Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2007-08-09
2010-12-28
Song, Hosuk (Department: 2435)
Information security
Monitoring or scanning of software or data including attack...
C726S023000, C726S025000
Reexamination Certificate
active
07861299
ABSTRACT:
A network security system is provided that receives information from various sensors and can analyze the received information. In one embodiment of the present invention, such a system receives a security event from a software agent. The received security event includes a target address and an event signature, as generated by the software agent. The event signature can be used to determine a set of vulnerabilities exploited by the received security event, and the target address can be used to identify a target asset within the network. By accessing a model of the target asset, a set of vulnerabilities exposed by the target asset can be retrieved. Then, a threat can be detected by comparing the set of vulnerabilities exploited by the security event to the set of vulnerabilities exposed by the target asset.
REFERENCES:
patent: 5557742 (1996-09-01), Smaha et al.
patent: 5717919 (1998-02-01), Kodavalla et al.
patent: 5850516 (1998-12-01), Schneier
patent: 5956404 (1999-09-01), Schneier et al.
patent: 5978475 (1999-11-01), Schneier et al.
patent: 6070244 (2000-05-01), Orchier et al.
patent: 6088804 (2000-07-01), Hill et al.
patent: 6134664 (2000-10-01), Walker
patent: 6192034 (2001-02-01), Hsieh et al.
patent: 6275942 (2001-08-01), Bernhard et al.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6324656 (2001-11-01), Gleichauf et al.
patent: 6408391 (2002-06-01), Huff et al.
patent: 6408404 (2002-06-01), Ladwig
patent: 6484203 (2002-11-01), Porras et al.
patent: 6542075 (2003-04-01), Barker et al.
patent: 6694362 (2004-02-01), Secor et al.
patent: 6704874 (2004-03-01), Porras et al.
patent: 6708212 (2004-03-01), Porras et al.
patent: 6711615 (2004-03-01), Porras et al.
patent: 6839850 (2005-01-01), Campbell et al.
patent: 6928556 (2005-08-01), Black et al.
patent: 6952779 (2005-10-01), Cohen et al.
patent: 6966015 (2005-11-01), Steinberg et al.
patent: 6985920 (2006-01-01), Bhattacharya et al.
patent: 6988208 (2006-01-01), Hrabik et al.
patent: 7039953 (2006-05-01), Black et al.
patent: 7043727 (2006-05-01), Bennett et al.
patent: 7089428 (2006-08-01), Farley et al.
patent: 7127743 (2006-10-01), Khanolkar et al.
patent: 7159237 (2007-01-01), Schneier et al.
patent: 7171689 (2007-01-01), Beavers
patent: 7219239 (2007-05-01), Njemanze et al.
patent: 7260844 (2007-08-01), Tidwell et al.
patent: 7278160 (2007-10-01), Black et al.
patent: 7308689 (2007-12-01), Black et al.
patent: 7333999 (2008-02-01), Njemanze
patent: 7376969 (2008-05-01), Njemanze et al.
patent: 7483972 (2009-01-01), Bhattacharya et al.
patent: 7644365 (2010-01-01), Bhattacharya et al.
patent: 2002/0019945 (2002-02-01), Houston et al.
patent: 2002/0099958 (2002-07-01), Hrabik et al.
patent: 2002/0104014 (2002-08-01), Zobel et al.
patent: 2002/0147803 (2002-10-01), Dodd et al.
patent: 2002/0184532 (2002-12-01), Hackenberger et al.
patent: 2003/0084349 (2003-05-01), Friedrichs et al.
patent: 2003/0093514 (2003-05-01), Valdes et al.
patent: 2003/0093692 (2003-05-01), Porras
patent: 2003/0101358 (2003-05-01), Porras et al.
patent: 2003/0188189 (2003-10-01), Desai et al.
patent: 2003/0221123 (2003-11-01), Beavers
patent: 2004/0010718 (2004-01-01), Porras et al.
patent: 2004/0024864 (2004-02-01), Porras et al.
patent: 2004/0044912 (2004-03-01), Connary et al.
patent: 2004/0221191 (2004-11-01), Porras et al.
patent: 2005/0027845 (2005-02-01), Secor et al.
patent: 2005/0204404 (2005-09-01), Hrabik et al.
patent: 2005/0251860 (2005-11-01), Saurabh et al.
patent: 2006/0069956 (2006-03-01), Steinberg et al.
patent: 2006/0095587 (2006-05-01), Bhattacharya et al.
patent: 2006/0212932 (2006-09-01), Patrick et al.
patent: 2007/0118905 (2007-05-01), Morin et al.
patent: 2007/0136437 (2007-06-01), Shankar et al.
patent: 2007/0150579 (2007-06-01), Morin et al.
patent: 2007/0162973 (2007-07-01), Schneier et al.
patent: 2007/0169038 (2007-07-01), Shankar et al.
patent: 2007/0234426 (2007-10-01), Khanolkar et al.
patent: 2007/0260931 (2007-11-01), Aguilar-Macias et al.
patent: 2008/0104046 (2008-05-01), Singla et al.
patent: 2008/0104276 (2008-05-01), Lahoti et al.
patent: 2008/0162592 (2008-07-01), Huang et al.
patent: 2008/0165000 (2008-07-01), Morin et al.
patent: 2010/0058165 (2010-03-01), Bhattacharya et al.
patent: WO 02/45315 (2002-06-01), None
patent: WO 02/060117 (2002-08-01), None
patent: WO 02/078262 (2002-10-01), None
patent: WO 02/101988 (2002-12-01), None
patent: WO 03/009531 (2003-01-01), None
patent: WO 2004/019186 (2004-03-01), None
patent: WO 2005/001655 (2005-01-01), None
patent: WO 2005/026900 (2005-03-01), None
Heberlein, L. T., et al., “A Method to Detect Intrusive Activity in a Networked Environment,” Proceedings of the Fourteenth National Computer Security Conference, NIST/NCSC, Oct. 1-4, 1991, Washington, D.C., pp. 362-371.
Javitz, H. S., et al., “The NIDES Statistical Component Description and Justification,” SRI Project 3131, Contract N00039-92-C-0015, Annual Report, A010, Mar. 7, 1994.
Jou, Y. F., et al., “Architecture Design of a Scalable Intrusion Detection System for the Emerging Network Infrastructure,” MCNC, Technical Report CDRL A005, Apr. 1997.
Porras, P. A., et al., “Live Traffic Analysis of TCP/IP Gateways,” Symposium on Networks and Distributed Systems Security, Internet Society, Mar. 1998.
Robinson, S. L., “Memorandum Opinion” inSRI International, Inc. v.Internet Security Systems, Inc. and Symantec Corporation(D. Del., Viv. No. 04-1199-SLR), Oct. 17, 2006.
Valdes, A., et al., “Statistical Methods for Computer Usage Anomaly Detection Using NIDES (Next-Generation Intrusion Detection Expert System),” Proceedings of the Third International Workship on Rough Sets and Soft Computing (RSSC 94), Jan. 27, 1995, San Jose, CA, pp. 306-311.
U.S. Appl. No. 60/405,921, filed Aug. 26, 2002, Gisby et al.
ArcSight, “About ArcSight Team,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/about—team.htm>.
ArcSight, “About Overview,” Oct. 14, 2002, [online] [Retrieved on Apr. 21, 2006] Retrieved from the Internet <URL: http://web.archive.org/web/20021014041614/http://www.arcsight.com/about.htm>.
ArcSight, “Contact Info,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/contact.htm>.
ArcSight, “Product Info: Product Overview and Architecture,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/product.htm>.
ArcSight, “Product Info: 360° Intelligence Yields Precision Risk Management,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/product—info01.htm>.
ArcSight, “Product Info: ArcSight SmartAgents,” Oct. 10, 2002, [online] [Retrieved on Apr. 21, 2006] Retrieved from the Internet <URL: http://web.archive.org/web/20021010135236/http://www.arcsight.com/product—info02.htm>.
ArcSight, “Product Info: ArcSight Cross-Device Correlation,” date unknown, [online] [Retrieved on Oct. 25, 2005] Retrieved from the Internet <URL: http://www.arcsight.com/product—info03.htm>.
ArcSight, “Product Info: ArcSight Manager,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/product—info04.htm>.
ArcSight, “Product Info: ArcSight Console,” date unknown, [online] [Retrieved on Nov. 15, 2002] Retrieved from the Internet <URL: http:www.arcsight.com/product—info05.htm>.
ArcSight, “Product Info: ArcSight Reporting System,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http:www.arcsight.com/product—info06.htm>.
ArcSight, “Product Info: Enterprise Scaling,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Int
Dash Debabrata
Kothari Pravin S.
Njemanze Hugh S.
Saurabh Kumar
Tidwell Kenny C.
ArcSight, Inc.
Fenwick & West LLP
Song Hosuk
LandOfFree
Threat detection in a network security system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Threat detection in a network security system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Threat detection in a network security system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4186108