System, method and program product for identifying...

Information security – Policy

Reexamination Certificate

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C726S022000, C726S023000, C726S025000, C709S206000, C709S229000, C713S154000

Reexamination Certificate

active

08056115

ABSTRACT:
System, method and program product for generating an attack profile. A set of messages from a same source IP address sent to a plurality of different destination IP addresses of a same company during an interval of time is identified. Each of the messages contains a respective signature characteristic of a malicious message. First and second messages of the set that are correlated to each other as part of a same attack are determined based on frequency of occurrence of the first message, frequency of occurrence of the second message in the set and similarity in a number of occurrences of the first message in the set to a number of occurrences of the second message in the set. The first message has a first signature and the second message has a second, different signature. An attack profile based on a combination of the first and second messages is generated and recorded. A rule can be automatically generated to detect a combination of the first and second messages.

REFERENCES:
patent: 2002/0107953 (2002-08-01), Ontiveros et al.
patent: 2003/0004688 (2003-01-01), Gupta et al.
patent: 2003/0110393 (2003-06-01), Brock et al.
patent: 2004/0054924 (2004-03-01), Chuah et al.
patent: 2004/0177120 (2004-09-01), Kirsch
patent: 2005/0060643 (2005-03-01), Glass et al.
patent: 2005/0289649 (2005-12-01), Mitomo et al.
patent: 2006/0117386 (2006-06-01), Gupta et al.
patent: 2006/0137009 (2006-06-01), Chesla
Treinen et al., “A Framework for the Application of Association Rule Mining in Large Intrusion Detection Infrastructure,” RAID 2006 Conference in Hamburg, Germany, Sep. 20-22, 2006; 19 pages.

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

System, method and program product for identifying... does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with System, method and program product for identifying..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System, method and program product for identifying... will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-4294959

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.