Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2006-08-22
2006-08-22
Revak, Christopher (Department: 2131)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
Reexamination Certificate
active
07096499
ABSTRACT:
A real-time approach to detecting aberrant modes of system behavior induced by abnormal and unauthorized system activities indicative of abnormal activity of a software system is based on behavioral information obtained from a suitably instrumented computer program as it is executing. The theoretical foundation is founded on a study of the internal behavior of the software system. As a software system is executing, it expresses a set of its many functionalities as sequential events. Each of these functionalities has a characteristic set of modules that is executed to implement the functionality. These module sets execute with defined and measurable execution profiles among the program modules and within the execution paths of the individual modules, which change as the executed functionalities change. Over time, the normal behavior of the system will be defined by the boundary of the profiles. Abnormal activity of the system will result in behavior that is outside the normal activity of the system and thus result in a perturbation of the system in a manner outside the scope of the normal profiles. Such anomalies are detected by analysis and comparison of the profiles generated from an instrumented software system against a set of nominal execution profiles. Moreover, a method for reducing the amount of information necessary to understand the functional characteristics of an executing software system identifies the common sources of variation among the program instrumentation point frequencies and builds execution profiles based on a reduced set of virtual execution domains.
REFERENCES:
patent: 5067073 (1991-11-01), Andrews
patent: 5278901 (1994-01-01), Shieh et al.
patent: 5313616 (1994-05-01), Cline et al.
patent: 5355487 (1994-10-01), Keller et al.
patent: 5487131 (1996-01-01), Kassatly et al.
patent: 5499340 (1996-03-01), Barritz
patent: 5528753 (1996-06-01), Fortin
patent: 5539907 (1996-07-01), Srivastava et al.
patent: 5557742 (1996-09-01), Smaha et al.
patent: 5581482 (1996-12-01), Wiedenman et al.
patent: 5621889 (1997-04-01), Lermuzeaux et al.
patent: 5732273 (1998-03-01), Srivastava et al.
patent: 5790858 (1998-08-01), Vogel
patent: 5987250 (1999-11-01), Subrahmanyam
patent: 6009514 (1999-12-01), Henzinger et al.
patent: 6026236 (2000-02-01), Fortin et al.
patent: 6094530 (2000-07-01), Brandewie
patent: 6266408 (2001-05-01), Sirosh
patent: 6282701 (2001-08-01), Wygodny et al.
Anderson, D. et al., “Next-generation intrusion detection expert system (NIDES),” Technical Report, Computer Science Laboratory, SRI International, Menlo Park, CA, SRI-CSL-95-07, May, 1995, 1-37 (plus 6 additional pages).
Anderson, D. et al., “Detecting Unusual Program Behavior Using the Statistical Component of the Next-generation Intrusion Detection Expert System (NIDES),” SRI-CSL-95-06, SRI International, Menlo Park, CA, May, 1995, 1-71, 73-75, 77 (plus 6 additional pages).
Aslam, T. et al., “Use of A Taxonomy of Security Faults,” Technical Report TR-96-051, COAST Lab., Purdue University, presented at 19th National Information Systems Security Conference, Sep. 1996, 1-10.
Ball, T. et al., “Optimally Profiling and Tracing Programs,” Technical Report #1031, University of Wisconsin, Computer Science Dep., Sep. 1991, 1-27.
Bishop, M., “A Standard Audit Log Format,”Proc. of the 18th National Information Systems Security Conference, 1995, 136-145.
Bishop, M., “Profiling Under UNIX by Patching,”Software-Practice and Exp., Oct. 1987, 17(10), 729-739.
Crosbie, M. et al., “Defending a Computer System using Autonomous Agents,” Technical Report No. 95-022, COAST Laboratory, Dept. of Computer Sciences, Purdue University, Mar. 1994, 1-11.
Denning, D., “An Intrusion-Detection Model,”IEEE Transactions on Software Engineering, Feb. 1987, 13(2), 222-232.
Elbaum, S. et al., “Intrusion Detection through Dynamic Software Measurement,”Proc. Usenix Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California, Apr. 9-12, 1999, 1-10.
Graham, S.L. et al., “An Execution Profiler for Modular Programs,”Software-Practice and Exp., 1983, 13, 671-685.
Hall, R.J., “Call Path Profiling,”Proc. 14thInt'l ; Conf. Soft. Engineering, ACM, 1992, 296-306.
Halme, L. et al., “AINT misbehaving—a Taxonomy of Anti-intrusion Techniques,”Proc. of the 18th National Information Systems Security Conference, 1995, 13 pages.
Hochberg, J. et al., “NADIR: An Automated System for Detecting Network Intrusion and Misuse,”Computers&Security, 1993, 12(3), 235-248.
Ilgun, K., “USTAT: A Real-time Intrusion Detection System for UNIX,”Proc. of the IEEE Symposium on Research in Security and Privacy, May 24-26, 1993, 16-28.
Javitz, H. et al., “The SRI IDES Statistical Anomaly Detector,”Proc. of the IEEE Symposium on Research in Security and Privacy, May 20-22, 1991, 316-326.
Johnson, “Profiling for Fun and Profit,”UNSENIX Winter '90 Conference Proceedings, 1990, 325-330.
Jonsson, E. et al. “A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior,”IEEE Transactions on Software Engineering, Apr. 1997, 23(4), 235-245.
Kumar, S. et al., “A Pattern Matching Model for Misuse Intrusion Detection,”Proc. of the 17th National Computer Security Conference, COAST Laboratory, Dept. of Computer Sciences, Purdue University, Oct. 1994, 11-21.
Kumar, S. et al., “A Software Architecture to Support Misuse Intrusion Detection,”Proc. 18th National Information Systems Security Conference, COAST Laboratory, Dept. of Computer Sciences, Purdue University, Mar. 1995, 1-17.
Lankewicz, L. et al., “Real-Time Anomaly Detection Using a Nonparametric Pattern Recognition Approach,” Seventh Annual Computer Security Applications Conference, San Antonio, Texas, Dec. 2-6, 1991, 80-89.
Larus, J.R., “Abstract Execution: A Technique for Efficiently Tracing Programs,”Software-Practice and Experience, Dec. 1990, 20(12), 1241-1258.
Larus, J.R. et al., “Rewriting Executable Files to Measure Program Behavior,” Technical Report #1083, University of Wisconsin, Computer Science Dep., Mar. 25, 1992, 1-17.
Lunt, T., “A Survey of Intrusion Detection Techniques,”Computers&Security, 1993, 12, 405-418.
Mukherjee, B. et al., “Network Intrusion Detection,”IEEE Network, May/Jun. 1994, 8(3), 26-41.
Munson, J., “A Functional Approach to Software Reliability Modeling,” InQuality of Numerical Software, Assessment and Enhancement, Boisvert (ed.), Chapman & Hall, London, 1997, 61-76.
Petersen, K., “IDA—Intrusion Detection Alert,”Proc. of the IEEE Annual International Computer Software and Applications Conference, Chicago, IL, Sep. 21-25, 1992, 306-311.
Porras, P. et al., “Penetration State Transition Analysis—A Rule-Based Intrusion Detection Approach,”Eighth Annual Computer Security Applications Conference, IEEE Computer Society Press, Nov. 30-Dec. 4, 1992, 220-229.
Power, L.R., “Design and use of a program execution analyzer,”IBM Systems J., 1983, 22(3), 271-294.
Puketza, N. et al., “A Methodology for Testing Intrusion Detection Systems,”IEEE Transactions on Software Engineering, Oct. 1996, 22(10), 719-729.
Shieh et al., “A Pattern-Oriented Intrusion-Dectection Model and Its Applications,”Proc. of the 1991 IEEE Symposium on Research in Security and Privacy, Oakland, Calif., May 20-22, 1991, 327-342.
Smaha, S., “Haystack: An Intrusion Detection System,”Proceedings of the Fourth Aerospace Computer Security Applications Conference, Orlando, Florida, IEEE Computer Society, Dec. 12-16, 1988, 37-44.
Smith, M.D., “Tracing with Pixie,” Stanford University Technical Report No. CSL-TR-91-497, Apr. 4, 1991, 1-29.
Sobirey, M. et al., “The Intrusion Detection System AID. Architecture, and Experiences in A
Cylant, Inc.
Judson David H.
Revak Christopher
LandOfFree
Method and system for simplifying the structure of dynamic... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for simplifying the structure of dynamic..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for simplifying the structure of dynamic... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3710670