Information security – Monitoring or scanning of software or data including attack... – Vulnerability assessment
Reexamination Certificate
2007-10-30
2007-10-30
Moazzami, Nasser (Department: 2136)
Information security
Monitoring or scanning of software or data including attack...
Vulnerability assessment
C726S022000, C726S023000, C726S026000, C713S151000, C709S203000, C709S224000, C709S227000, C705S051000
Reexamination Certificate
active
10062621
ABSTRACT:
A port profiling system detects unauthorized network usage. The port profiling system analyzes network communications to determine the service ports being used. The system collects flow data from packet headers between two hosts or Internet Protocol (IP) addresses. The collected flow data is analyzed to determine the associated network service provided. A host data structure is maintained containing a profile of the network services normally associated with the host. If the observed network service is not one of the normal network services performed as defined by the port profile for that host, an alarm signal is generated and action can be taken based upon the detection of an Out of Profile network service. An Out of Profile operation can indicate the operation of a Trojan Horse program on the host, or the existence of a non-approved network application that has been installed.
REFERENCES:
patent: 5557742 (1996-09-01), Smaha et al.
patent: 5621889 (1997-04-01), Lermuzeaux et al.
patent: 5970227 (1999-10-01), Dayan et al.
patent: 5991881 (1999-11-01), Conklin et al.
patent: 6119236 (2000-09-01), Shipley
patent: 6182226 (2001-01-01), Reid et al.
patent: 6275942 (2001-08-01), Bernhard et al.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6502131 (2002-12-01), Vaid et al.
patent: 6853619 (2005-02-01), Grenot
patent: 6891839 (2005-05-01), Albert et al.
patent: 7017186 (2006-03-01), Day
patent: PCT/US99/29080 (2000-06-01), None
patent: PCT/US00/29490 (2001-05-01), None
Planquart, Jean-Philippe,“Application of Neural Networks to Intrusion Detection”, SANS Institute, Jul. 29, 2001, entire document.
Mahoney, M., “Network Traffic Anomaly Detection Based on Packet Bytes”, ACM, 2003, FI. Institute of Technology, entire document, http://www.cs.fit.edu/˜mmahoney/paper6.pdf.
Kato, et. al. “A Real-Time Intrusion Detection System for Large Scale Networks and its Evaluations” leice Transactions on Communications, Institute of Electronics Information and Comm Eng Tokyo, Japan Nov. 1999 pp. 1817-1825.
Debar, et. al. “Towards a Taxonomy of Intrusion-Detection Systems” Computer Networks, Elsevier Science Publishers, B.V., Amsterdam, NL Apr. 23, 1999, pp. 805-822.
Copeland, John A., et. al., “IP Flow Identification for IP Traffic Carried Over Switched Networks,” The International Journal of Computer and Telecommunications Networking Computer Networks 31 (1999), pp. 493-504.
Cooper, Mark “An Overview of Intrusion Detection Systems,” Xinetica White Paper, (www.xinetica.com) Nov. 19, 2001.
Newman, P., et. al.; “RFC 1953: Ipsilon Flow Management Protocol Specification for IPv4 Version 1.0” (www.xyweb.com/rfc/rfc1953.html) May 19, 1999.
Paxson, Vern, “Bro: A System for Detecting Network Intruders in Real-Time,” 7th USENIX Security Symposium, Lawrence Berkkeley National Laboratory, San Antonio, TX, Jan. 26-29, 1998.
Mukherjee, Biswanath, et. al., “Network Intrusion Detection,” IEEE Network, May/Jun. 1994.
“Network-vs. Host-Based Intrusion Detection: A Guide to Intrusion Detection Technology” ISS Internet Security Systems, Oct. 2, 1998, Atlanta, GA.
Bradford, Paul, et. al. “Characteristics of Network Traffic Flow Anomalies,” ACM SIGCOMM Internet Measurement Workshop 2001 (http://www.cs.wisc.edu/pb/ublications.html) Jul. 2001.
Frincke, Deborah, et. al.; “A Framework for Cooperative Intrustion Detection” 21st National Information Systems Secuirty Conference, Oct. 1998, Crystal City, VA.
Phrack Magazine, vol. 8, Issue 53, Jul. 8, 1998, Article 11 of 15.
LANSleuth Fact Sheet, LANSleuth LAN Analyzer for Ethernet and Token Ring Networks, (www.lansleuth.com/features.html) Aurora, Illinois.
“LANSleuth General Features,” (www.lansleuth.com/features.html) Aurora, Illinois.
Baum Ronald
Lancope, Inc.
Moazzami Nasser
Morris Manning & Martin LLP
LandOfFree
Network port profiling does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Network port profiling, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Network port profiling will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3843606