Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
2005-11-08
2005-11-08
Revak, Christopher (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
Reexamination Certificate
active
06963983
ABSTRACT:
A real-time approach for detecting aberrant modes of system behavior induced by abnormal and unauthorized system activities that are indicative of an intrusive, undesired access of the system. This detection methodology is based on behavioral information obtained from a suitably instrumented computer program as it is executing. The theoretical foundation for the present invention is founded on a study of the internal behavior of the software system. As a software system is executing, it expresses a set of its many functionalities as sequential events. Each of these functionalities has a characteristic set of modules that is executed to implement the functionality. These module sets execute with clearly defined and measurable execution profiles, which change as the executed functionalities change. Over time, the normal behavior of the system will be defined by the boundary of the profiles. An attempt to violate the security of the system will result in behavior that is outside the normal activity of the system and thus result in a perturbation of the system in a manner outside the scope of the normal profiles. Such violations are detected by an analysis and comparison of the profiles generated from an instrumented software system against a set of known intrusion profiles and a varying criterion level of potential new intrusion events.
REFERENCES:
patent: 5067073 (1991-11-01), Andrews
patent: 5278901 (1994-01-01), Shieh et al.
patent: 5313616 (1994-05-01), Cline et al.
patent: 5355487 (1994-10-01), Keller et al.
patent: 5487131 (1996-01-01), Kassatly et al.
patent: 5499340 (1996-03-01), Barritz
patent: 5528753 (1996-06-01), Fortin
patent: 5539907 (1996-07-01), Srivastava et al.
patent: 5557742 (1996-09-01), Smaha et al.
patent: 5581482 (1996-12-01), Wiedenman et al.
patent: 5621889 (1997-04-01), Lermuzeaux et al.
patent: 5675711 (1997-10-01), Kephart et al.
patent: 5732273 (1998-03-01), Srivastava et al.
patent: 5790858 (1998-08-01), Vogel
patent: 5907834 (1999-05-01), Kephart et al.
patent: 5987250 (1999-11-01), Subrahmanyam
patent: 5991881 (1999-11-01), Conklin et al.
patent: 6009514 (1999-12-01), Henzinger et al.
patent: 6026236 (2000-02-01), Fortin et al.
patent: 6094530 (2000-07-01), Brandewie
patent: 6119236 (2000-09-01), Shipley
patent: 6266408 (2001-05-01), Sirosh
patent: 6282701 (2001-08-01), Wygodny et al.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6347374 (2002-02-01), Drake et al.
patent: 6370648 (2002-04-01), Diep
patent: 6405318 (2002-06-01), Rowland
patent: 6681331 (2004-01-01), Munson et al.
patent: 2002/0138753 (2002-09-01), Munson
patent: 2003/0200462 (2003-10-01), Munson
patent: 2005/0044406 (2005-02-01), Stute
Frank, “Artificial Intelligence and Intrusion Detection: Current and Future Directions” Jun. 9, 1994, Division of Computer Science University of California at Davis, p. 1-12.
“Real -time attach recognition and response: A solution for tightening network security” 1997, Internet Security Systems, p. 1-13.
Lankiewicz et al, “Real-time Anomaly Detection Using a Nonparametric Pattern Recognition Approach”, 1991, IEEE, p. 80-89.
Cannady, “Artificial Neural Networks for Misuse Detection” Oct. 1998, School of Computer and Information Sciences Nova Southeastern University, p. 1-14.
Cannady et al, “The Application of Artificial Neural Networks to Misuse Detection: Initial Results”, Mar. 10, 1997, Georgia Tech Research Institute Georgia Institute of Technology, p. 1-13.
Herringshaw, “Detecting Attacks on Networks” Dec. 1997, Industry Trends, p. 16-17.
Mukherjee et al, “Network Intrusion Detection” May/Jun. 1994, IEEE Network, p. 26-41.
Lane et al, “Sequence Matching and Learning in Anomaly Detection for Computer Security” 1997, School of Electrical and Computer Engineering Purdue University, p. 1-7.
Dasgupta, D. et al., “Novelty Detection in Time Series Data Using Ideas from Immunology,” 1995, 6 pages.
D'haeseleer, P. et al., “A Distributed Approach to Anomaly Detection,” Aug. 30, 1997, 30 pages.
D'haeseleer, P. et al., “An Immunology Approach to Change Detection: Algorithms, Analysis and Implications,”IEEE Symposium on Security and Privacy,1996, 10 pages.
Forrest, S. et al., “Computer Immunology,”Comm. of the ACM,Mar. 21, 1996, 18 pages.
Forrest, S. et al., “Self-Nonself Discrimination in a Computer,”Proceedings of IEEE Symposium on Research in Security and Privacy,1994, 11 pages.
Hofmeyr, S.A., “Intrusion Detection Using Sequences of System Calls,” Dec. 17, 1997, 41 pages.
Hofmeyr, S.A. et al., “Architecture for an Artificial Immune System,” 2000, 31 pages.
Somayaji, A. et al., “Automated Response Using System-Call Delays,”Proceedings of the 9thUSENIX Security Simposium,Aug. 14-17, 2000, 13 pages.
Somayaji, A. et al., “Principles of a Computer Immune System,”ACM, New Security Paradigms Workshop,Langdale, Cumbria UK, 1998, 75-82.
Warrender, C. et al., “Detecting Intrusions Using System Calls: Alterative Data Models,”IEEE Computer Society, Symposium on Security and Privacy.1999, 133-145.
Anderson, D. et al., “Next-generation intrusion detection expert system (NIDES),” Technical Report, Computer Science Laboratory, SRI International, Menlo Park, CA, SRI-CSL-95-07, May, 1995, 1-37 (plus 6 additional pages).
Anderson, D. et al., “Detecting Unusual Program Behavior Using the Statistical Component of the Next-generation Intrusion Detection Expert System (NIDES),” SRI-CSL-95-06, SRI International, Menlo Park, CA, May, 1995, 1-71, 73-75, 77 (plus 6 additional pages).
Aslam, T. et al., “Use of A Taxonomy of Security Faults,” Technical Report TR-96-051, COAST Lab, Purdue University, presented at 19th National Information Systems Security Conference, Sep., 1996, 1-10.
Ball, T. et al., “Optimally Profiling and Tracing Programs,” Technical Report #1031, University of Wisconsin, Computer Science Dep., Sep., 1991, 1-27.
Bishop, M., “A Standard Audit Log Format,”Proc. of the 18th National Information Systems Security Conference,1995, 136-145.
Bishop, M., “Profiling Under UNIX by Patching,”Software-Practice and Exp.,Oct. 1987, 17(10), 729-739.
Crosbie, M. et al., “Defending a Computer System using Autonomous Agents,” Technical Report No. 95-022, COAST Laboratory, Dept. of Computer Sciences, Purdue University, Mar., 1994, 1-11.
Denning, D., “An Intrusion-Detection Model,”IEEE Transactions on Software Engineering,Feb. 1987, 13(2), 222-232.
Elbaum, S. et al., “Intrusion Detection through Dynamic Software Measurement,”Proc. Usenix Workshop on Intrusion Detection and Networking Monitoring,Santa Clara, California, Apr. 9-12, 1999, 1-10.
Graham, S.L. et al., “An Execution Profiler for Modular Programs,”Software Practice and Exp.,1983, 13, 671-685.
Hall, R.J., “Call Path Profiling,”Proc. 14thInt'l. Conf. Soft. Engineering,ACM, 1992, 296-306.
Halme, L. et al., “AINT misbehaving—a Taxonomy of Anti-intrusion Techniques,”Proc. of the 18th National Information Systems Security Conference,1995, 13 pages.
Hochberg, J. et al., “NADIR: An Automated System for Detecting Network Intrusion and Misuse,”Computers&Security,1993, 12(3), 235-248.
Ilgun, K., “USTAT: A Real-time Intrusion Detection System for UNIX,”Proc. of the IEEE Symposium on Research in Security and Privacy,May 24-25, 1993, 16-28.
Javitz, H. et al., “The SRIIDES Statistical Anomaly Detector,”Proc. of the IEEE Symposium on Research in Security and Privacy,May 20-22, 1991, 316-326.
Johnson, “Profiling for Fun and Profit,”UNSENIX Winter '90 Conference Proceedings,1990, 325-330.
Jonsson, E. et al. “A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior,”IEEE Transactions on Software Engineering,Apr., 1997, 23(
Elbaum Sebastian G.
Munson John C.
Cylant, Inc.
Judson David H.
Revak Christopher
LandOfFree
Method of and system for detecting an anomalous operation of... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method of and system for detecting an anomalous operation of..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method of and system for detecting an anomalous operation of... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3463811