Electrical computers and digital processing systems: multicomput – Computer network managing – Computer network monitoring
Reexamination Certificate
2006-01-10
2010-12-07
Patel, Ashok B (Department: 2449)
Electrical computers and digital processing systems: multicomput
Computer network managing
Computer network monitoring
C707S717000, C707S725000
Reexamination Certificate
active
07849185
ABSTRACT:
A method for correlating event information comprises receiving a query associated with an attribute value of a detected event. The method continues by identifying a rule for determining the attribute value, the rule associated with a rule identifier. The method continues by identifying in a first table a rule update time associated with the rule. The method continues by determining attribute values for a plurality of detected events stored in a second table, wherein the plurality of detected events occurred after the rule update time and are associated with event identifiers. The method continues by storing in a third table the determined attribute values and the event identifiers. The method concludes by identifying in the third table one or more event identifiers associated with one or more attribute values that satisfy the query.
REFERENCES:
patent: 5020411 (1991-06-01), Rowan
patent: 5341229 (1994-08-01), Rowan
patent: 5432871 (1995-07-01), Novik
patent: 5790599 (1998-08-01), Wright, Jr. et al.
patent: 5805801 (1998-09-01), Holloway et al.
patent: 5991881 (1999-11-01), Conklin et al.
patent: 6088804 (2000-07-01), Hill et al.
patent: 6226589 (2001-05-01), Maeda et al.
patent: 6253337 (2001-06-01), Maloney et al.
patent: 6327550 (2001-12-01), Vinberg et al.
patent: 6341298 (2002-01-01), Ilani
patent: 6347263 (2002-02-01), Johnson et al.
patent: 6404380 (2002-06-01), Poore, Jr.
patent: 6408297 (2002-06-01), Ohashi
patent: 6421467 (2002-07-01), Mitra
patent: 6574378 (2003-06-01), Lim
patent: 6633882 (2003-10-01), Fayyad et al.
patent: 6650779 (2003-11-01), Vachtesvanos et al.
patent: 6665715 (2003-12-01), Houri
patent: 6674911 (2004-01-01), Pearlman et al.
patent: 6744396 (2004-06-01), Stone et al.
patent: 6954775 (2005-10-01), Shanklin et al.
patent: 7017186 (2006-03-01), Day
patent: 7058976 (2006-06-01), Dark
patent: 7100204 (2006-08-01), Myllymaki et al.
patent: 7127743 (2006-10-01), Khanolkar et al.
patent: 7130611 (2006-10-01), Kimura et al.
patent: 7146421 (2006-12-01), Syvanne
patent: 7185368 (2007-02-01), Copeland, III
patent: 7251376 (2007-07-01), Qian et al.
patent: 7293238 (2007-11-01), Brook
patent: 7324108 (2008-01-01), Hild et al.
patent: 7352280 (2008-04-01), Rockwood
patent: 7370358 (2008-05-01), Ghanea-Hercock
patent: 2002/0059164 (2002-05-01), Shtivelman
patent: 2002/0078381 (2002-06-01), Farley et al.
patent: 2002/0112189 (2002-08-01), Syvanne et al.
patent: 2002/0165842 (2002-11-01), Hellerstein et al.
patent: 2003/0009699 (2003-01-01), Gupta et al.
patent: 2003/0023876 (2003-01-01), Bardsley et al.
patent: 2003/0058339 (2003-03-01), Trajkovic et al.
patent: 2003/0105976 (2003-06-01), Copeland, III
patent: 2003/0145226 (2003-07-01), Bruton, III et al.
patent: 2003/0154399 (2003-08-01), Zuk et al.
patent: 2003/0177383 (2003-09-01), Ofek et al.
patent: 2003/0188189 (2003-10-01), Desai et al.
patent: 2003/0200236 (2003-10-01), Hong
patent: 2003/0217289 (2003-11-01), Ammon et al.
patent: 2004/0015719 (2004-01-01), Lee et al.
patent: 2004/0024855 (2004-02-01), Tsai et al.
patent: 2004/0025044 (2004-02-01), Day
patent: 2004/0044912 (2004-03-01), Connary et al.
patent: 2004/0049698 (2004-03-01), Ott et al.
patent: 2004/0098623 (2004-05-01), Scheidell
patent: 2004/0103211 (2004-05-01), Jackson et al.
patent: 2004/0107125 (2004-06-01), Guheen et al.
patent: 2004/0117407 (2004-06-01), Kumar et al.
patent: 2004/0117654 (2004-06-01), Feldman et al.
patent: 2004/0133543 (2004-07-01), Shlaes et al.
patent: 2004/0172557 (2004-09-01), Nakae et al.
patent: 2004/0193943 (2004-09-01), Angelino et al.
patent: 2004/0215977 (2004-10-01), Goodman et al.
patent: 2004/0260945 (2004-12-01), Raikar et al.
patent: 2004/0261116 (2004-12-01), Mckeown et al.
patent: 2004/0267886 (2004-12-01), Malik
patent: 2005/0035965 (2005-02-01), Sloan et al.
patent: 2005/0044406 (2005-02-01), Stute
patent: 2005/0047670 (2005-03-01), Qian et al.
patent: 2005/0108518 (2005-05-01), Pandya
patent: 2005/0138110 (2005-06-01), Redlich et al.
patent: 2005/0222996 (2005-10-01), Yalamanchi
patent: 2005/0254654 (2005-11-01), Rockwell et al.
patent: 2006/0010493 (2006-01-01), Piesco et al.
patent: 2006/0031934 (2006-02-01), Kriegel
patent: 2006/0130070 (2006-06-01), Graf
patent: 2006/0209836 (2006-09-01), Ke et al.
patent: 2006/0253905 (2006-11-01), Mansel
patent: 2006/0253907 (2006-11-01), McConnell
patent: 2007/0009160 (2007-01-01), Loo et al.
patent: 2007/0157312 (2007-07-01), Joubert et al.
“Incremental Maintenance of Nested Relational Views”. Jixue Liu; Vincent, Millist; Mohania, Mukesh. Database Engineering and Applications, 1999. IDEAS '99. International Symposium Proceedings. Aug. 2-4, 1999. pp. 197-205. Digital Object Identifier 10.1109/IDEAS.1999.787268.
U.S. Appl. No. 10/407,513, entitled “Vertically Extensible Intrusion Detection System and Method”, inventors Jon-Michael C. Brook, et al., 44 pages plus 7 pages of drawings, Filing date Apr. 4, 2003.
U.S. Appl. No. 10/407,700, entitled “Dynamic Rule Generation for an Enterprise Intrusion Detection System”, inventors Jon-Michael C. Brook, et al., 38 pages plus 7 pages of drawings, Filing date Apr. 4, 2003.
U.S. Appl. No. 10/407,030, entitled “Graphical User Interface for an Enterprise Intrusion Detection System”, inventors Jon-Michael C. Brook, et al., 34 pages plus 7 pages of drawings, Filing date Apr. 4, 2003.
U.S. Appl. No. 11/176,436, entitled “System and Method for Active Data Collection in a Network Security System”, inventor Troy D. Rockwood, 23 pages plus 2 pages of drawings, Filing date Jul. 6, 2005.
U.S. Appl. No. 11/219,291, entitled “System and Method for Collaborative Information Security Correlation in Low Bandwidth Environments”, inventor Troy D. Rockwood, 44 pages plus 7 pages of drawings, Filing date Sep. 1, 2005.
U.S. Appl. No. 11/219,025, entitled “System and Method for Interactive Correlation Rule Design in a Network Security System”, inventor Troy D. Rockwood, 31 pages plus 4 pages of drawings, Filing date Sep. 1, 2005.
U.S. Appl. No. 11/219,595, entitled “System and Method for Intruder Tracking Using Advanced Correlation in a Network Security System”, inventor Troy D. Rockwood, 43 pages plus 7 pages of drawings, Filing date Sep. 1, 2005.
Rockwood, T.D.,USPTO, Office Actionfor U.S. Appl. No. 11/176,436, filed Jul. 6, 2005, mailed Aug. 7, 2009, 12 pages, Aug. 7, 2009.
Jiang, Qin,USPTO, Office Actionfor U.S. Appl. No. 11/559,786, filed Nov. 14, 2006, mailed Aug. 10, 2009, 9 pages, Aug. 10, 2009.
Jun Li, et al.;Multi-Tier Intrusion Detection System; 11 pages.
Handbook 13; Intrusion Detection and Audit Analysis, Version 1.0; Australian Communications-Electronic Security Instruction 33 (ACSI33); 13 pages.
N. Hari Narayanan, et al.;A Methodology for Knowledge Acquisition and Reasoning in Failure Analysis of Systems; IEEE Transactions on Systems, Man, and Cybernetics; vol. SMC-17, No. 2; pp. 274-288, 1987.
Henry S. Vaccaro;Detection of Anomalous Computer Session Activity; IEEE Symposium on Research in Security and Privacy; 24 pages, May 1989.
Henry S. Teng, et al.;Security Audit Trail Analysis Using Inductively Generated Predictive Rules; IEEE; CH2842-3/90/0000/0024; pp. 24-29, 1990.
Henry S. Teng, et al.;Adaptive Real-Time Anomaly Detection Using Inductively Generated Sequential Patterns; IEEE; CH2884-5/90/0000/0278; pp. 278-284, 1990.
Allen Gersho, et al.;Vector Quantization and Signal Compression; Kluwer Academic Publishers; 736 pages, 1992.
Keith C. C. Chan, et al.;Learning Sequential Patterns for Probabilistic Inductive Prediction; IEEE Transactions on Systems, Man, and Cybernetics; vol. 24, No. 10; 16 pages, Oct. 1994.
F. Girault, et al.;Linear Logic as a Tool for Reasoning on a Petri Net Model; IEEE Symposium on Emerging Technologies and Factory Automation; 11 pages, Oct. 1995.
P. Nassery, et al.;Real Time Seismic Signal Processing Using the ARMA Model Coefficients and an Intelligent Monitoring System; IEEE TENCON—Speech and Image Technologies for Computing and Telecommunications; pp. 807-810, 1997.
Moataz A. Ahmed
Baker & Botts L.L.P.
Bechtel Kevin
Patel Ashok B
Raytheon Company
LandOfFree
System and method for attacker attribution in a network... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for attacker attribution in a network..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for attacker attribution in a network... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4166002