Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2007-02-27
2007-02-27
Revak, Christopher (Department: 2131)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
Reexamination Certificate
active
10462462
ABSTRACT:
Detecting abnormal activity of a software system is based on behavioral information obtained from an instrumented computer program while it executes. As the program executes, it expresses information about the sequence and frequency with which program modules are called. Over time, this sequence and frequency defines the normal behavior of the program, and the information expressed on any given run is compared to this normal behavior. Statistical analysis of the differences between the normal behavior and the current run can be used to detect unauthorized or abusive use of the program. Program modules whose behavior is highly correlated can be grouped into a smaller number of virtual modules. Comparison between current and normal program behavior can then be made on the (smaller number of) virtual modules, thereby reducing the dimensionality of the problem of analyzing the differences between current and normal program behavior.
REFERENCES:
patent: 5067073 (1991-11-01), Andrews
patent: 5278901 (1994-01-01), Shieh et al.
patent: 5313616 (1994-05-01), Cline et al.
patent: 5355487 (1994-10-01), Keller et al.
patent: 5487131 (1996-01-01), Kassatly et al.
patent: 5499340 (1996-03-01), Barritz
patent: 5528753 (1996-06-01), Fortin
patent: 5539907 (1996-07-01), Srivastava et al.
patent: 5557742 (1996-09-01), Smaha et al.
patent: 5581482 (1996-12-01), Wiedenman et al.
patent: 5621889 (1997-04-01), Lermuzeaux et al.
patent: 5675711 (1997-10-01), Kephart et al.
patent: 5732273 (1998-03-01), Srivastava et al.
patent: 5790858 (1998-08-01), Vogel
patent: 5907834 (1999-05-01), Kephart et al.
patent: 5987250 (1999-11-01), Subrahmanyam
patent: 5991881 (1999-11-01), Conklin et al.
patent: 6009514 (1999-12-01), Henzinger et al.
patent: 6026236 (2000-02-01), Fortin et al.
patent: 6094530 (2000-07-01), Brandewie
patent: 6119236 (2000-09-01), Shipley
patent: 6226408 (2001-05-01), Sirosh
patent: 6282701 (2001-08-01), Wygodny et al.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6370648 (2002-04-01), Diep
Anderson, D. et al., “Next-generation intrusion detection expert system (NIDES),” Technical Report, Computer Science Laboratory, SRI International, Menlo Park, CA, SRI-CSL-95-07, May 1995, 1-37 (plus 6 additional pages).
Anderson, D. et al., “Detecting Unusual Program Behavior Using the Statistical Component of the Next-generation Intrusion Detection Expert System (NIDES),” SRI-CSL-95-06, SRI International, Menlo Park, CA, May 1995, 1-71, 73-75, 77 (plus 6 additional pages).
Aslam, T. et al., “Use of A Taxonomy of Security Faults,” Technical Report TR-96-051, COAST Lab., Purdue University, presented at 19th National Information Systems Security Conference, Sep. 1996, 1-10.
Ball, T. et al., “Optimally Profiling and Tracing Programs,” Technical Report #1031, University of Wisconsin, Computer Science Dep., Sep. 1991, 1-27.
Bishop, M., “A Standard Audit Log Format,”Proc. of the 18th National Information Systems Security Conference, 1995, 136-145.
Bishop, M., “Profiling Under UNIX by Patching,”Software-Practice and Exp., Oct. 1987, 17(10), 729-739.
Cannady, J., “Artificial Neural Networks for Misuse Detection,” School of Computer and Information Sciences, Nova Southeastern University, Oct. 1998, 1-14.
Cannady, J., “The Application of Artificial Neural Networks to Misuse Detection: Initial Results,” Georgia Tech Research Institute, Georgia Institute of Technology, Mar. 10, 1997, 1-13.
Crosbie, M. et al., “Defending a Computer System using Autonomous Agents,” Technical Report No. 95-022, COAST Laboratory, Dept. of Computer Sciences, Purdue University, Mar. 1994, 1-11.
Dasgupta, D. et al., “Novelty Detection in Time Series Data Using Ideas from Immunology,” 1995, 6 pages.
D'haeseleer, P. et al., “A Distributed Approach to Anomaly Detection,” Aug. 30, 1997, 30 pages.
D'haeseleer, P. et al., “An Immunology Approach to Change Detection: Algorithms, Analysis and Implications,”IEEE Symposium on Security and Privacy, 1996, 10 pages.
Denning, D., “An Intrusion-Detection Model,”IEEE Transactions on Software Engineering, Feb. 1987, 13(2), 222-232.
Elbaum, S. et al., “Intrusion Detection through Dynamic Software Measurement,”Proc. Usenix Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California, Apr. 9-12, 1999, 1-10.
Forrest, S. et al., “Computer Immunology,”Comm. of the ACM, Mar. 21, 1996, 18 pages.
Forrest, S. et al., “Self-Nonself Discrimination in a Computer,”Proceedings of IEEE Symposium on Research in Security and Privacy, 1994, 11 pages.
Frank, J., “Artificial Intelligence and Intrusion Detection: Current and Future Directions,” Division of Computer Science, University of California at Davis, Jun. 9, 1994, 1-12.
Graham, S.L. et al., “An Execution Profiler for Modular Programs,”Software-Practice and Exp.,1983, 13, 671-685.
Hall, R.J., “Call Path Profiling,”Proc. 14thInt'l Conf. Soft. Engineering, ACM, 1992, 296-306.
Halme, L. et al., “AINT misbehaving—a Taxonomy of Anti-intrusion Techniques,”Proc. of the 18th National Information Systems Security Conference, 1995, 13 pages.
Herringshaw, C., “Detecting Attacks on Networks,”Industry Trends,Dec. 1997, 16-17.
Hochberg, J. et al., “NADIR: An Automated System for Detecting Network Intrusion and Misuse,”Computers&Security, 1993, 12(3), 235-248.
Hofmeyr, S.A., “Intrusion Detection Using Sequences of System Calls,” Dec. 17, 1997, 41 pages.
Hofmeyr, S.A. et al., “Architecture for an Artificial Immune System,” 2000, 31 pages.
Ilgun, K., “USTAT: A Real-time Intrusion Detection System for UNIX,”Proc. of the IEEE Symposium on Research in Security and Privacy, May 24-26, 1993, 16-28.
Internet Security Systems, “Real-Time Attack Recognition and Response: A Solution for Tightening Network Security,” 1997, 1-13.
Javitz, H. et al., “The SRI IDES Statistical Anomaly Detector,”Proc. of the IEEE Symposium on Research in Security and Privacy, May 20-22, 1991, 316-326.
Johnson, “Profiling for Fun and Profit,”UNSENIX Winter '90 Conference Proceedings, 1990, 325-330.
Jonsson, E. et al. “A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior,”IEEE Transactions on Software Engineering, Apr. 1997, 23(4), 235-245.
Kumar, S. et al., “A Pattern Matching Model for Misuse Intrusion Detection,”Proc. of the 17th National Computer Security Conference, COAST Laboratory, Dept. of Computer Sciences, Purdue University, Oct. 1994, 11-21.
Kumar, S. et al., “A Software Architecture to Support Misuse Intrusion Detection,”Proc. 18th National Information Systems Security Conference, COAST Laboratory, Dept. of Computer Sciences, Purdue University, Mar. 1995, 1-17.
Lane, T. et al., “Sequence Matching and Learning in Anomaly Detection for Computer Security,” School of Electrical and Computer Engineering, Purdue University, 1997, 1-7.
Lankewicz, L. et al., “Real-Time Anomaly Detection Using a Nonparametric Pattern Recognition Approach,” Seventh Annual Computer Security Applications Conference, San Antonio, Texas, Dec. 2-6, 1991, 80-89.
Larus, J.R., “Abstract Execution: A Technique for Efficiently Tracing Programs,”Software-Practice and Experience, Dec. 1990, 20(12), 1241-1258.
Larus, J.R. et al., “Rewriting Executable Files to Measure Program Behavior,” Technical Report #1083, University of Wisconsin, Computer Science Dep., Mar. 25, 1992, 1-17.
Lunt, T., “A Survey of Intrusion Detection Techniques,”Computers&Security, 1993, 12, 405-418.
Mukherjee, B. et al., “Network Intrusion Detection,”IEEE Network, May/Jun. 1994, 8(3), 26-41.
Munson, J., “A Functional Approach to Software Reliability Modeling,” InQuality of Numeric
Cylant, Inc.
Judson David H.
Revak Christopher
LandOfFree
Method and system for establishing normal software system... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for establishing normal software system..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for establishing normal software system... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3814692