Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2007-08-21
2007-08-21
Song, Hosuk (Department: 2135)
Information security
Monitoring or scanning of software or data including attack...
C726S023000, C726S025000
Reexamination Certificate
active
10655062
ABSTRACT:
A network security system is provided that receives information from various sensors and can analyse the received information. In one embodiment of the present invention, such a system receives a security event from a software agent. The received security event includes a target address and an event signature, as generated by the software agent. The event signature can be used to determine a set of vulnerabilities exploited by the received security event, and the target address can be used to identify a target asset within the network. By accessing a model of the target asset, a set of vulnerabilities exposed by the target asset can be retrieved. Then, a threat can be detected by comparing the set of vulnerabilities exploited by the security event to the set of vulnerabilities exposed by the target asset.
REFERENCES:
patent: 5717919 (1998-02-01), Kodavalla et al.
patent: 6088804 (2000-07-01), Hill et al.
patent: 6134664 (2000-10-01), Walker
patent: 6192034 (2001-02-01), Hsieh et al.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6408391 (2002-06-01), Huff et al.
patent: 6408404 (2002-06-01), Ladwig
patent: 6484203 (2002-11-01), Porras et al.
patent: 6694362 (2004-02-01), Secor et al.
patent: 6704874 (2004-03-01), Porras et al.
patent: 6708212 (2004-03-01), Porras et al.
patent: 6711615 (2004-03-01), Porras et al.
patent: 6839850 (2005-01-01), Campbell et al.
patent: 6966015 (2005-11-01), Steinberg et al.
patent: 6988208 (2006-01-01), Hrabik et al.
patent: 7043727 (2006-05-01), Bennett et al.
patent: 2002/0099958 (2002-07-01), Hrabik et al.
patent: 2003/0093514 (2003-05-01), Valdes et al.
patent: 2003/0093692 (2003-05-01), Porras
patent: 2003/0101358 (2003-05-01), Porras et al.
patent: 2004/0010718 (2004-01-01), Porras et al.
patent: 2004/0024864 (2004-02-01), Porras et al.
patent: 2004/0044912 (2004-03-01), Connary et al.
patent: 2004/0221191 (2004-11-01), Porras et al.
patent: 2005/0027845 (2005-02-01), Secor et al.
patent: 2005/0204404 (2005-09-01), Hrabik et al.
patent: 2006/0069956 (2006-03-01), Steinberg et al.
patent: WO 2002/045315 (2002-06-01), None
patent: WO 02/060117 (2002-08-01), None
patent: WO 2002/078262 (2002-10-01), None
patent: WO 2002/101988 (2002-12-01), None
patent: WO 2003/009531 (2003-01-01), None
patent: WO 2004/019186 (2004-03-01), None
ARCSIGHT, “About ArcSight Team,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/about—team.html>.
ARCSIGHT, “About Overview,” Oct. 14, 2002, [online] [Retrieved on Apr. 21, 2006] Retrieved from the Internet <URL: http://web.archive.org/web/20021014041614/http://www.arcsight.com/about.htm>.
ARCSIGHT, “Contact Info,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/contact.htm>.
ARCSIGHT, “Enterprise Coverage: Technology Architecture,” date unknown, [online] Retrieved from the Internet <URL: http://www.snaiso.com/Documentation/Arcsight/arcsight—archdta.pdf622 .
ARCSIGHT, “Managed Process: ArcSight Reporting System,” date unknown, [online] Retrieved from the Internet <URL: http://www.snaiso.com/Documentation/Arcsight/arcsight—reportsys.pdf>.
ARCSIGHT, “Managed Process: Console-Based Management,” date unknown, [online] Retrieved from the Internet <URL: http://www.snaiso.com/Documentation/Arcsight/arcsight—console.pdf>.
ARCSIGHT, “Precision Intelligence: SmartRules™ and Cross-Correlation,” date unknown, [online] Retrieved from the Internet <URL: http://www.snaiso.com/Documentation/Arcsight/arcsight—correlation.pdf>.
ARCSIGHT, “Precision Intelligence: SmartAgent™,” date unknown, [online] Retrieved from the Internet <URL: http://www.ossmanagement.com/SmartAgent.pdf>.
ARCSIGHT, “Product Info: Product Overview and Architecture,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/product.htm>.
ARCSIGHT, “Product Info: 360° Intelligence Yields Precision Risk Management,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/product—info01.htm>.
ARCSIGHT, “Product Info: ArcSight AmsrtAgents,” Oct. 10, 2002, [online] [Retrieved on Apr. 21, 2006] Retrieved from the Internet <URL:http://web.archive.org/web/20021010135236/http://www.arcsight.com/product—info02.htm>.
ARCSIGHT, “Product Info: ArcSight Cross-Device Correlation,” date unknown, [online] [Retrieved on Oct. 25, 2005]Retrieved from the Internet <URL: http://www.arcsight.com/product—info03.htm>.
ARCSIGHT, “Product Info: ArcSight Manager,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/product—info04.htm>.
ARCSIGHT, “Product Info: ArcSight Console,” data unknown, [online] [Retrieved on Nov. 15, 2002] Retrieved from the Internet <URL: http:www.arcsight.com/product—info05.htm>.
ARCSIGHT, “Product Info: ArcSight Reporting System,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http:www.arcsight/com/product—info06.htm>.
ARCSIGHT, “Product Info: Enterprise Scalling,” date unknown [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/product—info07.htm>.
ARCSIGHT, “Security Management for the Enterprise,” 2002, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http:www.arcsight.com/>.
ARCSIGHT, “Technical Brief: How Correlation Eliminates False Positives,” date unknown, source unknown.
Burleson, D., “Taking Advantage of Object Partioning in Oracle8i,” Nov. 8, 2000, [online] [Retrieved on Apr. 20, 2004] Retrieved from the Internet <URL: http://www.dba-oracle.com/art—partit.htm>.
Derodeff, C. “Got Correlation? Not Without Normalization,” 2002, [online] Retrieved from the Internet <URL: http://www.svic.com/papers/pdf/Got-Correlation—mnalization.prf>.
Cheung, S. et al., “EMERALD Intrusion Incident Report: 601 Message Specification,” Aug. 10, 2000, System Design Laboratory, SRI International.
National Institute of Standards and Technology (NIST), “Federal Information Processing Standards Publication (FIPS PUB) 199: Standards for Security Categorization of Federal Information and Information Systems”, Feb. 2004.
Haley Enterprise, “Production Systems,” 2002, [online] [Retrieved on Oct. 29, 2002] Retrieved from the Internet <URL: http://www.haley.com/0072567836705810/ProductionSystems.html>.
Haley Enterprise, “The Rete Algorithm,” 2002, [online] [Retrieved on Oct. 29, 2002] Retrieved from the Internet <URL: http://www.haley.com/0072567836705810/ReteAlgorithm.html>.
Haley Enterprise, “A Rules Engine for Java Based on the Rate Algorithm,” 2002, [online] [Retrieved on Oct. 29, 2002] Retrieved from the Internet <URL: http://www.haley.com/0072567836705810/ReteAlgorithmForRules.html>.
Halme, L.R. et al., “AINT Misbehaving: A Taxonomy of Anti-Intrusion Techniques,” 2000, [online] [Retrieved on Nov. 1, 2002] Retrieved from the Internet <URL: http://www.sans.org
ewlook/resources/IDFAQ/aint.htm>.
Lindqvist, U. et al., “Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset (P-BEST),” Proceedings of the IEEE Symposium on Security and Privacy, Oakland, California, May 9-12, 1999.
CERT Coordination Center, “Overview of Attack Trends,” 2002, [online] Retrieved from the Internet <URL: http://www.cert.org/archive/pdf/attack—trends.pdf>
Dash Debabrata
Kothari Pravin S.
Njemanze Hugh S.
Saurabh Kumar
Tidwell Kenny
ArcSight, Inc.
Fenwick & West LLP
Song Hosuk
LandOfFree
Threat detection in a network security system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Threat detection in a network security system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Threat detection in a network security system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3891606