Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2011-03-22
2011-03-22
Revak, Christopher A (Department: 2431)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C726S022000
Reexamination Certificate
active
07913306
ABSTRACT:
A method for detecting intrusions in the operation of a computer system is disclosed which comprises gathering features from records of normal processes that access the files system of the computer, such as the Windows registry, and generating a probabilistic model of normal computer system usage based on occurrences of said features. The features of a record of a process that accesses the Windows registry are analyzed to determine whether said access to the Windows registry is an anomaly. A system is disclosed, comprising a registry auditing module configured to gather records regarding processes that access the Windows registry; a model generator configured to generate a probabilistic model of normal computer system usage based on records of a plurality of processes that access the Windows registry and that are indicative of normal computer system usage; and a model comparator configured to determine whether the access of the Windows registry is an anomaly.
REFERENCES:
patent: 6647400 (2003-11-01), Moran
patent: 6742124 (2004-05-01), Kilpatrick et al.
patent: 6907430 (2005-06-01), Chong et al.
patent: 7162741 (2007-01-01), Eskin et al.
patent: 7225343 (2007-05-01), Honig et al.
patent: 7509679 (2009-03-01), Alagna et al.
patent: 2003/0065926 (2003-04-01), Schultz et al.
patent: 2003/0167402 (2003-09-01), Stolfo et al.
patent: 2004/0098607 (2004-05-01), Alagna et al.
patent: 2004/0187023 (2004-09-01), Alagna et al.
patent: 2006/0075492 (2006-04-01), Golan et al.
patent: 2006/0174319 (2006-08-01), Kraemer et al.
patent: 2009/0089040 (2009-04-01), Monastyrsky et al.
patent: 2009/0288161 (2009-11-01), Wei et al.
patent: 2009/0313699 (2009-12-01), Jang et al.
patent: 2010/0095379 (2010-04-01), Obrecht et al.
U.S. Appl. No. 10/327,811, filed Dec. 19, 2002 claiming priority to U.S. Appl. No. 60/342,872, filed Dec. 20, 2001, entitled “System And Methods for Detecting a Denial-Of-Service Attack On A Computer System” of Salvatore J. Stolfo, Shlomo Hershkop, Rahul Bhan, Suhail Mohiuddin and Eleazar Eskin. (AP34898).
U.S. Appl. No. 10/320,259, filed Dec. 16, 2002 claiming priority to U.S. Appl. No. 60/328,682, filed Oct. 11, 2001 and U.S. Appl. No. 60/352,894, filed Jan. 29, 2002, entitled “Methods of Unsupervised Anomaly Detection Using a Geometric Framework” of Eleazar Eskin, Salvatore J. Stolfo and Leonid Portnoy. (AP34888).
U.S. Appl. No. 10/269,718, filed Oct. 11, 2002 claiming priority to U.S. Appl. No. 60/328,682, filed Oct. 11, 2001 and U.S. Appl. No. 60/340,198, filed Dec. 14, 2001, entitled “Methods for Cost-Sensitive Modeling for Intrusion Detection” of Salvatore J. Stolfo, Wenke Lee, Wei Fan and Matthew Miller. (AP34885).
U.S. Appl. No. 10/269,694, filed Oct. 11, 2002 claiming priority to U.S. Appl. No. 60/328,682, filed Oct. 11, 2001 and U.S. Appl. No. 60/339,952, filed Dec. 13, 2001, entitled “System and Methods for Anomaly Detection and Adaptive Learning” of Wei Fan, Salvatore J. Stolfo. (AP34886).
Lee et al., “A Framework for Constructing Features and Models for Intrusion Detection Systems,” Nov. 2000, ACM Transactions on Information and System Security, vol. 3, No. 4, p. 22.
Eskin et al., “Adaptive Model Generation for Intrusion Detection Systems,” Workshop on Intrusion Detection and Prevention, 7th ACM Conference on Computer Security, Athens, Nov. 20000.
Korba, “Windows NT Attacks for the Evaluation of Intrusion Detection Systems,” May 2000.
Honig A et al., (2002) “Adaptive model generation: An Architecture for the deployment of data mining-based intrusion detection systems.” InData Mining for Security Applications. Kluwer.
Friedman N et al., (1999) “Efficient bayesian parameter estimation in large discrete domains.” Advances in Neural Information Processing Systems 11.
Javits HS et al., Mar. 7, 1994, “The nides statistical component: Description and justification.”Technical report, SRI International.
D. E. Denning, An Intrusion Detection Model,IEEE Transactions on Software Engineering, SE-13:222-232, 1987.
Wenke Lee, Sal Stolfo, and Kui Mok. “Mining in a Data-flow Environment: Experience in Network Intrusion Detection”In Proceedings of the 5th ACM SIGKDD International Conference on Knowledge Discovery&Data Mining(KDD '99), San Diego, CA, Aug. 1999.
Stephanie Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff, “A Sense of Self for UNIX Processes,”IEEE Computer Society, pp. 120-128, 1996.
Christina Warrender, Stephanie Forrest, and Barak Pearlmutter, “Detecting Intrusions Using System Calls: Alternative Data Models,”IEEE Computer Society, pp. 133-145, 1999.
S. A. Hofmeyr, Stephanie Forrest, and A. Somayaji, “Intrusion Detect Using Sequences of System Calls,”Journal of Computer Security, 6:151-180, 1998.
W. Lee, S. J. Stolfo, and P. K. Chan, “Learning Patterns from UNIX Processes Execution Traces for Intrusion Detection,” AAAI Press, pp. 50-56, 1997.
Eleazar Eskin, “Anomaly Detection Over Noisy Data Using Learned Probability Distributions,”Proceedings of the Seventeenth International Conference on Machine Learning(ICML-2000), 2000.
N. Friedman and Y. Singer, “Efficient Bayesian Parameter Estimation in Large Discrete Domains,”Advances in Neural Information Processing Systems 11, MIT Press, 1999.
M. Mahoney and P. Chan, “Detecting Novel Attacks by Identifying Anomalous Network Packet Headers,”Technical Report CS-2001-2, Florida Institute of Technology, Melbourne, FL, 2001.
H. Debar et al., “Intrusion Detection Exchange Format Data Model,” Internet Engineering Task Force, Jun. 15, 2000.
Apap Frank
Eskin Eleazar
Honig Andrew
Shlomo Hershkop
Stolfo Salvatore J.
Baker & Botts LLP
Revak Christopher A
The Trustees of Columbia University in the City of New York
LandOfFree
System and methods for detecting intrusions in a computer... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and methods for detecting intrusions in a computer..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and methods for detecting intrusions in a computer... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2722871