Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2004-12-22
2009-10-20
Simitoski, Michael J (Department: 2439)
Information security
Monitoring or scanning of software or data including attack...
C726S023000, C726S024000, C726S025000, C709S224000
Reexamination Certificate
active
07607170
ABSTRACT:
A method for detecting an attack in a computer network includes monitoring communication traffic transmitted over connections on the network that are associated with a stateful application protocol so as to detect respective states of the connections, and analyzing a distribution of the states so as to detect the attack.
REFERENCES:
patent: 5278901 (1994-01-01), Shieh et al.
patent: 5557742 (1996-09-01), Smaha et al.
patent: 5638490 (1997-06-01), Eckert et al.
patent: 5991881 (1999-11-01), Conklin et al.
patent: 6279113 (2001-08-01), Vaidya
patent: 6282546 (2001-08-01), Gleichauf et al.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6370648 (2002-04-01), Diep
patent: 6453345 (2002-09-01), Trcka et al.
patent: 6487666 (2002-11-01), Shanklin et al.
patent: 6535227 (2003-03-01), Fox et al.
patent: 6622135 (2003-09-01), De Tremiolles et al.
patent: 6715084 (2004-03-01), Aaron et al.
patent: 6816910 (2004-11-01), Ricciulli
patent: 7028179 (2006-04-01), Anderson et al.
patent: 7308715 (2007-12-01), Gupta et al.
patent: 7370357 (2008-05-01), Sekar
patent: 2002/0059078 (2002-05-01), Valdes et al.
patent: 2002/0083175 (2002-06-01), Afek et al.
patent: 2002/0103916 (2002-08-01), Chen et al.
patent: 2002/0107953 (2002-08-01), Ontiveros et al.
patent: 2002/0133586 (2002-09-01), Shanklin et al.
patent: 2002/0162026 (2002-10-01), Neuman et al.
patent: 2003/0009699 (2003-01-01), Gupta et al.
patent: 2003/0014665 (2003-01-01), Anderson et al.
patent: 2003/0046581 (2003-03-01), Call et al.
patent: 2003/0196095 (2003-10-01), Jeffries et al.
patent: 2004/0083408 (2004-04-01), Spiegel et al.
patent: 2004/0098617 (2004-05-01), Sekar
patent: 2004/0111531 (2004-06-01), Staniford et al.
patent: 2004/0162994 (2004-08-01), Cohen et al.
patent: 2004/0236963 (2004-11-01), Danford et al.
patent: 2004/0250124 (2004-12-01), Chesla et al.
patent: 2005/0021740 (2005-01-01), Bar et al.
patent: 2005/0111460 (2005-05-01), Sahita
patent: 2003-218949 (2003-07-01), None
patent: WO 02/45380 (2002-06-01), None
patent: WO 03/050644 (2003-06-01), None
Wang, Haining et al. “Detecting SYN Flooding Attacks”, 2002.
Peng, Tao et al. “Detecting Distributed Denial of Service Attacks Using Source IP Address Monitoring”, Nov. 2002.
Mirkovic, Jelena. “D-WARD: DDoS Network Attack Recognition and Defense”, Jan. 2002.
Tzerefos, P. et al. “A Comparative Study of Simple Mail Transfer Protocol (SMTP), Post Office Protocol (POP) and X.400 Electronic Mail Protocols”, 1997 IEEE.
Ohsita, Yuichi et al. “Detecting Distributed Denial-of-Service Attacks by analyzing TCP SYN packets statistically”, Nov.-Dec., 2004.
Guo, Fanglu et al. “Traffic Analysis: From Stateful Firewall to Network Intrusion Detection System”, Jan. 2004.
Phillip Andrew Porras, “STAT A State Transition Analysis Tool For Intrusion Detection”, University of California, 1992, pp. 1-35.
Koral Ilgun, et al., “State Transition Analysis: A Rule-Based Intrusion Detection Approach”, IEEE Transactions on Software Engineering, vol. XX, No. Y, month 1995, pp. 1-22.
C.C. Michael, et al., “Simple, state-based approaches to program-based anomaly detection”, ACM Transactions on Information and System Security (TISSEC), vol. 5, issue 3, Aug. 2002, pp. 203-237.
Ho-Yen Chang, et al., “Real-time protocol analysis for detecting link-state routing protocol attacks”, ACM Transactions on Information and System Security (TISSEC), vol. 4, issue 1, Feb. 2001, pp. 1-36.
S. T. Eckmann, et al., “STATL: an attack language for state-based intrusion detection”, J. Comput. Secur., vol. 10, No. 1-2, 2002, 41 pages.
R. Sekar, et al., “Specification-based Anomaly Detection: A New Approach for Detecting Network Intrusions”, CCS '02, Nov. 18-22, 2002, pp. 265-274.
Paul Barford, et al., “A signal analysis of network traffic anomalies”, Proceedings of the 2ndACM SIGCOMM Workshop on Internet Measurement, Session 3, 2002, pp. 71-82.
“Polymorphic Shellcode Engine Using Spectrum Analysis”, http://www.phrack.org/phrack, 2005, pp. 1-21.
Dr. Myron L. Cramer, et al., “New Methods of Intrusion Detection using Control-Loop Measurement”, Fourth Technology for Information Security Conference, May 16, 1996, pp. 1-8.
C.S. Hood, et al., “Proactive network fault detection”, INFOCOM '97, Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies, Proceedings IEEE, Apr. 7-11, 1997, pp. 1147-1155.
L. J. Kohout, et al., “Activity Profiles for Intrusion Detection”, 2002 Annual Meeting of the North American Fuzzy Information Processing Society Proceedings, Jun. 2002, pp. 1-6.
German Florez, et al., “An Improved Algorithm for Fuzzy Data Mining for Intrusion Detection”, Proceedings of the 2002 North American Fuzzy Information Processing Society (NAPIPS), Jun. 2002, 5 pages.
Levent Ertoez, et al., “Detection and Summarization of Novel Network Attacks Using Data Mining”, AHPCRC Technical Report, 2003, 20 pages.
Milos Manic, et al., “Fuzzy Preference Approach for Computer Network Attack Detection”, IEEE, 2001, pp. 1345-1349.
John E. Dickerson, et al., “Fuzzy Network Profiling for Intrusion Detection”, Proceedings of NAFIPS 19thInternational Conference of the North American Fuzzy Information Processing Society, Jul. 2000, 6 pages.
Barry Irwin, “Reclaiming one's bandwidth: Dynamic filtering of traffic based on packet payload content”, Jun. 2000, 4 pages. http://homes.cs.ru.ac.za/B.Irwin/research/Barry—irwin-dynamic-filtering—SACLA2002.pdf.
“Characterizing and Tracing Packet Floods Using Cisco Routers”, Cisco Systems, 1999, pp. 1-8.
“Cert Coordination Center: Denial of Service Attacks”, Carnegie Mellon University, 1997, pp. 1-5.
Hung T. Nguyen, et al., “A First Course in Fuzzy Logic”, Second Edition Chapman & Hall/CRC, 3 Cover pages, Chapter 1, pp. 1-15, Chapter 2, pp. 19-38, Chapter 5, pp. 83-108, and 129-136, Chapter 13, pp. 319-332, Jul. 1999.
“Fuzzy Logic Toolbox For Use with MATLAB”, User's Guide Version 2, The Math Works Inc., Natick, MA Jul. 2002, Cover pp. 4, I-VIII, pp. (1)-(1-14), and (2) (2-57).
J. Wesley Hines, “Fuzzy and Neural Approaches in Engineering”, Wiley-Interscience Publications, Jan. 1997, Cover pp. 1-3, 5-52.
Mathew M. Williamson, “Throttling Viruses: Restricting Propagation to defeat Malicious Mobile Code”, 2002, Cover pp. 1, pp. 1-6.
Jaime Twycross, et al., “Implementing and Testing a Virus Throttle”, Jaime@milieu3.net, matthew.williamson@hp.com, 2003, pp. 1-9.
Avi Chesla, “Using a Spectrum Analyzer to Accurately Detect Misuse of TCP Resources and Malicious Activity on Data Networks”, Jun. 10, 2003, V-Secure, 11 Pages.
“PacketShaper® Features (for Packetwise 5.2)” Document version dated Feb. 20, 2002. http://www.packetshaper.com/documentation/packetguide/5.3.0/documents/psFeatures.pdf.
Oblon, Spivak McClelland, Maier & Neustadt, L.L.P.
Radware Ltd.
Simitoski Michael J
LandOfFree
Stateful attack protection does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Stateful attack protection, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Stateful attack protection will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4086932