Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2003-01-27
2008-11-04
Revak, Christopher A (Department: 2131)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C726S022000
Reexamination Certificate
active
07448084
ABSTRACT:
A method for detecting intrusions in the operation of a computer system is disclosed which comprises gathering features from records of normal processes that access the files system of the computer, such as the Windows registry, and generating a probabilistic model of normal computer system usage based on occurrences of said features. The features of a record of a process that accesses the Windows registry are analyzed to determine whether said access to the Windows registry is an anomaly. A system is disclosed, comprising a registry auditing module configured to gather records regarding processes that access the Windows registry; a model generator configured to generate a probabilistic model of normal computer system usage based on records of a plurality of processes that access the Windows registry and that are indicative of normal computer system usage; and a model comparator configured to determine whether the access of the Windows registry is an anomaly.
REFERENCES:
patent: 6647400 (2003-11-01), Moran
patent: 6742124 (2004-05-01), Kilpatrick et al.
patent: 6778995 (2004-08-01), Gallivan
patent: 6820081 (2004-11-01), Kawai et al.
patent: 6888548 (2005-05-01), Gallivan
patent: 6978274 (2005-12-01), Gallivan et al.
patent: 7035876 (2006-04-01), Kawai et al.
patent: 7080076 (2006-07-01), Williamson et al.
patent: 2003/0070003 (2003-04-01), Chong et al.
patent: 2006/0174319 (2006-08-01), Kraemer et al.
Eskin, E., M. Miller, Z.D. Zhong, G. Yi, W.A. Lee, and S. J. Stolfo. Adaptive Model Generation for Intrusion Detection Systems. Workshop on INtrusion Detection and Prevention, 7th ACM Conferenece on Computer Security, Athens. Nov. 2000.
Korba, Jonathan. Windows NT Attacks for the Evaluation of Intrusion Detection Systems. May 2000.
Lee et al, “A Framework for Constructing Features and Models for Intrusion Detection Systems”, Nov. 2000, ACM Transactions on Information and System Security, vol. 3, No. 4, pp. 22.
U.S. Appl. No. 10/352,342, filed Jan. 27, 2003 claiming priority to U.S. Appl. No. 60/351,913, filed Jan. 25, 2002, entitled “Data Warehouse Architecture For Adaptive Model Generation Capability In Systems For Detecting Intrusion In Computer Systems,” of Salvatore J. Stolfo, Eleazar Eskin, Matthew Miller, Juxin Zhang and Zhi-Da Zhong. (AP34982).
U.S. Appl. No. 10/327,811, filed Dec. 19, 2002 claiming priority to U.S. Appl. No. 60/342,872, filed Dec. 20, 2001, entitled “System and Methods for Detecting A Denial-Of-Service Attack On A Computer System” of Salvatore J. Stolfo, Shlomo Hershkop, Rahul Bhan, Suhail Mohiuddin and Eleazar Eskin. (AP34898).
U.S. Appl. No. 10/320,259, filed Dec. 16, 2002 claiming priority to U.S. Appl. No. 60/328,682, filed Oct. 11, 2001 and U.S. Appl. No. 60/352,894, filed Jan. 29, 2002, entitled “Methods of Unsupervised Anomaly Detection Using A Geometric Framework” of Eleazar Eskin, Salvatore J. Stolfo and Leonid Portnoy. (AP34888).
U.S. Appl. No. 10/269,718, filed Oct. 11, 2002 claiming priority to U.S. Appl. No. 60/328,682, filed Oct. 11, 2001 and U.S. Appl. No. 60/340,198, filed Dec. 14, 2001, entitled “Methods For Cost-Sensitive Modeling For Intrusion Detection” of Salvatore J. Stolfo, Wenke Lee, Wei Fan and Matthew Miller. (AP34885).
U.S. Appl. No. 10/269,694, filed Oct. 11, 2002 claiming priority to U.S. Appl. No. 60/328,682, filed Oct. 11, 2001 and U.S. Appl. No. 60/339,952, filed Dec. 13, 2001, entitled “System And Methods For Anomaly Detection And Adaptive Learning” of Wei Fan, Salvatore J. Stolfo. (AP34886).
U.S. Appl. No. 10/222,632, filed Aug. 16, 2002 claiming priority to U.S. Appl. No. 60/312,703, filed Aug. 16, 2001 and U.S. Appl. No. 60/340,197, filed Dec. 14, 2001, entitled “System And Methods For Detecting Malicious Email Transmission” of Salvatore J. Stolfo, Eleazar Eskin, Manasi Bhattacharyya and Matthew G. Schultz. (AP34887).
U.S. Appl. No. 10/208,432, filed Jul. 30, 2002 claiming priority to U.S. Appl. No. 60/308,622, filed Jul. 30, 2001 and U.S. Appl. No. 60/308,623, filed Jul. 30, 2001, entitled “System And Methods For Detection Of New Malicious Executables” of Matthew G. Schultz, Eleazar Eskin, Erez Zadok and Salvatore J. Stolfo. (AP34542).
U.S. Appl. No. 10/208,402, filed Jul. 30, 2002 claiming priority to U.S. Appl. No. 60/308,621, filed Jul. 30, 2001, entitled “System And Methods For Intrusion Detection With Dynamic Windows Sizes” of Eleazar Eskin and Salvatore J. Stolfo. (AP34541).
Honig A et al., (2002) “Adaptive model generation: An Architecture for the deployment of data mining-based intrusion detection systems.” InData Mining for Security Applications. Kluwer.
Friedman N. et al., (1999) “Efficient bayesian parameter estimation in large discrete domains.”
Javits HS et al., Mar. 7, 1994, “The nides statistical component: Description and justification.”Techical report, SRI International.
D. E. Denning, An Intrusion Detection Model,IEEE Transactions on Software Engineering, SE-13:222-232, 1987.
Wenke Lee, Sal Stolfo, and Kui Mok. “Mining in a Data-flow Environment: Experience in Network Intrusion Detection”In Proceedings of the 5th ACM SIGKDD International Conference on Knowledge Discovery&Data Mining(KDD '99), San Diego, CA, Aug. 1999.
Stephanie Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff, “A Sense of Self for UNIX Processes,”IEEE Computer Society, pp. 120-128, 1996.
Christina Warrender, Stephanie Forrest, and Barak Pearlmutter, “Detecting Intrusions Using System Calls: Alternative Data Models,”IEEE Computer Society, pp. 133-145, 1999.
S. A. Hofmeyr, Stephanie Forrest, and A. Somayaji, “Intrusion Detect Using Sequences of System Calls,”Journal of Computer Society, 6:151-180, 1998.
W. Lee, S. J. Stolfo, and P. K. Chan, “Learning Patterns from UNIX Processes Execution Traces for Intrusion Detection,” AAAI Press, pp. 50-56, 1997.
Eleazar Eskin, “Anomaly Detection Over Noisy Data Using Learned Probability Distributions,”Proceedings of the Seventeenth International Conference on Machine Learning(ICML-2000), 2000.
N. Friedman and Y. Singer, “Efficient Bayesian Parameter Estimation in Large Discrete Domains,”Advances in Neural Information Processing Systems 11, MIT Press, 1999.
M. Mahoney and P. Chan, “Detecting Novel Attacks by Identifying Anomalous Network Packet Headers,”Technical Report CS-2001-2, Florida Institute of Technology, Melbourne, FL, 2001.
H. Debar et al., “Intrusion Detection Exchange Format Data Model,” Internet Engineering Task Force, Jun. 15, 2000.
Apap Frank
Eskin Eleazar
Honig Andrew
Shlomo Hershkop
Stolfo Salvatore J.
Baker & Botts LLP
Revak Christopher A
The Trustees of Columbia University in the City of New York
LandOfFree
System and methods for detecting intrusions in a computer... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and methods for detecting intrusions in a computer..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and methods for detecting intrusions in a computer... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4041899