Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2011-03-08
2011-03-08
Song, Hosuk (Department: 2435)
Information security
Monitoring or scanning of software or data including attack...
C726S023000, C726S026000
Reexamination Certificate
active
07904959
ABSTRACT:
In accordance with some embodiments, systems and methods that protect an application from attacks are provided. In some embodiments, traffic from a communication network is received by an anomaly detection component. The anomaly detection component monitors the received traffic and routes the traffic either to the protected application or to a honeypot, where the honeypot shares all state information with the application. If the received traffic is routed to the honeypot, the honeypot monitors the traffic for an attack. If an attack occurs, the honeypot repairs the protected application (e.g., discarding any state changes incurred from the attack, reverting to previously saved state information, etc.).
REFERENCES:
patent: 6715084 (2004-03-01), Aaron et al.
patent: 7042852 (2006-05-01), Hrastar
patent: 7467408 (2008-12-01), O'Toole, Jr.
patent: 2003/0236990 (2003-12-01), Hrastar et al.
patent: 2006/0068755 (2006-03-01), Shraim et al.
patent: WO 99/55052 (1999-10-01), None
patent: WO 99/63727 (1999-12-01), None
patent: 2007/133178 (2007-11-01), None
Dreger, H. et al., “Enhancing the Accuracy of Network-based Intrusion Detection with the Host-based Context,” Proc. Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA) 2005.
Xu, J. et al., “Automatic Diagnosis and Response to Memory Corruption Vulnerabilities,” CCS'05, Nov. 7-11, 2005, Alexandria, Virginia, USA.
Liang, Z. et al., “Fast and Automated Generation of Attack Signatures: A Basis for Building Self-Protecting Servers,” CCS'05, Nov. 7-11, 2005, Alexandria, Virginia, USA.
Provos, N., “SpyBye launches—SpyBye: Finding Malware,” http://www.spybye.org/index.php?/archives/2-SpyBye-launches.html, Feb. 17, 2007.
Provos, N., “Decoding Javascript and Why We Like Our Browser—SpyBye: Finding Malware,” http://www.spybye.org/index.php?/archives/6-Decoding-Javascript-and-Why-We-Like-Our-Browsers.html, Feb. 22, 2007.
Provos, N., “Anatomy of a typical exploit—SpyBye: Finding Malware,” http://www.spybye.org/index.php?/archives/5-Anatomy-of-a-typical-exploit.html, Feb. 19, 2007.
International Search Report and Written Opinion issued for International Patent Application No. PCT/US2006/014704.
International Preliminary Report on Patentability issued for International Patent Application No. PCT/US2006/014704.
Using Network-Based Application Recognition and ACLs for Blocking the “Code Red” Worm. Technical report, Cisco Systems, Inc., updated Aug. 2, 2006.
CERT Advisory CA-2001-19: ‘Code Red’ Worm Exploiting Buffer Overflow in IIS Indexing Service DLL. http://www.cert.org/advisories/CA-2001-19.html, Jul. 2001.
Cert Advisory. CA-2003-04: MS-SQL Server Worm. http://www.cert.org/advisories/CA-2003-04.html, Jan. 2003.
Microsoft Security Bulletin MS04-028: Buffer Overrun in JPEG Processing Could Allow Code Execution. http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx, Sep. 2004.
US-CERT Technical Cyber Security Alert TA04-217A: Multiple Vulnerabilities in libpng. http://www.us-cert.gov/cas/techalerts/TA04-217A.html, Aug. 2004.
P. Akritidis, K. Anagnostakis, and E. P. Markatos. Efficient content-based fingerprinting of zero-day worms. InProceedings of the IEEE International Conference on Communications(ICC), May 2005.
M. Bailey, E. Cooke, F. Jahanian, J. Nazario, and D. Watson. The Internet Motion Sensor: A Distributed Blackhole Monitoring System. InProceedings of the 12th ISOC Symposium on Network and Distributed Systems Security(SNDSS), pp. 167-179, Feb. 2005.
M. Bhattacharyya, M. G. Schultz, E. Eskin, S. Hershkop, and S. J. Stolfo. MET: An Experimental System for Malicious Email Tracking. InProceedings of the New Security Paradigms Workshop(NSPW), pp. 1-12, Sep. 2002.
C. Clark, W. Lee, D. Schimmel, D. Contis, M. Kone, and A. Thomas. A Hardware Platform for Network Intrusion Detection and Prevention. InProceedings of the 3rd Workshop on Network Processors and Applications(NP3), Feb. 2004.
E. Cook, M. Bailey, Z. M. Mao, and D. McPherson. Toward Understanding Distributed Blackhole Placement. InProceedings of the ACM Workshop on Rapid Malcode(WORM), pp. 54-64, Oct. 2004.
D. Dagon, X. Qin, G. Gu, W. Lee, J. Grizzard, J. Levine, and H. Owen. HoneyStat: Local Worm Detection Using Honepots. InProceedings of the 7th International Symposium on Recent Advances in Intrusion Detection(RAID), pp. 39-58, Oct. 2004.
E. N. Elnozahy, L. Alvisi, Y.-M.Wang, and D. B. Johnson. A survey of rollback-recovery protocols in message-passing systems.ACM Comput. Surv., 34(3):375-408, 2002.
J. Jung, V. Paxson, A. W. Berger, and H. Balakrishnan. Fast Portscan Detection Using Sequential Hypothesis Testing. InProceedings of the IEEE Symposium on Security and Privacy, May 2004.
J. E. Just, L. A. Clough, M. Danforth, K. N. Levitt, R. Maglich, J. C. Reynolds, and J. Rowe. Learning Unknown Attacks—A Start. InProceedings of the 5th International Symposium on Recent Advances in Intrusion Detection(RAID), Oct. 2002.
H. Kim and B. Karp. Autograph: Toward Automated, Distributed Worm Signature Detection. InProceedings of the 13th USENIX Security Symposium, pp. 271-286, Aug. 2004.
C. Kruegel, F. Valeur, G. Vigna, and R. Kemmerer. Stateful Intrusion Detection for High-Speed Networks. InProceedings of the IEEE Symposium on Security and Privacy, pp. 285-294, May 2002.
C. Kruegel and G. Vigna. Anomaly Detection of Web-based Attacks. InProceedings of the 10th ACM Conference on Computerand Communications Security(CCS), pp. 251-261, Oct. 2003.
J. G. Levine, J. B. Grizzard, and H. L. Owen. Using Honeynets to Protect Large Enterprise Networks.IEEE Security&Privacy, 2(6):73-75, Nov./Dec. 2004.
D. Malkhi and M. K. Reiter. Secure execution of java applets using a remote playground.IEEE Trans. Softw. Eng., 26(12):1197-1209, 2000.
A. J. Malton. The Denotational Semantics of a Functional Tree-Manipulation Language.Computer Languages, 19(3):157-168, 1993.
D. Moore, C. Shannon, G. Voelker, and S. Savage. Internet Quarantine: Requirements for Containing Self-Propagating Code. InProceedings of the IEEE Infocom Conference, Apr. 2003.
J. Newsome and D. Dong. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. InProceedings of the 12th ISOC Symposium on Network and Distributed System Security(SNDSS), pp. 221-237, Feb. 2005.
A. Pasupulati, J. Coit, K. Levitt, S. F. Wu, S. H. Li, J. C. Kuo, and K. P. Fan. Buttercup: On Network-based Detection of Polymorphic Buffer Overflow Vulnerabilities. InProceedings of the Network Operations and Management Symposium(NOMS), pp. 235-248, vol. 1, Apr. 2004.
J. Pincus and B. Baker. Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overflows.IEEE Security&Privacy, 2(4):20-27, Jul./Aug. 2004.
P. Porras, L. Briesemeister, K. Levitt, J. Rowe, and Y.-C. A. Ting. A Hybrid Quarantine Defense. InProceedings of the ACM Workshop on Rapid Malcode(WORM), pp. 73-82, Oct. 2004.
N. Provos. A Virtual Honeypot Framework. InProceedings of the 13th USENIX Security Symposium, pp. 1-14, Aug. 2004.
J. Reynolds, J. Just, E. Lawson, L. Clough, and R. Maglich. Online Intrusion Protection by Detecting Attacks with Diversity. InProceedings of the 16th Annual IFIP 11.3 Working Conference on Data and Application Security Conference, Apr. 2002.
J. C. Reynolds, J. Just, L. Clough, and R. Maglich. On-Line Intrusion Detection and Attack Prevention Using Diversity, Generate-and-Test, and Generalization. InProceedings of the 36th Annual Hawaii International Conference on System Sciences(HICSS), Jan. 2003.
J. C. Reynolds, J. Just, E. Lawson, L. Clough, and R. Maglich. The Design and Implementation of an Intrusion Tolerant System. InProceedings of the International Conference on Dependable Systems and Networks(DSN), Jun. 2002.
M. Roesch. Snort: Lightweight intrusion detection for networks. InProceedings of USENIX LISA, Nov. 1999. (software available from http://www.snort.org/).
L. Schaelicke, T. Slabach, B. Moore, and C. Freeland. Characterizing the P
Anagnostakis Kostas G.
Keromytis Angelos D.
Sidiroglou Stylianos
Byrne Poh LLP
Song Hosuk
The Trustees of Columbia University in the City of New York
LandOfFree
Systems and methods for detecting and inhibiting attacks... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Systems and methods for detecting and inhibiting attacks..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Systems and methods for detecting and inhibiting attacks... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2627107