Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2011-03-08
2011-03-08
Thomas, Joseph (Department: 2492)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C726S022000, C726S024000, C726S025000, C713S180000, C713S188000
Reexamination Certificate
active
07904960
ABSTRACT:
Systems and methods for virtualizing network intrusion detection system (IDS) functions based on each packet's source and/or destination host computer operating system (OS) type and characteristics are described. Virtualization is accomplished by fingerprinting each packet to determine the packet's target OS and then vetting each packet in a virtual IDS against a reduced set of threat signatures specific to the target OS. Each virtual IDS, whether operating on a separate computer or operating as a logically distinct process or separate thread running on a single computer processor, may also operate in parallel with other virtual IDS processes. IDS processing efficiency and speed are greatly increased by the fact that a much smaller subset of threat signature universe is used for each OS-specific packet threat vetting operation.
REFERENCES:
patent: 6789202 (2004-09-01), Ko et al.
patent: 7174566 (2007-02-01), Yadav
patent: 2002/0035639 (2002-03-01), Xu
patent: 2002/0069369 (2002-06-01), Tremain
patent: 2003/0004688 (2003-01-01), Gupta et al.
patent: 2003/0004689 (2003-01-01), Gupta et al.
patent: 2003/0145226 (2003-07-01), Bruton et al.
patent: 2003/0188189 (2003-10-01), Desai et al.
patent: 2003/0212910 (2003-11-01), Rowland et al.
patent: 2004/0193943 (2004-09-01), Angelino et al.
patent: 2004/0250169 (2004-12-01), Takemori et al.
patent: 2004/0260945 (2004-12-01), Raikar et al.
patent: 2005/0086522 (2005-04-01), Rowland et al.
patent: 2006/0206615 (2006-09-01), Zheng et al.
Toby Miller;Passive OS Fingerprinting: Details and Techniques; available at http://www.sans.org/rr/special/passiveos.php; last viewed Apr. 13, 2004; eight pages.
Toby Miller;Passive OS Fingerprinting: Details and Techinques(Part 2); available at http://www.sans.org/rr/special/passiveos2.php; last viewed Apr. 13, 2004; eight pages.
Fyodor;Remote OS detection via TCP/IP Stack Fingerprinting; available at http://www.insecure.org
map
map-fingerprinting-article.html; last viewed Apr. 13, 2004; twelve pages.
Ofir Arkin;ICMP Usage In Scanning, Version 3.0; available at http://www.sys-security.com/-archive/papers/ICMP—Scanning—v3.0.pdf; last viewed Apr. 13, 2004; 218 pages.
Kyle Haugsness;Intrusion Detection In Depth; GCIA Practical Assignment Version 3.0; Dec. 2, 2001; available at http://ww.sans.org/rr/papers/23/835.pdf; last viewed Apr. 13, 2004; 88 pages.
Syed Yasir Abbas;Introducing Multi Threaded Solution to Enhance the Efficiency of Snort; Dec. 7, 2002; available at http://www.cs.fsu.edu/research/reports/TR-021204.pdf; last viewed Apr. 14, 2004; 83 pages.
Martin Roesch and Chris Green;SnortTM Users Manual 2.2.0: The Snort Project; Aug. 10, 2004; Sourcefire, Inc.; available at http://www.snort.org/-docs/snort—manual/; 89 pages.
Hervé Debar et al., “Towards a taxonomy of intrusion-detection systems” Computer Networks, Elsevier Science Publishers B.V., Amsterdam, NL, vol. 31, No. 8, Apr. 23, 1999, pp. 805-822.
Notification of Transmittal of the International Search Report and including the International Search Report, for PCT/US2005/011702, filed on Apr. 5, 2005. Total number of pp. 7.
BainwoodHuang
Cisco Technology Inc.
Pan Joseph
Thomas Joseph
LandOfFree
Source/destination operating system type-based IDS... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Source/destination operating system type-based IDS..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Source/destination operating system type-based IDS... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2723853