Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Patent
1998-07-06
2000-10-17
Beausoliel, Jr., Robert W.
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
G06F 1300
Patent
active
061346640
ABSTRACT:
A method of reducing the volume of native audit data from further analysis by a misuse and intrusion detection engine is disclosed. Typically, more than ninety percent of the volume of audit information received from heterogeneous operating systems does not need to be analyzed by a misuse and intrusion detection engine because this audit information can be filtered out as not posing a security threat. Advantageously, by reducing (eliminating) the volume of audit information, a misuse and intrusion engine can more quickly determine whether a security threat exists because the volume of data that the engine must consider is drastically reduced. Also, advantageously, the audit information that is forwarded to the engine is normalized to a standard format, thereby reducing the computational requirements of the engine. The method of reducing the volume of native audit data includes comparing each of the native audits against at least one template and against at least one native audit. By matching the native audits against templates of native audits that do not pose security threats, the native audits that do not pose security threats can be reduced out from further consideration. The native audits that are determined to pose potential security threats are transformed into a standardized format for further analysis by a misuse and intrusion detection engine.
REFERENCES:
patent: 5557742 (1996-09-01), Smaha et al.
patent: 5561795 (1996-10-01), Sarkar
patent: 5745753 (1998-04-01), Mosher, Jr.
patent: 5778076 (1998-07-01), Kara et al.
patent: 5987611 (1999-11-01), Freund
"DID (Distribution Intrusion Detection System)--Motivation, Architecture, and An Early Prototoype", S.R. Snapp, et al., Proc. 14th Nat'l Computer Security Conf., Washington, D.C. (Oct. 1991), pp. 167-176.
"An Intrusion-Detection Model", D. Denning, IEEE Transactions on Software Engineering, vol. SE-13, No. 2, Feb. 1987.
Beausoliel, Jr. Robert W.
Elisca Pierre Eddy
PRC Inc.
LandOfFree
Method and system for reducing the volume of audit data and norm does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for reducing the volume of audit data and norm, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for reducing the volume of audit data and norm will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-479636