Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2005-10-21
2011-12-13
Srivastava, Vivek (Department: 2433)
Information security
Monitoring or scanning of software or data including attack...
C726S013000, C726S014000, C726S023000, C726S024000, C726S025000, C709S223000, C370S232000
Reexamination Certificate
active
08079080
ABSTRACT:
A method, system and computer program product detect attempts to send significant amounts of information out via HTTP tunnels to rogue Web servers from within an otherwise firewalled network. A related goal is to help detect spyware programs. Filters, based on the analysis of HTTP traffic over a training period, help detect anomalies in outbound HTTP traffic using metrics such as request regularity, bandwidth usage, inter-request delay time, and transaction size.
REFERENCES:
patent: 6519703 (2003-02-01), Joyce
patent: 6671811 (2003-12-01), Diep et al.
patent: 6681331 (2004-01-01), Munson et al.
patent: 6708212 (2004-03-01), Porras et al.
patent: 6772345 (2004-08-01), Shetty
patent: 6801940 (2004-10-01), Moran et al.
patent: 7065657 (2006-06-01), Moran
patent: 7069330 (2006-06-01), McArdle et al.
patent: 7920705 (2011-04-01), Bean
patent: 2002/0035628 (2002-03-01), Gil et al.
patent: 2002/0133586 (2002-09-01), Shanklin et al.
patent: 2003/0004688 (2003-01-01), Gupta et al.
patent: 2003/0051026 (2003-03-01), Carter et al.
patent: 2003/0159070 (2003-08-01), Mayer et al.
patent: 2003/0212903 (2003-11-01), Porras et al.
patent: 2003/0236652 (2003-12-01), Scherrer et al.
patent: 2004/0034794 (2004-02-01), Mayer et al.
patent: 2004/0054925 (2004-03-01), Etheridge et al.
patent: 2004/0114519 (2004-06-01), MacIsaac
patent: 2004/0143749 (2004-07-01), Tajalli et al.
patent: 2004/0205419 (2004-10-01), Liang et al.
patent: 2004/0221191 (2004-11-01), Porras et al.
patent: 2004/0250124 (2004-12-01), Chesla et al.
patent: 2004/0250134 (2004-12-01), Kohler et al.
patent: 2005/0021740 (2005-01-01), Bar et al.
patent: 2005/0033989 (2005-02-01), Poletto et al.
patent: 2005/0044406 (2005-02-01), Stute
patent: 2005/0076236 (2005-04-01), Stephenson
patent: 2005/0108393 (2005-05-01), Banerjee et al.
patent: 2005/0120242 (2005-06-01), Mayer et al.
patent: 2005/0188215 (2005-08-01), Shulman et al.
patent: 2006/0037077 (2006-02-01), Gadde et al.
Kruegel et al., “A multi-model approach to the detection of web-based attacks”, Computer Networks: The International Journal Computer and Telecommunications Networking, vol. 48, Issue 5, Aug. 2005.
Dr. Robert F. Erbacher, “Intrusion Detection Visualization and Software Architecture for the Detection of Compentent Attacks”, http://www.cs.usu.edu/˜erabacher/publications/VFRP-Final-Report-Erbacher-2004.pdf. Aug. 2004.
Wang et al., “Anomalous payload-based Network Intrusion Detection”, http://www1.cs.columbia.edu/ids/publications/RAID-final.pdf. 2004.
Castro, Simon., “Covert Channel and Tunneling over the HTTP protocol Detection: GW implementation theoretical design v1.1”, Nov. 2003, http://www.infosecwriters.com/hhworld/cctde.html, pp. 1-17.
Cabuk et al., “IP Covert Timing Channels: Design and Detection”, CCS'04, http://www.cs.jhu.edu/˜fabian/courses/CS600.624/covert.pdf, Oct. 25-29, 2004, pp. 178-187.
Kruegel et al., “A multi-model approach to hte detection of web-based attacks”, Computer Networks: The International Journal Computer and Telecommunications Networking, vol. 48, Issue 5, Aug. 2005.
Robin Sommer, “Bro: An Open Source Network Intrusion Detection System,”, http://www.icir.org/robin/papers/dfntag03.ps, pp. 1-17, 2003.
Castro2, CCTDE (http://www.gray-world.net/pr—cctde.shtml), 2004.
Kruegel, “Anomaly Detection of Web-based Attacks”, 2003, pp. 1-11, http://www.cs.ecsb.edu/˜vigna/publications/2003—kruegel—vigna—ccs03.pdf.
Ad-Aware, http://www.lavasoftusa.com/software/adaware/, 2004.
Barbara, D., et al., Mining Malicious Data Corruption With Hidden Markov Models, 16thAnnual IFIP WG 11.3 Working Conference on Dat and Application Security, Jul. 2002.
Barford, P., et al., Changes in Web Client Access Patterns: Characteristics and Caching Implications, BU Computer Science Technical Report, BUCS-TR-1998-023,1998.
Berman, J., Prepared Statement of Jerry Berman, President, the Center for Democracy & Technology on the Spy Block Act, Before the Senate Committee on Commerce, Science, and Transportation Subcommittee on Communication, Mar. 2004.
BlackICE PC Protection, http://blackice.iss.net/, 2004.
CERT Vulnerability Note VN-98.07, http://www.cert.org/vulnotes/VN-98.07.backorifice.html, Oct. 1998.
CERT Advisory CA-2003-22 Multiple Vulnerabilities in Microsoft Internet Explorer, http://www.cert.org/advisories/CA-2003-22.html, Aug. 2003.
Cheswick, B., An Evening with Berferdin which a cracker is Lured, Endured, and Studied, USENIX proceedings, Jan. 1990.
Denning, D.E., An Intrusion Detection Model, IEEE Transactions on Software Engineering, 13(2):222-232, Feb. 1987.
Duska, B., et al., The Measured Access Characteristics of World Wide Web Client Proxy Caches, Proc. of USENIX Symposium on Internet Technology and Systems, Dec. 1997.
Dyatlov, A., Firepass, http://www.gray-world.net/pr—firepass.shtml, 2004.
Dyatlov, A . , et al . , Wsh ‘Web Sell’, http://www.grayworld.net/pr—wsh.shtml, 2004.
EyeOnSecurity, http://eyeonsecurity.orq/advisories/Gator/, 2002, pp. 1-176.
Fielding, R., et al., Hypertext Transfer Protocol HTTP/1.1, RFC 2616, Jun. 1999.
Forrest, S., et al., A Sense of Self for Unix Processes, Proc. of the IEEE Symposium on Security and Privacy, pp. 120-128, May 1996.
Ghosh, A.K., et al., Detecting Anomalous and Unknown Intrusions Against Programs, Proc. of the Annual Computer Security Applications Conference (ACSAC '98), pp. 259-267, Dec. 1998.
HISAO, S., Tiny HTTP Proxy, http://mail.python.org/pipermail/python-list/2003-June/168957.html, Jun. 2003.
Hopster, http://www.hopster.com/,2004.
Javitz, H.S., et al., The SRI IDES Statistical Anomaly Detector, Proc. of the IEEE Symposium on Security and Privacy, May 1991.
Kelly, T, Thin-client Web Access Patterns: Measurements From A Cache-busting Proxy, Computer Communications, 25(4):357-366, Mar. 2002.
Kruegel, C., et al., Service-specific Anomaly Detection for Network Intrusion Detection, Symposium on Applied Computing (SAC), ACM Scientific Press, Mar. 2002.
Kruegel, C., et al., Anomaly Detection of Web-based Attacks, Proceedings of ACM CCS'03, pp. 251-261, 2003.
Lane, T., et al., Temporal Sequence Learning and Data Reduction for Anomaly Detection, Proc. of the 5thACM Conference on Computer and Communications Security, pp. 150-158, 1998.
McHugh, J., Covert Channel Analysis, Handbook for the Computer Security Certification of Trusted Systems, 1995.
MIMEsweeper,http://www.mimesweeper.com/products/msw/msw—web/default.aspx, 2004.
Moskowitz I.S., et al., Covert Channels—Here to stay?, Proc. of Compass '94, pp. 235-243, 1994.
Paxson, V., Bro: A System for Detecting Network Intruders in Real-Time, Proc. of the 7thUsenix Security Symposium, Jan. 1998.
Paxson, V., et al., Wide-Area Traffic: The Failure of Poisson Modeling, IEEE/ACMTrancactions on Networking, 3(3), pp. 226-244, Jun. 1995.
Peticolas, F.A.P., et al., Information Hiding—A Survey, Proceedings of the IEEE, special issue on protection of multimedia content, 87(7):1062-1078, Jul. 1999.
Saroiu, S., et al., Measurement and Analysis of Spyware in a University Environment, Proc. of the First Symposium on Networked Systems Design and Implementation, pp. 141-153, Mar. 2004.
Roesch, M., Snort—Lightweight Intrusion Detection for Networks, Proc. of the USENIX LISA '99 conference, Nov. 1999.
Spybot-Search and Destroy, http://www.safer-networking.org/, 2004.
SpywareBlaster, http://www.javacoolsoftware.com/spywareblaster.html/, 2004.
Tan, K.,,et al., Why 6? Defining the Operational Limits of Stide, an Anomaly-Based Intrusion Detector, Proc. of the IEEE Symposium on Security and Privacy, pp. 188-202, May 2002.
Websense, http://www.websense.com/products/about/howitworks/index.cfm, 2004.
Ye, N., et al., Robustness of Markov Chain Model for Cyber Attack Detection, IEEE Transactions on Reliability, 52(3), Sep. 2003.
Zhang, Y., et al., Detecting Backdoors, Proc. of the 9thUSENIX Security Symposium, Aug. 2000.
Brooks & Kushman P.C.
Prakash Atul
Song Hee
Srivastava Vivek
Syrowik Mathew R.
LandOfFree
Method, system and computer program product for detecting... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method, system and computer program product for detecting..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method, system and computer program product for detecting... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4258714