Electrical computers and digital processing systems: support – Computer program modification detection by cryptography
Reexamination Certificate
2006-04-18
2006-04-18
Morse, Gregory (Department: 2134)
Electrical computers and digital processing systems: support
Computer program modification detection by cryptography
C713S176000, C713S188000, C726S024000
Reexamination Certificate
active
07032114
ABSTRACT:
A system and method are disclosed for detecting intrusions in a host system on a network. The intrusion detection system comprises an analysis engine configured to use continuations and apply forward- and backward-chaining using rules. Also provided are sensors, which communicate with the analysis engine using a meta-protocol in which the data packet comprises a 4-tuple. A configuration discovery mechanism locates host system files and communicates the locations to the analysis engine. A file processing mechanism matches contents of a deleted file to a directory or filename, and a directory processing mechanism extracts deallocated directory entries from a directory, creating a partial ordering of the entries. A signature checking mechanism computes the signature of a file and compares it to previously computed signatures. A buffer overflow attack detector compares access times of commands and their associated files. The intrusion detection system further includes a mechanism for checking timestamps to identify and analyze forward and backward time steps in a log file.
REFERENCES:
patent: 5349655 (1994-09-01), Mann
patent: 5530757 (1996-06-01), Krawczyk
patent: 5572590 (1996-11-01), Chess
patent: 5574898 (1996-11-01), Leblang et al.
patent: 5621889 (1997-04-01), Lermuzeaux et al.
patent: 5638509 (1997-06-01), Dunphy et al.
patent: 5649194 (1997-07-01), Miller et al.
patent: 5680585 (1997-10-01), Bruell
patent: 5692047 (1997-11-01), McManis
patent: 5724569 (1998-03-01), Andres
patent: 5757913 (1998-05-01), Bellare et al.
patent: 5778070 (1998-07-01), Mattison
patent: 5826013 (1998-10-01), Nachenberg
patent: 5844986 (1998-12-01), Davis
patent: 5978791 (1999-11-01), Farber et al.
patent: 6009524 (1999-12-01), Olarig et al.
patent: 6021491 (2000-02-01), Renaud
patent: 6253323 (2001-06-01), Cox et al.
patent: 6256393 (2001-07-01), Safadi et al.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6351811 (2002-02-01), Groshon et al.
patent: 6367029 (2002-04-01), Mayhead et al.
patent: 6484203 (2002-11-01), Porras et al.
patent: 6704874 (2004-03-01), Porras et al.
patent: 6708212 (2004-03-01), Porras et al.
patent: 6711615 (2004-03-01), Porras et al.
patent: 6742121 (2004-05-01), Safadi
patent: 6757717 (2004-06-01), Goldstein
patent: 6804778 (2004-10-01), Levi et al.
patent: 2002/0157021 (2002-10-01), Sorkin et al.
Rebecca Bace, Introduction to Intrusion Detection Assesment, no date, for System and Network Security Management.
Gene H. Kim and Eugene H. Spafford, Writing, Supporting and Evaluating Tripwire: A Publically Available Security Tool, Mar. 12, 1994, Purdue Technical Report; Purdue University.
Douglas B. Moran et al., DERBI: Diagnosis, Explanation and Recovery From Break-Ins, no date, Artificial Intelligence Center SRI International.
Mabry Tyson, Ph.D., Explaining and Recovering From Computer Break-Ins, Jan. 12, 2001, SRI International.
Aleph One, Smashing the Stack for Fun and Profit, no date, vol. Seven, Issue Forty-Nine; File 14 of 16 of BugTraq, r00t, and Underground.Org.
Donald C. Latham, Department of Defence Trusted Computer System Evaluation Criteria, Dec. 1985, Department of Defense Standard.
James P. Anderson Co., Computer Security Threat Monitoring and Surveillance, Feb. 26, 1980, Contract 79F296400.
Teresa F. Hunt et al., A Real-Time Intrusion-Detection Expert System (IDES), Feb. 28, 1992, SRI International Project 6784.
Andrew H. Gross,Analysing Computer Intrusions, Ph.D. thesis, Electrical and Computer Engineering (Communication Theory and Systems), San Diego Supercomputer Center, University of California, San Diego, 1997.
Heneghan Matthew
Morse Gregory
Symantec Corporation
Van Pelt & Yi & James LLP
LandOfFree
System and method for using signatures to detect computer... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for using signatures to detect computer..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for using signatures to detect computer... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3541119