Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2007-01-30
2007-01-30
Vu, Kim (Department: 2135)
Information security
Monitoring or scanning of software or data including attack...
Reexamination Certificate
active
10080574
ABSTRACT:
A system and method for declaring alert indications that occur in an enterprise comprising translating a number of device outputs into a common format event using a number of translation files, and generating a number of knowledge-containing common format events based on matches between the common format events and knowledge base tables. A set of rules determines whether the knowledge base common format events rise to an alert indication for further automated correlation and analysis.
REFERENCES:
patent: 4864492 (1989-09-01), Blakely-Fogel et al.
patent: 5893083 (1999-04-01), Eshghi et al.
patent: 6134664 (2000-10-01), Walker
patent: 6208720 (2001-03-01), Curtis et al.
patent: 6212649 (2001-04-01), Yalowitz et al.
patent: 6266773 (2001-07-01), Kisor et al.
patent: 6298445 (2001-10-01), Shostack et al.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6484203 (2002-11-01), Porras et al.
patent: 2002/0019945 (2002-02-01), Houston et al.
patent: 2002/0083168 (2002-06-01), Sweeney et al.
patent: 2004/0250133 (2004-12-01), Lim
Barrus, J., “Intrusion Detection in Real Time in a Multi-Node, Multi-Host Environment”, Master's Thesis, Naval Postgraduate School, Monterey, CA, i-xii, pp. 1-79, Sep. 1997.
“SNIA CIM Interoperability Demonstration Backgrounder”, Storage Networking Industry Association, pp. 1-2, 2002.
“SNIA Storage Management Initiative CIM/WBEM Technology Backgrounder”, Storage Networking Industry Association, pp. 1-2, 2002.
Hughes, K. and Wohlferd, D., “Say Goodbye to Quirky APIs: Building a WMI Provider to Expose Your Object Info”, pp. 1-16 [online]. Retrieved on Dec. 24, 2002. Retrieved from the internet: URL:http://msdn.microsoft.com/msdnmag/issues/0500/wmiprov/print.asp.
“Common Information Model(CIM)Specification”, Version 2.2, Distributed Management Task Force, Inc., Portland, OR, pp. I-VI, 1-97, Jun. 14, 1999.
Davis, J., “WBEM Services Specification JSR-0048”, Java One, Sun's 2001 Worlwide Java Developer Conference, pp. 1-19, 2001.
Bhat, G., “WBEM Services API and Examples”, Java One, Sun's 2001 Worldwide Java Developer Conference, pp. 20-29, 2001.
Westerinen, A., “Modeling Information In CIM”, Java One, Sun's 2001 Worldwide Java Developer Conference, pp. 31-43, 2001.
Ptacek, T. and Newsham, T., “Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection”, Secure Networks, Inc., pp. 1-63, Jan. 1998.
Yang, J., Ning, P., Wang, X., and Jajodia, S., “Cards: A Distributed System For Detecting Coordinated Attacks”, Center for Secure Information Systems, George Mason University, Fairfax, VA, pp. 1-10.
Magers, D., “Packet Sniffing: An Integral Part of Network Defense”, 9 pgs., May 9, 2002.
King, N. and Weiss, E., “Network Forensics Analysis Tools(NFATs)Reveal Insecurities, Turn Sysadmins Into Systems Detectives”, Information Security, 8 pgs., Feb. 2002.
Trenum, G., “Practical Requirement for Level 2 IDIC Exam”, 15 pgs.
Shimomura, T., “Tsutomu Shimomura's Newsgroup Posting With Technical Detail of the Attack Described by Markoff in NYT”,Random Access, 10 pgs., Oct. 12, 1997.
“Dragon 5, An Intrusion Detection System for the Enterprise”, 5 pgs.
Stevens, W.,The Protocols, TCP/IP Illustrated, vol. 1, Addison Wesley Longman, Inc., Reading, MA, pp. vii-xii, 7, 8, 1994.
Sinclair, C., Pierce, L., and Matzner, S., “An Application of Machine Learning to Network Intrusion Detection”, The University of Texas at Austin, Austin, TX, pp. 1-7.
Butterworth, J., “Practical Portion Of Intrusion Detection Immersion Curriculum”, 10 pgs.
Kobi, H., “Beyond SNMP: The Benefits of Collecting Network Event Logs”, Technical White Paper, Network Intelligence® Corporation, Walpole, MA, pp. 1-10, Jun. 2002.
Harp, S., Geib, C., Goldman, R., Heimerdinger, W., Thomas, V., and R.A. Kemmerer Associates, “Argus: An Architecture for Cooperating Intrusion Detection and Mitigation Applications”, Honeywell Technology Center, 18 pgs.
Barrus, J. and Rowe, N., “A Distributed Autonomous-Agent Network-Intrusion Detection and Response System”, Proceedings of the 1998 Command and Control Research and Technology Symposium, Monterey, CA, Jun.-Jul. 1998, 12 pgs.
Frincke, D., Tobin, D., McConnell, J., Marconi, J., and Polla, D., “A Framework for Cooperative Intrusion Detection”, Center for Secure and Dependable Software, University of Idaho, Moscow, ID, 13 pgs, 1998.
“Managing Your Network With HP OpenView Network Node Manager”, Hewlett-Packard Company, Fort Collins, CO, pp. 1-675, May 2002.
“HP OpenView Communications Event Correlation Services Developer's Guide and Reference”, Hewlett-Packard Company, Fort Collins, CO, pp. 1-150, Apr. 2001.
“HP OpenView Communications Event Correlation Services SNMP Module”, Hewlett-Packard Company, Fort Collins, CO, pp. 1-62, Apr. 2001.
“HP OpenView Communications Event Correlation Services Administrator's Guide”, Hewlett-Packard Company, Fort Collins, CO, pp. 1-121, Apr. 2001.
Beavers, J., U.S. Appl. No. 10/082,235, filed on Feb. 26, 2002, entitled “System Method for Managing Alert Indications in an Enterprise”, 46 pgs total.
Beavers, J., U.S. Appl. No. 10/800,059, filed on Mar. 12, 2004, entitled “Method and Structures for Preparing Generic Rules for a Security Rules Processor”, 49 pgs total.
Gunnison McKay & Hodgson, L.L.P.
Hodgson Serge J.
Patel Nirav
Symantec Corporation
Vu Kim
LandOfFree
System and method for tracking and filtering alerts in an... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for tracking and filtering alerts in an..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for tracking and filtering alerts in an... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3752139