Information security – Monitoring or scanning of software or data including attack... – Vulnerability assessment
Reexamination Certificate
2006-03-10
2010-06-08
Arani, Taghi T (Department: 2438)
Information security
Monitoring or scanning of software or data including attack...
Vulnerability assessment
C726S022000, C726S023000, C726S024000, C709S223000, C709S224000
Reexamination Certificate
active
07735141
ABSTRACT:
Disclosed is a system for correlating intrusion events using attack graph distances. The system includes an attack graph generator, an exploit distance calculator, an intrusion detector, an event report/exploit associator, an event graph creator, an event graph distance calculator, a correlation value calculator, and a coordinated attack analyzer. An attack graph is constructed for exploits and conditions in a network. The exploit distance calculator determines exploit distances for exploit pair(s). The intrusion detector generates event. Events are associated with exploits. Event graph distances are calculated. Correlation values are calculated for event pair(s) using event graph distances. The correlation values are analyzed using a correlation threshold to detect coordinated attacks.
REFERENCES:
patent: 7039953 (2006-05-01), Black et al.
patent: 2003/0097588 (2003-05-01), Fischman et al.
patent: 2006/0041659 (2006-02-01), Hasan et al.
patent: 2006/0059557 (2006-03-01), Markham et al.
patent: 2006/0070128 (2006-03-01), Heimerdinger et al.
Constructing Attack Scenarios through Correlation of Intrusion Alerts by Ning et al; Publisher: ACM; Date: Nov. 18-22, 2002.
Alert Correlation in a Cooperative Intrusion Detection Framework by Cuppens et al; Publisher: IEEE; Year: 2002.
High Speed and Robust Event Correlation by Yemini et al; Publisher: IEEE; Year: May 1996.
Building Attack Scenarios through Integration of Complementary Alert Correlation Methods teaches by Ning et al; Publisher: NDSS; Year: 2004.
Efficient Minimum-Cost Network Hardening Via Exploit Dependence Graphs by Noel et al; Publisher: IEEE; Year:2003.
Automated Generation and Analysis of Attack Graphs by Sheyner et al; Publisher: IEEE; Year: 2002.
Using Model Checking to Analyze Network Vulnerabilities by Ammann et al; Publisher: IEEE; Year: 2002.
Jajodie Sushil
Noel Steven E.
Robertson Eric B.
Arani Taghi T
Grossman David G.
Herzog Madhuri
LandOfFree
Intrusion event correlator does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Intrusion event correlator, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Intrusion event correlator will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4243426