Electrical computers and digital processing systems: support – Data processing protection using cryptography – Tamper resistant
Reexamination Certificate
2007-05-29
2007-05-29
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Data processing protection using cryptography
Tamper resistant
C713S193000, C713S189000
Reexamination Certificate
active
10352342
ABSTRACT:
A system and methods for detecting intrusions in the operation of a computer system comprises a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record having a predetermined format, and to transmit the data in the predetermined data format. A data warehouse is configured to receive the data record from the sensor in the predetermined data format and to store the data in a database. A detection model generator is configured to request data records from the data warehouse in the predetermined data format, to generate an intrusion detection model based on said data records, and to transmit the intrusion detection model to the data warehouse according to the predetermined data format. A detector is configured to receive a data record in the predetermined data format from the sensor and to classify the data record in real-time as one of normal operation and an attack based on said intrusion detection model. A data analysis engine is configured to request data records from the data warehouse according to the predetermined data format and to perform a data processing function on the data records.
REFERENCES:
patent: 5278901 (1994-01-01), Shieh et al.
patent: 5448722 (1995-09-01), Lynne et al.
patent: 5621889 (1997-04-01), Lermuzeaux et al.
U.S. Appl. No. 10/352,343, filed Jan. 27, 2003 claiming priority to U.S. Appl. No. 60/351,857, filed Jan. 25, 2001, entitled “Behavior Based Anomaly Detection For Host-Based Systems For Detection Of Intrusion In Computer Systems,” of Frank Apap, Andrew Honig, Shlomo Hershkop, Eleazar Eskin and Salvatore J. Stolfo.
U.S. Appl. No. 10/327,811, filed Dec. 19, 2002 claiming priority to U.S. Appl. No. 60/342,872, filed Dec. 20, 2001, entitled “System And Methods for Detecting A Denial-Of-Service Attack On A Computer System” of Salvatore J. Stolfo, Shlomo Hershkop, Rahul Bhan, Suhail Mohiuddin and Eleazar Eskin.
U.S. Appl. No. 10/320,259, filed Dec. 16, 2002 claiming priority to U.S. Appl. No. 60/328,682, filed Oct. 11, 2001 and U.S. Appl. No. 60/352,894, filed Jan. 29, 2002, entitled “Methods of Unsupervised Anomaly Detection Using A Geometric Framework” of Eleazar Eskin, Salvatore J. Stolfo and Leonid Portnoy.
U.S. Appl. No. 10/269,718, filed Oct. 11, 2002 claiming priority to U.S. Appl. No. 60/328,682, filed Oct. 11, 2001 and U.S. Appl. No. 60/340,198, filed Dec. 14, 2001, entitled “Methods For Cost-Sensitive Modeling For Intrusion Detection” of Salvatore J. Stolfo, Wenke Lee, Wei Fan and Matthew Miller.
U.S. Appl. No. 10/269,694, filed Oct. 11, 2002 claiming priority to U.S. Appl. No. 60/328,682, filed Oct. 11, 2001 and U.S. Appl. No. 60/339,952, filed Dec. 13, 2001, entitled “System And Methods For Anomaly Detection And Adaptive Learning” of Wei Fan, Salvatore J. Stolfo.
U.S. Appl. No. 10/222,632, filed Aug. 16, 2002 claiming priority to U.S. Appl. No. 60/312,703, filed Aug. 16, 2001 and U.S. Appl. No. 60/340,197, filed Dec. 14, 2001, entitled “System And Methods For Detecting Malicious Email Transmission” of Salvatore J. Stolfo, Eleazar Eskin, Manasi Bhattacharyya and Matthew G. Schultz.
U.S. Appl. No. 10/208,432, filed Jul. 30, 2002 claiming priority to U.S. Appl. No. 60/308,622, filed Jul. 30, 2001 and U.S. Appl. No. 60/308,623, filed Jul. 30, 2001, entitled “System And Methods For Detection Of New Malicious Executables” of Matthew G. Schulz, Eleazar Eskin, Erez Zadok and Salvatore J. Stolfo.
U.S. Appl. No. 10/208,402, filed Jul. 30, 2002 claiming priority to U.S. Appl. No. 60/308,621, filed Jul. 30, 2001, entitled “System And Methods For Intrusion Detection With Dynamic Window Sizes” of Eleazar Eskin and Salvatore J. Stolfo.
Honig A et al., (2002) “Adaptive Model Generation: An Architecture for the Deployment of Data Minig-based Intrusion Detection Systems.” To Appear in Data Mining for Security Applications,Kluwer.
Burroughs D et al., Apr. 2002, “Analysis of Distributed Intrusion Detection Systems Using Bayesian Methods” presented atIPCCC.
Eskin E et al., (2002) “A geometric framework for unsupervised anomaly detection: Detecting intrusions in unlabeled data.”Technical report, CUCS Technical Report.
Apap F et al., (2001) “Detecting malicious software by monitoring anomalous windows registry accesses.”Technical report, CUCS Technical Report.
Eskin E et al., (2001) “Modeling system calls for intrusion detection with dynamic window sizes.” InProceedings of DARPA Information Survivability Conference and Exposition II(DISCEX II), Anaheim, CA.
Mahoney M et al., (2001) “Detecting novel attacks by identifying anomalous network packet headers.”Technical Report CS-2001-2, Florida Institute of Technology, Melbourne, FL.
Portnoy L et al., (2001) “Intrusion detection with unlabeled data using clustering.” InProceedings of ACM CSS Workshop on Data Mining Applied to Security(DMSA-2001).
Schölkopf B et al., (To appear inNeural Computation, 2001) “Estimating the support of a high-dimensional distribution.”Technical Report 99-87, Microsoft Research, 1999.
Eskin E et al., (2000) “Anomaly detection over noisy data using learned probability distributions.” InProceedings of the Seventeenth International Conference on Machine Learning(ICML-2000).
Eskin E et al., Nov. 2000, “Adaptive Model Generation for Intrusion Detection Systems.”Workshop on Intrusion Detection and Prevention, 7th ACM Conference on Computer Security, Athens, GR.
Lee W et al., Nov. 2000, “A framework for constructing features and models for intrusion detection systems.”ACM Transactions on Information and System Security, 3(4)1-33.
Lane T et al., (1999) “Temporal sequence learning and data reduction for anomaly detection.”ACM Transactions on Information and System Security, 2(3):295-331.
Warrender C et al., (1999) “Detecting intrusions using system calls: alternative data models.” InProceedings of the 1999 IEEE Symposium on Security and Privacy, IEEE Computer Society, pp. 133-145.
Lee W et al., Aug. 1998, “Mining Audit Data to Build Intrusion Detection Models” InProceedings of the Fourth International Conference on Knowledge Discovery and Data Mining(KDD '98), New York, NY.
Lee W et al., (1998), “Data mining approaches for intrusion detection.” InProceedings of the Seventh USENIX Security Symposium.
Paxson V, (1998) Bro: A system for detecting network intruders in real time. In7th Annual USENIX Security Symposium.
Staniford-Chen S et al., Oct. 1998, “The common intrusion detection framework (cidf).” InProceedings of the Information Survivability Workshop.
Lane T et al., (1997) “Sequence Matching and Learning in Anomaly Detection for Computer Security” AAAI Workshop:AI Approaches to Fraud Detection and Risk Managementpp. 49-49.
Lee W et al., (1997) “Learning patterns from unix processes execution traces for intrusion detection.” InProceedings of the AAAI-97 Workshop on AI Approaches to Fraud Detection and Risk Managementpp. 50-56. Menlo Park, CA: AAAI Press.
Forrest S et al., (1996) “A sense of self for unix processes.” InProceedings of the 1996 IEEE Symposium on Security and Privacy, pp. 120-128. IEEE Computer Society.
Cohen WW, (1995) Fast effective rule induction. InInternational Conference on Machine Learning, pp. 115-123.
Denning DE, (1987) An intrusion detection model.IEEE Transactions on Software Engineering, SE-13:222-232.
Eskin Eleazar
Honig Andrew
Howard Andrew
Stolfo Salvatore J.
Baker & Botts LLP
Peeso Thomas R.
The Trustees of Columbia University in the City of New York
LandOfFree
System and methods for adaptive model generation for... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and methods for adaptive model generation for..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and methods for adaptive model generation for... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3770919