Heberlein, C. Ho, K. Levitt, B. Mukherjee, S. Smaha, T. Grance, D. Teal, and D. Mansur, "DIDS ( Distributed Intrusion Detection System)-Motivation, Architecture, and an Early Prototype", Computer Security Laboratory, Division of Computer Science, University of California at Davis, pp. 167-176.
W. Tener, "AI and 4GL: Automated Detection and Investigation and Detection Tools", Computer Security in the Age of Information, Proceedings of the Fifth IFIP International Conference on Computer Security, May 19-21, 1988, pp. 23-29.
W. Tener, "Discovery: An Expert System in the Commercial Data Security Environment", Computer Security Journal, vol. VI, Number 1, pp. 45-53.
H. Teng, K. Chen, and S. Lu, "Adaptive Real-Time Anomaly Detection using Inductively Generated Sequential Patterns ", 1990 IEEE, pp. 278-284.
H. Vaccaro and G. Liepins, "Detection of Anomalous Computer Session Activity", 1989 IEEE, pp. 280-289.
W. Weiss and A. Baur, "Analysis of Audit and Protocol Data Using Methods from Artificial Intelligence", Siemens AG, West Germany, pp. 109-114.
J. Winkler, "A UNIX Prototype for Intrusion and Anomaly Detection in Secure Networks," Proceedings of the 13th National Computer Security Conference, Oct., 1990.
"A Pattern-Oriented Intrusion-Detection Model and Its Application" by Shieh and Gligor; 1991.
"The NIDES Statistical Component Description and Justification" by Javitz and Valdes; Mar. 7, 1994.
Smaha Stephen E.
Snapp Steven R.
Beausoliel, Jr. Robert W.
Chung Phung My
Haystack Labs, Inc.
Shaffer J. Nevin
LandOfFree
Method and system for detecting intrusion into and misuse of a d does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for detecting intrusion into and misuse of a d, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for detecting intrusion into and misuse of a d will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-421287