Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2011-01-18
2011-01-18
Cervetti, David Garcia (Department: 2436)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C726S025000
Reexamination Certificate
active
07874000
ABSTRACT:
A false positive reduction manager reduces false positives generated by database intrusion detection systems. In one embodiment, the false positive reduction manager monitors attempted database activities executed by a plurality of users. The false positive reduction manager detects at least one attempt by at least one user to execute suspicious database activity, and determines whether the at least one attempt to execute suspicious database activity is legitimate responsive to whether a threshold of users in the same group as the at least one user attempt substantially similar suspicious database activity.
REFERENCES:
patent: 6088803 (2000-07-01), Tso et al.
patent: 6314409 (2001-11-01), Schneck
patent: 6405318 (2002-06-01), Rowland
patent: 6473695 (2002-10-01), Chutov et al.
patent: 6487204 (2002-11-01), Dacier et al.
patent: 6671811 (2003-12-01), Diep et al.
patent: 6792456 (2004-09-01), Hellerstein et al.
patent: 6928553 (2005-08-01), Xiong et al.
patent: 7065534 (2006-06-01), Folting et al.
patent: 7069259 (2006-06-01), Horvitz et al.
patent: 7080322 (2006-07-01), Abbott et al.
patent: 7085780 (2006-08-01), Sakamoto et al.
patent: 7085928 (2006-08-01), Schmid et al.
patent: 7158022 (2007-01-01), Fallon
patent: 7181768 (2007-02-01), Ghosh et al.
patent: 7221945 (2007-05-01), Milford et al.
patent: 7234168 (2007-06-01), Gupta et al.
patent: 7240027 (2007-07-01), McConnell et al.
patent: 7266088 (2007-09-01), Virgin
patent: 7278160 (2007-10-01), Black et al.
patent: 7290283 (2007-10-01), Copeland, III
patent: 7308715 (2007-12-01), Gupta et al.
patent: 7363656 (2008-04-01), Weber et al.
patent: 7389430 (2008-06-01), Baffes et al.
patent: 7461404 (2008-12-01), Dudfield et al.
patent: 7463590 (2008-12-01), Mualem et al.
patent: 2001/0049690 (2001-12-01), McConnell et al.
patent: 2002/0083343 (2002-06-01), Crosbie
patent: 2002/0087289 (2002-07-01), Halabieh
patent: 2002/0087882 (2002-07-01), Schneier et al.
patent: 2002/0157020 (2002-10-01), Royer
patent: 2002/0194490 (2002-12-01), Halperin et al.
patent: 2003/0037251 (2003-02-01), Frieder
patent: 2003/0051026 (2003-03-01), Carter et al.
patent: 2003/0126003 (2003-07-01), vom Scheidt et al.
patent: 2004/0002932 (2004-01-01), Horvitz et al.
patent: 2004/0003279 (2004-01-01), Beilinson et al.
patent: 2004/0024736 (2004-02-01), Sakamoto et al.
patent: 2004/0088386 (2004-05-01), Aggarwal
patent: 2004/0088403 (2004-05-01), Aggarwal
patent: 2004/0088404 (2004-05-01), Aggarwal
patent: 2004/0088405 (2004-05-01), Aggarwal
patent: 2004/0111632 (2004-06-01), Halperin
patent: 2004/0111645 (2004-06-01), Baffes et al.
patent: 2004/0199576 (2004-10-01), Tan
patent: 2004/0199791 (2004-10-01), Poletto et al.
patent: 2004/0199792 (2004-10-01), Tan et al.
patent: 2004/0199793 (2004-10-01), Wilken et al.
patent: 2004/0205374 (2004-10-01), Poletto et al.
patent: 2004/0215975 (2004-10-01), Dudfield et al.
patent: 2004/0220984 (2004-11-01), Dudfield et al.
patent: 2004/0221190 (2004-11-01), Roletto et al.
patent: 2004/0250134 (2004-12-01), Kohler et al.
patent: 2004/0261030 (2004-12-01), Nazzal
patent: 2005/0018618 (2005-01-01), Mualem et al.
patent: 2005/0033989 (2005-02-01), Poletto et al.
patent: 2005/0203836 (2005-09-01), Woodward et al.
patent: 2005/0288883 (2005-12-01), Folting et al.
patent: 2006/0173992 (2006-08-01), Weber et al.
patent: 2008/0216164 (2008-09-01), Baffes et al.
patent: WO 01/71499 (2001-09-01), None
Cannady, J., & Harrell, J.R. (1996). A Comparative Analysis of Current Intrusion Detection Technologies. Proceedings of Technology in Information Security Conference (TISC) '96, 212-218.
Lee, Sin Yeung; Low, Wai Lup and Wong, Pei Yuen, “Learning Fingerprints for a Database Intrusion Detection System”, Computer Security Laboratory, DSO National Labortories, Singapore, ESORICS Nov. 2002, LNCS 2502, pp. 264-279.
Low, Wai Lup, et al., “DIDAFIT: Detecting Intrusions in Databases Through Fingerprinting Transactions,” ICEIS 2002, Fourth International Conference on Enterprise Information Systems, vol. 1, Apr. 3-6, 2002, pp. 121-128, Ciudad Real, Spain.
Parkhouse, Jayne, “Pelican SafeTNet 2.0”, [online] Jun. 2000, SC Magazine Product Review, [retrieved Dec. 1, 2003] Retrieved from the Internet: <URL: http://www.scmagazine.com/standalone/pelican/sc—pelican.html>.
Change log for Analysis Console for Intrusion Detection (Acid), indicating release date of Sep. 8, 2000 [online]. Andrew.cmu.edu [retrieved Apr. 18, 2003]. Retrieved from the Internet: <URL: http://www.andrew.cmu.edu/˜rdanyliw/snort/CHANGELOG>.
AirCERT web page, last updated Sep. 18, 2000 [online]. Cert.org [retrieved Apr. 18, 2003]. Retrieved from the Internet: <URL: http://www.cert.org/kb/aircert/>.
Analysis Console for Intrusion Detection (ACID) web page [online]. Andrew.cmu.edu [retrieved Apr. 18, 2003]. Retrieved from the Internet: <URL: http://www.andrew.cmu.edu/˜rdanyliw/snort/snortacid.html>.
Schneier, Bruce, Managed Security Monitoring: Network Security for the 21st Century, 2001 [online]. Counterpane.com [retrieved Apr. 18, 2003]. Retrieved from the Internet: <URL: http://www.counterpane.com/msm.pdf>.
Web page, announcing Nov. 11, 2000 release of Dshield [online]. Deja.com [retrieved Apr. 18, 2003]. Retrieved from the Internet: >URL: http://groups.google.com/groups?selm=8vm48v%245pd%241%40nnrp1.deja.com&oe=UTF-8&output=gplain>.
e=Security, Inc., Correlation Technology for Security Event Management, Oct. 7, 2002 [online]. eSecurityins.com [retrieved Apr. 18, 2003]. Retrieved from the Internet: <URL: http://www.esecurityinc.com/downloads/Correlation—WP.pdf>.
MyNetWatchman.com web pages indicating 9/00 beta release [online]. MyNetWatchman.com [retrieved Apr. 18, 2003]. Retrieved from the Internet: <URL: http://www.mynetwatchman.com/mynetwatchman/relnotes.htm>.
2000 Review of eSecurity product on Network Security web page [online]. SCMagazine.com [retrieved Apr. 18, 2003]. Retrieved from the Internet: <URL: http://www.scmagazine.com/scmagazine/2000—12/testc
etwork.htm#Open>.
“Caltarian Security Technology Platform”, Riptech web pages [online]. Symantec.com [retrieved Apr. 18, 2003]. Retrieved from the Internet: <URL: http://enterprisesecurity.symantec.com/Content/displayPDF.cfm?SSSPDFID=35&EID=O>.
Slashdot.org web pages describing Dshield, dated Nov. 27, 2000 [online]. Slashdot.org [retrieved Apr. 18, 2003]. Retrieved from the Internet: <URL: http://slashdot.org/article.pl?sid=00/11/27/1957238&mode=thread>.
Chung, C., Gertz, M., and Levitt, K., “DEMIDS: A Misuse Detection System for Database Systems,” Department of Computer Science, University of California at Davis, Oct. 1, 1999, pp. 1-18.
SCIP Product, Microdasys—“The need to control, inspect and manage encrypted webtraffic.” [online]. Retrieved on Mar. 18, 2005. Retrieved from the Internet: <URL: http://www.microdasys.com/scipproduct+M54a708de802.html>. Author unknown, 2 pages, Czech Republic.
Microdasys, “S C I P. Secured Content Inspection: Protecting the Enterprise from CryptoHacks,” 2003 by Microdasys Inc., 2 pages, Czech Republic.
Marketing, “Digital Certificates—Best Practices—A Microdasys Whitepaper,” bestpractice.doc, Revision 1.1 (Jul. 31, 2003), 6 pages, Czech Republic.
Network Computing Solutions—“Microdasys SCIP” [online]. Retrieved on Mar. 18, 2005. Retrieved from the Internet: <URL: http://www.ncs/cz/index.php?language=en&menuitem-4&subitem=13>, 2 pages, Czech Republic.
Network Computing Solutions—NSC Homepage—News [online]. Retrieved on Mar. 18, 2005. Retrieved from the Internet: <URL: http://www.nsc.cz/index.php?language=en&menuitem=0&subitem=4&subitem=13>, 3 pages, Czech Republic.
“SSL Stripper Installation Guide,” [online]. Retrieved in Mar. 2005 from the Internet: <URL: http://www.sslstripper.com>
Cervetti David Garcia
Fenwick & West LLP
Symantec Corporation
LandOfFree
Reducing false positives generated by a database intrusion... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Reducing false positives generated by a database intrusion..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Reducing false positives generated by a database intrusion... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2631296