Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2004-10-26
2011-10-04
Orgad, Edan (Department: 2439)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C726S022000, C726S023000, C726S025000, C713S150000, C713S151000, C713S152000, C713S153000, C713S154000, C713S155000, C713S156000, C713S157000, C713S158000, C713S159000
Reexamination Certificate
active
08032937
ABSTRACT:
A worm is a malicious process that autonomously spreads itself from one host to another. To infect a host, a worm must somehow copy itself to the host. The method in which a worm transmits a copy of itself produces network traffic patterns that can be generalized as a traffic behavior. As a worm spreads itself across the network, the propagation of the traffic behavior can be witnessed as hosts are infected, one after another. By monitoring the network traffic for propagations of traffic behaviors, a presence of a worm can be detected.
REFERENCES:
patent: 7203963 (2007-04-01), Wu et al.
patent: 2003/0065926 (2003-04-01), Schultz et al.
patent: 2003/0110396 (2003-06-01), Lewis et al.
patent: 2003/0167402 (2003-09-01), Stolfo et al.
patent: 2004/0015719 (2004-01-01), Lee et al.
patent: 2004/0205474 (2004-10-01), Eskin et al.
patent: 2005/0021740 (2005-01-01), Bar et al.
patent: 2005/0050378 (2005-03-01), Liang
patent: 2005/0257264 (2005-11-01), Stolfo et al.
patent: 2005/0265331 (2005-12-01), Stolfo
patent: 2005/0281291 (2005-12-01), Stolfo et al.
patent: 2006/0075492 (2006-04-01), Golan et al.
U.S. Appl. No. 10/972,785, Ellis, Daniel R.
Kim, H. et al., “Autograph: Toward Automated, Distributed Worm Signature Detection”, Proceedings of the 13th Usenix Security Symposium (Security 2004), San Diego, CA, Aug. 2004.
Weaver, N. et al., “Very Fast Containment of Scanning Worms”, Proceedings of the 13th Usenix Security Conference, 2004.
Cheung, S. et al, “The Design of GrIDS: A Graph-Based Intrusion Detection System”, UCD Technical Report CSE-99-2, Jan. 1999.
Staniford-Chen, S. et al, “GrIDS: A Graph-Based Intrusion Detection System for Large Networks”, Proceedings of the 19th National Information Systems Security Conference, Baltimore, 1996.
Singh, S. et al., “The EarlyBird System for Real-time Detection of Unknown Worms”, UCSD Tech Report CS2003-0761, Aug. 2003.
Staniford, S., “Containment of Scanning Worms in Enterprise Networks”, Oct. 7, 2003.
Ellis, D., “Worm Anatomy and Model”, Proceedings of ACM CCS WORM Wokshop 2003, Oct. 2003.
Chen, S. et al., “Slowing Down Internet Worms”, In Proc. of 24th International Conference on Distributed Computing Systems (ICDCS'04), Tokyo, Japan, Mar. 2004.
Cheetancheri, S.G., “Modelling a Computer Worm Defense System”, Thesis submitted in partial satisfaction of the requirements for the degree of Master of Science in Computer Science in the Office of University of California Davis, 2004.
Zou, C.C. et al., “A Firewall Network System for Worm Defense in Enterprise Networks,” University of Massachusetts, Technical Report TR-04-CSE-01, Feb. 4, 2004.
Hung, J.C. et al., “A Behavior-based Anti-Worm System”, in proceedings of the IEEE 17th International Conference on Advanced Information Networking and Applications (AINA2003), Xi'an, China, Mar. 27- 29, 2003.
Welcher, P.J. et al., “Network Detection of Worms and Viruses”, Enterprise Networks & Servers, [online]. Dec. 2003, [retrieved on Apr. 1, 2005]. Retrieved from the Internet: <URL: http://www.enterprisenetworksandservers.com/monthly/art.php/408>.
Singh, S. et al., “Automated Worm Fingerprinting”, Department of Computer Science and Engineering, University of California, San Diego, 2003.
Schechter, S. et al., “Fast Detection of Scanning Worm Infections”, Seventh International Symposium on Recent Advances in Intrusion Detection (RAID) Sophia Antipolis, French Riviera, France. Sep. 15-17, 2004.
“Cisco Self-Defending Network”, [online]. Cisco Systems, Inc., [retrieved Mar. 5, 2005]. Retrieved from the Internet: <URL: http://www.cisco.com/en/US
etsol
s340
s394
s171
s413
etworking—solutions—package.html>.
International Search Report for International Application No. PCT/US05/37381 mailed Jun. 24, 2008.
Notification Concerning Transmittal of International Preliminary Report on Patentability; Written Opinion of the International Searching Authority, 7 pages, Date of Mailing, Jan. 29, 2009.
Orgad Edan
Sterne Kessler Goldstein & Fox P.L.L.C.
The Mitre Corporation
Tolentino Roderick
LandOfFree
Method, apparatus, and computer program product for... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method, apparatus, and computer program product for..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method, apparatus, and computer program product for... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4296652