Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2007-08-20
2010-06-01
Henning, Matthew T (Department: 2431)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C709S223000, C709S224000, C713S155000, C713S168000, C713S188000
Reexamination Certificate
active
07730537
ABSTRACT:
A method of operating an intrusion detection system. The system determines occurrence of a signature event indicative of a denial of service intrusion on a protected device. A value of a signature event counter is increased. The value of the signature event counter is adjusted to not include a count of signature events past a sliding window. The value of the signature event counter is determined to exceed a signature threshold quantity, followed by generation of an alert at a time subsequently recorded in a log. The log is cleared of entries past a permissible age. A present alert generation rate is determined as a ratio of the total number of timestamps in the log to the permissible age. The present alert generation rate is ascertained to exceed an alert generation rate threshold. A selected element of the signature set is altered to decrease the alert generation rate.
REFERENCES:
patent: 5919258 (1999-07-01), Kayashima et al.
patent: 6012087 (2000-01-01), Freivald et al.
patent: 6279113 (2001-08-01), Vaidya
patent: 6425006 (2002-07-01), Chari et al.
patent: 6487666 (2002-11-01), Shanklin et al.
patent: 6772349 (2004-08-01), Martin et al.
patent: 6826697 (2004-11-01), Moran
patent: 6981280 (2005-12-01), Grupe
patent: 6996843 (2006-02-01), Moran
patent: 7032114 (2006-04-01), Moran
patent: 7069588 (2006-06-01), Call et al.
patent: 7203962 (2007-04-01), Moran
patent: 7272724 (2007-09-01), Tarbotton et al.
patent: WO00/62167 (2000-10-01), None
Muller, N. J.; “Improving Network Operations With Intelligent Agents”; International Journal of Network Management, vol. 7, 1997; pp. 116-126.
Kargl, et al.; “Protecting Web Servers from Distributed Denial of Service Attacks”; In Proceedings of the 10th International Conference on World Wide Web 2001 (Hong Kong, Honk Kong, May 1-5, 2001). WWW'01. ACM Press, New York, NY; pp. 514-524.
Lunt, Teresa; “Detecting Intruders in Computer Systems”; 1993 Conference on Auditing and Computer Technology; 17 pages.
IBM Technical Disclosure Bulletin, vol. 39, No. 9; Sep. 1996; “Security Feature for Local Area Network Switches”; pp. 137-143.
Feingold, et al.; Verifying the Secure Setup of Unix Client/Servers and Detection of Network Intrusion; Proceedings of the SPIE, The International Society for Optical Engineering, vol. 2616; 1996; pp. 55-64.
Ye et al.; “Application of Decision Tree Classifiers to Computer Intrusion Detection”, Data Mining II. Second International Conference on Data Mining, Jul. 2000; pp. 381-390.
Hashim, et al.; “Computer Network Intrusion Detection Software Development” 2000 TENCON Proceedings. Intelligent Systems and Technologies for the New Millennium, IEEE Region 10, vol. 3; 2000; pp. 117-123.
Kent, S.; “On the Train of Intrusions into Information Systems” IEEE Spectrum, vol. 37, No. 12; Dec. 2000; pp. 52-54 and 56.
Wen, B.S.; “Open-Source Intrusion-Detection Tools for Linux” Linux Journal, No. 78; Oct. 2000; pp. 104-110.
Dickerson, et al.; “Fuzzy network Profiling for Intrusion Detection”; PeachFuzz 2000; 19th International Conference of the North American Fuzzy Information Processing Society, IEEE System; Jul. 2000; pp. 301-306.
Manganaris, S. et al.; “A Data Mining Analysis of RTID Alarms” IBM Corp. Computer Networks, vol. 34, No. 4; Oct. 2000; pp. 571-577.
Petersen, K.L.; “IDS—Intrusion Detection Alert”;The Sixteenth Annual International Computer Software and Applications Conference, IEEE, Sep. 1992; pp. 306-311.
Bardsley Jeffrey Scott
Brock Ashley Anderson
Kim Nathaniel Wook
Lingafelt Charles Steven
Henning Matthew T
International Business Machines - Corporation
Irvin David R.
Linne Anna L.
Schmeiser Olsen & Watts
LandOfFree
Method of operating an intrusion detection system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method of operating an intrusion detection system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method of operating an intrusion detection system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4251038