Information security – Policy
Reexamination Certificate
2006-12-11
2011-11-08
Arani, Taghi (Department: 2438)
Information security
Policy
C726S022000, C726S023000, C726S025000, C709S206000, C709S229000, C713S154000
Reexamination Certificate
active
08056115
ABSTRACT:
System, method and program product for generating an attack profile. A set of messages from a same source IP address sent to a plurality of different destination IP addresses of a same company during an interval of time is identified. Each of the messages contains a respective signature characteristic of a malicious message. First and second messages of the set that are correlated to each other as part of a same attack are determined based on frequency of occurrence of the first message, frequency of occurrence of the second message in the set and similarity in a number of occurrences of the first message in the set to a number of occurrences of the second message in the set. The first message has a first signature and the second message has a second, different signature. An attack profile based on a combination of the first and second messages is generated and recorded. A rule can be automatically generated to detect a combination of the first and second messages.
REFERENCES:
patent: 2002/0107953 (2002-08-01), Ontiveros et al.
patent: 2003/0004688 (2003-01-01), Gupta et al.
patent: 2003/0110393 (2003-06-01), Brock et al.
patent: 2004/0054924 (2004-03-01), Chuah et al.
patent: 2004/0177120 (2004-09-01), Kirsch
patent: 2005/0060643 (2005-03-01), Glass et al.
patent: 2005/0289649 (2005-12-01), Mitomo et al.
patent: 2006/0117386 (2006-06-01), Gupta et al.
patent: 2006/0137009 (2006-06-01), Chesla
Treinen et al., “A Framework for the Application of Association Rule Mining in Large Intrusion Detection Infrastructure,” RAID 2006 Conference in Hamburg, Germany, Sep. 20-22, 2006; 19 pages.
Arani Taghi
International Business Machines - Corporation
Lee Jason
Samodovitz Arthur J.
LandOfFree
System, method and program product for identifying... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System, method and program product for identifying..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System, method and program product for identifying... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4294959