Information security – Monitoring or scanning of software or data including attack... – Vulnerability assessment
Reexamination Certificate
2007-01-09
2007-01-09
Sheikh, Ayaz (Department: 2131)
Information security
Monitoring or scanning of software or data including attack...
Vulnerability assessment
C726S005000, C726S023000, C707S793000
Reexamination Certificate
active
10208402
ABSTRACT:
A system and methods of monitoring sequences of operations in a process running on a computer system. A probabilistic detection model is defined which is configured to determine a predictive probability of an occurrence of a final operation in the sequence of operations that is conditional on a calculated number of previous operations in the sequence of operations. The probabilistic detection model is trained from a plurality of predetermined sequences of operations to calculate the number of previous operations evaluated in the probabilistic detection model. The predictive probability for the final operation in the sequence of operations is determined by using the probabilistic detection model. If the predictive probability is below a predetermined threshold, the sequence of operations is identified as an intrusion. The probabilistic detection model may use sparse distribution trees to generate a model which determines the optimal number of previous operations to be evaluated (i.e., the window size) and position of wildcards. The system and methods may be used to monitor sequences of system calls, application function calls, and machine code instructions, for example.
REFERENCES:
patent: 6647400 (2003-11-01), Moran
patent: 6742124 (2004-05-01), Kilpatrick et al.
patent: 6963983 (2005-11-01), Munson et al.
patent: 2002/0138755 (2002-09-01), Ko
Yoram, Singer—Adaptive Mixtures of Probabilistic Transducers—AT&T Labratories—pp. 1-15.
Singer, Yoram—Adaptive Mixtures of Probabilistic Transducers—AT&T Laboratories—pp. 1-15.
Marceau, Carla—Characterizing the Behavior of a Program using multiple-length N-grams—Odyssey Research Associates—Ithaca, NY 14850.
Singer, Yoram and Pereira, Fernando—An Efficient Extention to Mixture Techniques for Prediction and Decision Trees—AT&T Laboratories.
N. Ye. “A Markov Chain Model of Temporal Behavior for Anomaly Detection,”Proceedings of the 2000 IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop, Jun. 6-7, 2000, pp. 171-174.
Y Singer. “Adaptive Mixtures Of Probabilistic Transducers.”Neural Computation, 1997, 9(8):pp. 1711-1734.
D. Ron, Y Singer, and N. Tishby. “The Power Of Amnesia: Learning Probabilistic Automata With Variable Memory Length.”Machine Learning, 1996, 25: pp. 117-150.
F. Pereira and Y Singer. “An Efficient Extension To Mixture Techniques For Prediction And Decision Trees.”—Machine Learning, 1999, 36(3): pp. 183-199.
C. Marceau. “Characterizing the Behavior of A Program Using Multiple-Length N-Grams.”Proceedings of the New Security Paradigms Workshop 2000, 2000, pp. 101-110.
W Lee and D. Xiang. “Information-Theoretic Measures For Anomaly Detection.”Proceedings of the 2001 IEEE Symposium on Security and Privacy, May 2001, pp. 1-17.
F. Provost, T. Fawcett, and R Kohavi. “The Case Against Accuracy Estimation For Comparing Induction Algorithms.”Proceedings of the Fifteenth International Conference on Machine Learning, Jul. 1998, pp. 1-9.
Kymie M. C. Tan, Roy A. Maxion: “‘Why 6?’ Defining the Operational Limits of stide, and Anomaly-Based Intrusion Detector.”IEEE Symposium on Security and Privacy 2002, May 12-15, 2002, pp. 188-201.
Eleazar Eskin, William Noble Grundy, Yoram Singer, “Protein Family Classification using Sparse Markov Transducers,”Proceedings of the Eight International Conference on Intelligent Systems for Molecular Biology, AAAI Press, Menlo Park, CA, 2000.
Matthew Schulz et al. “System And Method For Detection Of New Malicious Executables,” filed Jul. 30, 2000, U.S. Appl. No. 10/208,432.
U.S. Appl. No. 10/352,343, filed Jan. 27, 2003 claiming priority to U.S. Appl. No. 60/351,857, filed Jan. 25, 2001, entitled “Behavior Based Anomaly Detection For Host-Based Systems For Detection Of Intrusion In Computer Systems,” of Frank Apap, Andrew Honig, Shlomo Hershkop, Eleazar Eskin and Salvatore J. Stolfo.
U.S. Appl. No. 10/352,342, filed Jan. 27, 2003 claiming priority to U.S. Appl. No. 60/351,913, filed Jan. 25, 2002, entitled “Data Warehouse Architecture For Adaptive Model Generation Capability In Systems For Detecting Intrusion In Computer Systems,” of Salvatore J. Stolfo, Eleazar Eskin, Matthew Miller, Juxin Zhang and Zhi-Da Zhong.
U.S. Appl. No. 10/327,811, filed Dec. 19, 2002 claiming priority to U.S. Appl. No. 60/342,872, filed Dec. 20, 2001, entitled “System And Methods for Detecting A Denial-Of-Service Attack On A Computer System” of Salvatore J. Stolfo, Shlomo Hershkop, Rahul Bhan, Suhail Mohiuddin and Eleazar Eskin.
U.S. Appl. No. 10/320,259, filed Dec. 16, 2002 claiming priority to U.S. Appl. No. 60/328,682, filed Oct. 11, 2001 and U.S. Appl. No. 60/352,894, filed Jan. 29, 2002, entitled “Methods of Unsupervised Anomaly Detection Using A Geometric Framework” of Eleazer Eskin, Salvatore J. Stolfo and Leonid Portnoy.
U.S. Appl. No. 10/269,718, filed Oct. 11, 2002 claiming priority to U.S. Appl. No. 60/328,682, filed Oct. 11, 2001 and U.S. Appl. No. 60/340,198, filed Dec. 14, 2001, entitled “Methods For Cost-Sensitive Modeling For Intrusion Detection” of Salvatore J. Stolfo, Wenke Lee, Wei Fan and Matthew Miller.
U.S. Appl. No. 10/269,694, filed Oct. 11, 2002 claiming priority to U.S. Appl. No. 60/328,682, filed Oct. 11, 2001 and U.S. Appl. No. 60/339,952, filed Dec. 13, 2001, entitled “System And Methods For Anomaly Detection And Adaptive Learning” of Wei Fan, Salvatore J. Stolfo.
U.S. Appl. No. 10/222,632, filed Aug. 16, 2002 claiming priority to U.S. Appl. No. 60/312,703, filed Aug. 16, 2001 and U.S. Appl. No. 60/340,197, filed Dec. 14, 2001, entitled “System And Methods For Detecting Malicious Email Transmission” of Salvatore J. Stolfo, Eleazar Eskin, Manasi Bhattacharyya and Matthew G. Schultz.
Eskin Eleazar
Stolfo Salvatore J.
Baker & Botts L.L.P.
Sheikh Ayaz
Sherkat Arezoo
The Trustees of Columbia University in the City of New York
LandOfFree
System and methods for intrusion detection with dynamic... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and methods for intrusion detection with dynamic..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and methods for intrusion detection with dynamic... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3794729