Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2002-10-11
2010-10-19
Parthasarathy, Pramila (Department: 2436)
Information security
Monitoring or scanning of software or data including attack...
C726S023000, C726S025000
Reexamination Certificate
active
07818797
ABSTRACT:
A method of detecting an intrusion in the operation of a computer system based on a plurality of events. A rule set is determined for a training set of data comprising a set of features having associated costs. For each of a plurality of events, the set of features is computed and a class is predicted for the features with a rule of the rule set. For each event predicted as an intrusion, a response cost and a damage cost are determined, wherein the damage cost is determined based on such factors as the technique of the intrusion, the criticality of the component of the computer system subject to the intrusion, and a measure of progress of the intrusion. If the damage cost is greater than or equal to the response cost, a response to the event.
REFERENCES:
patent: 6161130 (2000-12-01), Horovitz et al.
patent: 6778995 (2004-08-01), Gallivan
patent: 6820081 (2004-11-01), Kawai et al.
patent: 6826694 (2004-11-01), Dutta et al.
patent: 6856694 (2005-02-01), Farmer et al.
patent: 6888548 (2005-05-01), Gallivan
patent: 6928549 (2005-08-01), Brock et al.
patent: 6978274 (2005-12-01), Gallivan et al.
patent: 7032031 (2006-04-01), Jungck et al.
patent: 7035876 (2006-04-01), Kawai et al.
patent: 7080076 (2006-07-01), Williamson et al.
patent: 2003/0188189 (2003-10-01), Desai et al.
patent: 2004/0172557 (2004-09-01), Nakae et al.
patent: 2005/0015624 (2005-01-01), Ginter et al.
patent: 2005/0182969 (2005-08-01), Ginter et al.
patent: 2006/0080656 (2006-04-01), Cain et al.
patent: 2007/0006303 (2007-01-01), Donnelly et al.
patent: 2008/0010251 (2008-01-01), Fontoura et al.
U.S. Appl. No. 10/208,402, filed Jul. 30, 2002, Stolfo et al.
U.S. Appl. No. 10/208,432, filed Jul. 30, 2002, Stolfo et al.
U.S. Appl. No. 10/222,632, filed Aug. 16, 2002, Stolfo et al.
U.S. Appl. No. 10/269,694, filed Oct. 11, 2002, Stolfo et al.
U.S. Appl. No. 10/320,259, filed Dec. 16, 2002, Stolfo et al.
U.S. Appl. No. 10/327,811, filed Dec. 19, 2002, Stolfo et al.
U.S. Appl. No. 10/352,342, filed Jan. 27, 2003, Stolfo et al.
U.S. Appl. No. 10/352,343, filed Jan. 27, 2003, Stolfo et al.
A. Ghosh and A. Schwartzbard, “A Study in Using Neural Networks for Anomaly and Misuse Detection,”Proceedings of the 8th USENIX Security Symposium, 1999).
A. McCallum, Kamal Nigam, and Lyle H. Ungar, “Efficient Clustering of High-Dimensional Data Sets with Application to Reference Matching,”Knowledge Discovery and Data Mining, pp. 169-178, 2000.
B. Schölkopf, J. Platt, J. Shawe-Taylor, A. J. Smola, and R. C. Williamson, “Estimating the Support of a High-Dimensional Distribution,” Technical Report 99-87, Microsoft Research, 1999, to appear inNeural Computation, 2001.
Bhattacharyya M et al., 2002, “MET: An Experimental System for Malicious Email Tracking”Proceedings 2002 New Security Paradigms Workshop.
C. Marceau. “Characterizing the Behavior of a Program Using Multiple-Length N-Grams.”Proceedings of the New Security Paradigms Workshop 2000, 2000, pp. 101-110.
C. Warrender, Stephanie Forrest, and Barak Pearlmutter, “Detecting Intrusions Using System Calls: Alternative Data Models,”1999 IEEE Symposium on Security and Privacy, pp. 133-145. IEEE Computer Society, 1999.
C. Watkins, “Dynamic Alignment Kernels,” in A.J. Smola, P.L. Bartlett, B. Schölkopf, and D. Schuurmans, editors,Advances in Large Margin Classifiers, pp. 39-50, Cambridge, MA, 2000. MIT Press.
Clark DD, 1988, “The Design Philosophy of the DARPA Internet Protocols”Communication Architecture and Protocols, pp. 106-114.
D. Ron, Y Singer, and N. Tishby. “The Power of Amnesia: Learning Probabilistic Automata With Variable Memory Length.”Machine Learning, 1996, 25: pp. 117-150.
D. Schuurmans, editors,Advances in Large Margin Classifiers, pp. 39-50, Cambridge, MA, 2000. MIT Press.
D. Haussler, “Convolution Kernels on Discrete Structures,” Technical Report UCS-CRL-99-10, UC Santa Cruz, 1999.
D.E. Denning, An Intrusion Detection Model,Technical Report, Computer Science Laboratory, SRI International, 1993).
E. Eskin, “Anomaly Detection Over Noisy Data Using Learned Probability Distributions,”Proceedings of the International Conference on Machine Learning, 2000.
E. Eskin, Christina Leslie and William Stafford Noble, “The Spectrum Kernel: A String Kernel for SVM Protein Classification,”Proceedings of the Pacific Symposium on Biocomputing(PSB-2002). Kaua'i, Hawaii, 2002.
E. Eskin, Wenke Lee, and Salvatore J. Stolfo, “Modeling System Calls for Intrusion Detection With Dynamic Window Sizes,”Proceedings of DARPA Information Survivability Conference and Exposition II(DISCEX II), Anaheim, CA, 2001.
E. Knorr and Raymond T. Ng, “Algorithms for Mining Distance-Based Outliers in Large Datasets,”Proc. 24th Int. Conf. Very Large Data Bases, VLDB, pp. 392-403, 24-27, 1998.
E. Knorr and Raymond T. Ng, “Finding Intensional Knowledge of Distance-Based Outliers,”The YLDB Journal, pp. 211-222, 1999.
Eleazar Eskin et al. “System and Method for Intrusion Detection with Dynamic Window Sizes,” filed Jul. 30, 2000, U.S. Appl. No. 10/208,402.
Eleazar Eskin, William Noble Grundy, Yoram Singer, “Protein Family Classification using Sparse Markov Transducers,”Proceedings of the Eighth International Conference on Intelligent Systems for Molecular Biology, AAAI Press, Menlo Park, CA, 2000.
F. Pereira and Y Singer. “An Efficient Extension to Mixture Techniques for Prediction and Decision Trees.”—Machine Learning, 1999, 36(3): pp. 183-199.
F. Provost, T. Fawcett, and R Kohavi. “The Case Against Accuracy Estimation for Comparing Induction Algorithms.”Proceedings of the Fifteenth International Conference on Machine Learning, Jul. 1998, pp. 1-9.
F. Provost, Tom Fawcett, and Ron Kohavi, The Case Against Accuracy Estimation for Comparing Induction Algorithms,Proceedings of the Fifteenth International Conference on Machine Learning, Jul. 1998.
Feng C et al., 1994, “Machine Learning of Rules and Trees”Machine Learning, Neutral and Statistical Classification, pp. 50-83.
Ferguson P et al., 1998, “Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing”Internet Societypp. 1-10.
Friedman N et al., (1999) “Efficient bayesian parameter estimation in large discrete domains.”
Gibson S, 2001, “The Strange Tale of Denial of Service—Attacks Against GRC.COM” http://grc.com/dos/grcdos.htm, pp. 1-29.
H.S. Javitz and A. Valdes, “The NIDES Statistical Component: Description and Justification,”Technical Report, Computer Science Laboratory, SRI International, 1993.
Honig A et al., (2002) “Adaptive model generation: An Architecture for the deployment of data mining-based intrusion detection systems.” InData Mining for Security Applications. Kluwer.
Houle KJ, Oct. 2001, “Trends in Denial of Service Attack Technology”CERT® Coordination Center. 1.0:1-20.
J. Platt, “Fast Training of Support Vector Machines Using Sequential Minimal Optimization,” In B. Scholkopf, C. J. C. Burges, and A. J. Smola, editors,Advances in Kernel Methods—Support Vector Learning, pp. 185-208, Cambridge, MA, 1999, MIT Press.
Kephart JO, 1994, “A biologically inspired immune system for computers”Artificial Life IV, R. Brooks and P. Maes, eds., pp. 1-10.
Kephart, Chess, and White. “Computers and Epidemiology,” IBM Watson Research Center, 1993, pp. 1-20 (as available on-line).
Kin C. Bron and J. Kerbosch. “Algorithm 457: Finding All Cliques of an Undirected Graph,” Communications of ACM, 16:575-577, 1973.
Kohavi R, 1995, “A study of cross-validation and bootstrap for accuracy estimation and model selection”International Joint Conference on Artificial Intelligence(IJCAI).
Kymie M. C. Tan, Roy A. Maxion: “ ‘Why 6?’ Defining the Operational Limits of
Fan Wei
Lee Wenke
Miller Matthew
Stolfo Salvatore J.
Byrne Poh LLP
Parthasarathy Pramila
The Trustees of Columbia University in the City of New York
LandOfFree
Methods for cost-sensitive modeling for intrusion detection... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Methods for cost-sensitive modeling for intrusion detection..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Methods for cost-sensitive modeling for intrusion detection... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4212862