CA2144105A1 - Method and System for Detecting Intrusion Into and Misuse of a Data Processing System - Google Patents

Method and System for Detecting Intrusion Into and Misuse of a Data Processing System

Info

Publication number
CA2144105A1
CA2144105A1 CA2144105A CA2144105A CA2144105A1 CA 2144105 A1 CA2144105 A1 CA 2144105A1 CA 2144105 A CA2144105 A CA 2144105A CA 2144105 A CA2144105 A CA 2144105A CA 2144105 A1 CA2144105 A1 CA 2144105A1
Authority
CA
Canada
Prior art keywords
misuse
selectable
data structure
processing system
events
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CA2144105A
Other languages
French (fr)
Other versions
CA2144105C (en
Inventor
Stephen E. Smaha
Steven R. Snapp
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
McAfee LLC
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of CA2144105A1 publication Critical patent/CA2144105A1/en
Application granted granted Critical
Publication of CA2144105C publication Critical patent/CA2144105C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3466Performance evaluation by tracing or monitoring
    • G06F11/3476Data logging

Abstract

A processing system intrusion and misuse detection system and method includes instructions for and steps of processing system inputs into events and processing the events with reference to a set of selectable misuses in a misuse engine to produce one or more misuse outputs. The system and method convert processing system generated inputs to events by establishing an event data structure that stores the event. The event data structure includes authentication information, subject information, and object information. Processing system audit trail records, system log file data, and system security state data are extracted from the processing system to form the event data structure. A signature data structure stores signatures that the misuse engine compares and matches to selectable misuses. The signature data structure includes an initial state for each selectable misuse, an end state for each selectable misuse, one or more sets of transition functions for each selectable misuse, and one or more states for each selectable misuse, which can include the end state or the initial state. Furthermore, a misuse output and an index are provided such that for each selectable misuse element there is a mechanism for loading the signature data structure.
CA002144105A 1994-03-07 1995-03-07 Method and system for detecting intrusion into and misuse of a data processing system Expired - Lifetime CA2144105C (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US08/208,019 US5557742A (en) 1994-03-07 1994-03-07 Method and system for detecting intrusion into and misuse of a data processing system
US208,019 1994-03-07

Publications (2)

Publication Number Publication Date
CA2144105A1 true CA2144105A1 (en) 1995-09-08
CA2144105C CA2144105C (en) 1999-08-17

Family

ID=22772890

Family Applications (1)

Application Number Title Priority Date Filing Date
CA002144105A Expired - Lifetime CA2144105C (en) 1994-03-07 1995-03-07 Method and system for detecting intrusion into and misuse of a data processing system

Country Status (2)

Country Link
US (1) US5557742A (en)
CA (1) CA2144105C (en)

Families Citing this family (306)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5577209A (en) * 1991-07-11 1996-11-19 Itt Corporation Apparatus and method for providing multi-level security for communication among computers and terminals on a network
US6449377B1 (en) 1995-05-08 2002-09-10 Digimarc Corporation Methods and systems for watermark processing of line art images
US5748763A (en) 1993-11-18 1998-05-05 Digimarc Corporation Image steganography system featuring perceptually adaptive and globally scalable signal embedding
US7113615B2 (en) 1993-11-18 2006-09-26 Digimarc Corporation Watermark embedder and reader
US6549638B2 (en) * 1998-11-03 2003-04-15 Digimarc Corporation Methods for evidencing illicit use of a computer system or device
US7286684B2 (en) * 1994-03-17 2007-10-23 Digimarc Corporation Secure document design carrying auxiliary machine readable information
JP4095680B2 (en) * 1994-08-01 2008-06-04 富士通株式会社 Security management method for card type storage device and card type storage device
US6535618B1 (en) 1994-10-21 2003-03-18 Digimarc Corporation Image capture device with steganographic data embedding
US6948070B1 (en) * 1995-02-13 2005-09-20 Intertrust Technologies Corporation Systems and methods for secure transaction management and electronic rights protection
DE69637733D1 (en) 1995-02-13 2008-12-11 Intertrust Tech Corp SYSTEMS AND METHOD FOR SAFE TRANSMISSION
US7133845B1 (en) * 1995-02-13 2006-11-07 Intertrust Technologies Corp. System and methods for secure transaction management and electronic rights protection
US7095854B1 (en) * 1995-02-13 2006-08-22 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US7555139B2 (en) * 1995-05-08 2009-06-30 Digimarc Corporation Secure documents with hidden signals, and related methods and systems
US5748957A (en) * 1995-06-27 1998-05-05 Klein; Dean A. Computer system usage determination based on hard disk drive activity
US5943673A (en) * 1996-05-10 1999-08-24 General Signal Corporation Configuration programming system for a life safety network
US5798706A (en) * 1996-06-18 1998-08-25 Raptor Systems, Inc. Detecting unauthorized network communication
US5911777A (en) * 1996-07-05 1999-06-15 Ncr Corporation Method and apparatus for reporting unauthorized attempt to release a portable computer from a docking station
US6272538B1 (en) * 1996-07-30 2001-08-07 Micron Technology, Inc. Method and system for establishing a security perimeter in computer networks
US6993582B2 (en) * 1996-07-30 2006-01-31 Micron Technology Inc. Mixed enclave operation in a computer network
US5892903A (en) * 1996-09-12 1999-04-06 Internet Security Systems, Inc. Method and apparatus for detecting and identifying security vulnerabilities in an open network computer communication system
US5991881A (en) * 1996-11-08 1999-11-23 Harris Corporation Network surveillance system
US6058392A (en) * 1996-11-18 2000-05-02 Wesley C. Sampson Revocable Trust Method for the organizational indexing, storage, and retrieval of data according to data pattern signatures
US5796942A (en) * 1996-11-21 1998-08-18 Computer Associates International, Inc. Method and apparatus for automated network-wide surveillance and security breach intervention
US6574000B1 (en) * 1996-11-22 2003-06-03 Pitney Bowes Inc. System for the enhancement of information based indicia and postage security devices
US5911778A (en) * 1996-12-31 1999-06-15 Sun Microsystems, Inc. Processing system security
US6212636B1 (en) 1997-05-01 2001-04-03 Itt Manufacturing Enterprises Method for establishing trust in a computer network via association
US6220510B1 (en) * 1997-05-15 2001-04-24 Mondex International Limited Multi-application IC card with delegation feature
US5978475A (en) * 1997-07-18 1999-11-02 Counterpane Internet Security, Inc. Event auditing system
US6029144A (en) * 1997-08-29 2000-02-22 International Business Machines Corporation Compliance-to-policy detection method and system
US6442533B1 (en) 1997-10-29 2002-08-27 William H. Hinkle Multi-processing financial transaction processing system
US6094443A (en) * 1997-10-30 2000-07-25 Advanced Micro Devices, Inc. Apparatus and method for detecting a prescribed pattern in a data stream by selectively skipping groups of nonrelevant data bytes
US6055543A (en) * 1997-11-21 2000-04-25 Verano File wrapper containing cataloging information for content searching across multiple platforms
US6279113B1 (en) 1998-03-16 2001-08-21 Internet Tools, Inc. Dynamic signature inspection-based network intrusion detection
US6298445B1 (en) 1998-04-30 2001-10-02 Netect, Ltd. Computer security
GB2381911B (en) * 1998-05-06 2003-06-25 Prc Inc Dynamic system defense for information warfare
US6408391B1 (en) * 1998-05-06 2002-06-18 Prc Inc. Dynamic system defense for information warfare
US6275942B1 (en) * 1998-05-20 2001-08-14 Network Associates, Inc. System, method and computer program product for automatic response to computer system misuse using active response modules
US6347374B1 (en) 1998-06-05 2002-02-12 Intrusion.Com, Inc. Event detection
US6182223B1 (en) 1998-06-10 2001-01-30 International Business Machines Corporation Method and apparatus for preventing unauthorized access to computer-stored information
US6324656B1 (en) * 1998-06-30 2001-11-27 Cisco Technology, Inc. System and method for rules-driven multi-phase network vulnerability assessment
US6282546B1 (en) 1998-06-30 2001-08-28 Cisco Technology, Inc. System and method for real-time insertion of data into a multi-dimensional database for network intrusion detection and vulnerability assessment
US6134664A (en) * 1998-07-06 2000-10-17 Prc Inc. Method and system for reducing the volume of audit data and normalizing the audit data received from heterogeneous sources
US7047423B1 (en) * 1998-07-21 2006-05-16 Computer Associates Think, Inc. Information security analysis system
US6708211B1 (en) * 1998-10-22 2004-03-16 Evolutionary Vision Technology, Inc. Windows frame, dialog box, keyboard, device access and user environment real time ASC file signal tracking and control system based upon user activity
US8290202B2 (en) 1998-11-03 2012-10-16 Digimarc Corporation Methods utilizing steganography
US6321338B1 (en) 1998-11-09 2001-11-20 Sri International Network surveillance
US6530024B1 (en) 1998-11-20 2003-03-04 Centrax Corporation Adaptive feedback security system and method
US7181486B1 (en) 1998-12-07 2007-02-20 Network Ice Corporation Method and apparatus for remote installation of network drivers and software
WO2000034867A1 (en) 1998-12-09 2000-06-15 Network Ice Corporation A method and apparatus for providing network and computer system security
US6687353B1 (en) 1998-12-11 2004-02-03 Securelogix Corporation System and method for bringing an in-line device on-line and assuming control of calls
US6718024B1 (en) 1998-12-11 2004-04-06 Securelogix Corporation System and method to discriminate call content type
US7133511B2 (en) * 1998-12-11 2006-11-07 Securelogix Corporation Telephony security system
US6700964B2 (en) * 2001-07-23 2004-03-02 Securelogix Corporation Encapsulation, compression and encryption of PCM data
US6226372B1 (en) 1998-12-11 2001-05-01 Securelogix Corporation Tightly integrated cooperative telecommunications firewall and scanner with distributed capabilities
US6249575B1 (en) 1998-12-11 2001-06-19 Securelogix Corporation Telephony security system
US6760420B2 (en) * 2000-06-14 2004-07-06 Securelogix Corporation Telephony security system
AUPP776498A0 (en) 1998-12-17 1999-01-21 Portus Pty Ltd Local and remote monitoring using a standard web browser
US6574737B1 (en) 1998-12-23 2003-06-03 Symantec Corporation System for penetrating computer or computer network
US6301668B1 (en) 1998-12-29 2001-10-09 Cisco Technology, Inc. Method and system for adaptive network security using network vulnerability assessment
US6415321B1 (en) 1998-12-29 2002-07-02 Cisco Technology, Inc. Domain mapping method and system
US6499107B1 (en) 1998-12-29 2002-12-24 Cisco Technology, Inc. Method and system for adaptive network security using intelligent packet analysis
US6477651B1 (en) * 1999-01-08 2002-11-05 Cisco Technology, Inc. Intrusion detection system and method having dynamically loaded signatures
US6578147B1 (en) 1999-01-15 2003-06-10 Cisco Technology, Inc. Parallel intrusion detection sensors with load balancing for high speed networks
US6487666B1 (en) 1999-01-15 2002-11-26 Cisco Technology, Inc. Intrusion detection signature analysis using regular expressions and logical operators
US6954775B1 (en) 1999-01-15 2005-10-11 Cisco Technology, Inc. Parallel intrusion detection sensors with load balancing for high speed networks
US6484315B1 (en) 1999-02-01 2002-11-19 Cisco Technology, Inc. Method and system for dynamically distributing updates in a network
US6567917B1 (en) 1999-02-01 2003-05-20 Cisco Technology, Inc. Method and system for providing tamper-resistant executable software
US6839850B1 (en) 1999-03-04 2005-01-04 Prc, Inc. Method and system for detecting intrusion into and misuse of a data processing system
US6405318B1 (en) 1999-03-12 2002-06-11 Psionic Software, Inc. Intrusion detection system
US6609205B1 (en) * 1999-03-18 2003-08-19 Cisco Technology, Inc. Network intrusion detection signature analysis using decision graphs
US7240368B1 (en) * 1999-04-14 2007-07-03 Verizon Corporate Services Group Inc. Intrusion and misuse deterrence system employing a virtual network
US6564253B1 (en) * 1999-05-07 2003-05-13 Recording Industry Association Of America Content authorization system over networks including searching and reporting for unauthorized content locations
US6681331B1 (en) 1999-05-11 2004-01-20 Cylant, Inc. Dynamic software system intrusion detection
US7185367B2 (en) 1999-05-11 2007-02-27 Cylant, Inc. Method and system for establishing normal software system behavior and departures from normal behavior
US7096499B2 (en) * 1999-05-11 2006-08-22 Cylant, Inc. Method and system for simplifying the structure of dynamic execution profiles
WO2000070456A1 (en) * 1999-05-14 2000-11-23 Securelogix Corporation A distributed system and method for system identification and vulnerability scanning
GB2350704A (en) * 1999-06-02 2000-12-06 Nicholas Peter Carter Security system
US6910135B1 (en) * 1999-07-07 2005-06-21 Verizon Corporate Services Group Inc. Method and apparatus for an intruder detection reporting and response system
US7117532B1 (en) 1999-07-14 2006-10-03 Symantec Corporation System and method for generating fictitious content for a computer
US6981155B1 (en) 1999-07-14 2005-12-27 Symantec Corporation System and method for computer security
AU5935400A (en) 1999-07-14 2001-01-30 Recourse Technologies, Inc. System and method for protecting a computer network against denial of service attacks
US7346929B1 (en) 1999-07-29 2008-03-18 International Business Machines Corporation Method and apparatus for auditing network security
US7073198B1 (en) 1999-08-26 2006-07-04 Ncircle Network Security, Inc. Method and system for detecting a vulnerability in a network
US7065657B1 (en) * 1999-08-30 2006-06-20 Symantec Corporation Extensible intrusion detection system
US7203962B1 (en) 1999-08-30 2007-04-10 Symantec Corporation System and method for using timestamps to detect attacks
US7085936B1 (en) * 1999-08-30 2006-08-01 Symantec Corporation System and method for using login correlations to detect intrusions
US6826697B1 (en) * 1999-08-30 2004-11-30 Symantec Corporation System and method for detecting buffer overflow attacks
FR2798490B1 (en) * 1999-09-13 2001-10-26 Inst Nat Rech Inf Automat MODEL RESOLUTION METHOD AND DEVICE AND USE FOR DETECTING ATTACKS AGAINST COMPUTER SYSTEMS
US6880087B1 (en) 1999-10-08 2005-04-12 Cisco Technology, Inc. Binary state machine system and method for REGEX processing of a data stream in an intrusion detection system
IL132915A (en) 1999-11-14 2004-05-12 Networks Assoc Tech Inc Method for secure function execution by calling address validation
IL132916A (en) 1999-11-14 2004-02-08 Mcafee Inc Method and system for intercepting an application program interface
US7107347B1 (en) 1999-11-15 2006-09-12 Fred Cohen Method and apparatus for network deception/emulation
US8006243B2 (en) 1999-12-07 2011-08-23 International Business Machines Corporation Method and apparatus for remote installation of network drivers and software
US6597957B1 (en) 1999-12-20 2003-07-22 Cisco Technology, Inc. System and method for consolidating and sorting event data
US6775657B1 (en) 1999-12-22 2004-08-10 Cisco Technology, Inc. Multilayered intrusion detection system and method
US6957348B1 (en) * 2000-01-10 2005-10-18 Ncircle Network Security, Inc. Interoperability of vulnerability and intrusion detection systems
US7574740B1 (en) 2000-04-28 2009-08-11 International Business Machines Corporation Method and system for intrusion detection in a computer network
AU2001257400A1 (en) 2000-04-28 2001-11-12 Internet Security Systems, Inc. System and method for managing security events on a network
US7380272B2 (en) * 2000-05-17 2008-05-27 Deep Nines Incorporated System and method for detecting and eliminating IP spoofing in a data transmission network
AU2001264583A1 (en) * 2000-05-19 2001-12-03 E-Business Technology, Inc. Network security system and method to proactively establish and maintain consistent security posture across all enterprise computing assets
NL1015389C2 (en) * 2000-06-07 2001-12-10 Koninkl Kpn Nv Method and system for securing a data system.
US7024694B1 (en) * 2000-06-13 2006-04-04 Mcafee, Inc. Method and apparatus for content-based instrusion detection using an agile kernel-based auditor
US20040073617A1 (en) 2000-06-19 2004-04-15 Milliken Walter Clark Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail
US6470297B1 (en) 2000-06-21 2002-10-22 The United States Of America As Represented By The Director Of The National Security Agency Method of multi-dimensionally accentuating a deviation in information and identifying its cause
US7162649B1 (en) 2000-06-30 2007-01-09 Internet Security Systems, Inc. Method and apparatus for network assessment and authentication
JP2002041176A (en) * 2000-07-07 2002-02-08 Internatl Business Mach Corp <Ibm> Computer management method, information equipment, computer and storage medium
US7194764B2 (en) 2000-07-10 2007-03-20 Oracle International Corporation User authentication
US7464162B2 (en) 2000-07-10 2008-12-09 Oracle International Corporation Systems and methods for testing whether access to a resource is authorized based on access information
US8661539B2 (en) * 2000-07-10 2014-02-25 Oracle International Corporation Intrusion threat detection
US7124203B2 (en) 2000-07-10 2006-10-17 Oracle International Corporation Selective cache flushing in identity and access management systems
US9038170B2 (en) * 2000-07-10 2015-05-19 Oracle International Corporation Logging access system events
US7249369B2 (en) 2000-07-10 2007-07-24 Oracle International Corporation Post data processing
US6353385B1 (en) 2000-08-25 2002-03-05 Hyperon Incorporated Method and system for interfacing an intrusion detection system to a central alarm system
US9280667B1 (en) 2000-08-25 2016-03-08 Tripwire, Inc. Persistent host determination
US7181769B1 (en) * 2000-08-25 2007-02-20 Ncircle Network Security, Inc. Network security system having a device profiler communicatively coupled to a traffic monitor
US7917393B2 (en) * 2000-09-01 2011-03-29 Sri International, Inc. Probabilistic alert correlation
US7178166B1 (en) 2000-09-19 2007-02-13 Internet Security Systems, Inc. Vulnerability assessment and authentication of a computer by a local scanner
US20070192863A1 (en) * 2005-07-01 2007-08-16 Harsh Kapoor Systems and methods for processing data flows
US20020165947A1 (en) * 2000-09-25 2002-11-07 Crossbeam Systems, Inc. Network application apparatus
US20100042565A1 (en) * 2000-09-25 2010-02-18 Crossbeam Systems, Inc. Mezzazine in-depth data analysis facility
US8010469B2 (en) * 2000-09-25 2011-08-30 Crossbeam Systems, Inc. Systems and methods for processing data flows
US20110213869A1 (en) * 2000-09-25 2011-09-01 Yevgeny Korsunsky Processing data flows with a data flow processor
US20110214157A1 (en) * 2000-09-25 2011-09-01 Yevgeny Korsunsky Securing a network with data flow processing
US9800608B2 (en) 2000-09-25 2017-10-24 Symantec Corporation Processing data flows with a data flow processor
US20110219035A1 (en) * 2000-09-25 2011-09-08 Yevgeny Korsunsky Database security via data flow processing
US9525696B2 (en) 2000-09-25 2016-12-20 Blue Coat Systems, Inc. Systems and methods for processing data flows
US9027121B2 (en) * 2000-10-10 2015-05-05 International Business Machines Corporation Method and system for creating a record for one or more computer security incidents
US7146305B2 (en) 2000-10-24 2006-12-05 Vcis, Inc. Analytical virtual machine
US8150013B2 (en) * 2000-11-10 2012-04-03 Securelogix Corporation Telephony security system
US8630938B2 (en) * 2000-11-15 2014-01-14 Ebay Inc. Method and apparatus to detect fraudulent activities within a network-based auction facility
US6996845B1 (en) 2000-11-28 2006-02-07 S.P.I. Dynamics Incorporated Internet security analysis system and process
AU3054102A (en) * 2000-11-30 2002-06-11 Lancope Inc Flow-based detection of network intrusions
US7130466B2 (en) 2000-12-21 2006-10-31 Cobion Ag System and method for compiling images from a database and comparing the compiled images with known images
CA2436710C (en) * 2001-01-31 2011-06-14 Lancope, Inc. Network port profiling
US7290283B2 (en) * 2001-01-31 2007-10-30 Lancope, Inc. Network port profiling
AU2002243763A1 (en) 2001-01-31 2002-08-12 Internet Security Systems, Inc. Method and system for configuring and scheduling security audits of a computer network
US7185364B2 (en) 2001-03-21 2007-02-27 Oracle International Corporation Access system interface
US7068998B2 (en) * 2001-04-13 2006-06-27 Northrop Grumman Corp. Methodology for the detection of intrusion into radio frequency (RF) based networks including tactical data links and the tactical internet
US20020171546A1 (en) * 2001-04-18 2002-11-21 Evans Thomas P. Universal, customizable security system for computers and other devices
US20060265746A1 (en) * 2001-04-27 2006-11-23 Internet Security Systems, Inc. Method and system for managing computer security information
US7536715B2 (en) * 2001-05-25 2009-05-19 Secure Computing Corporation Distributed firewall system and method
US20020184533A1 (en) * 2001-05-30 2002-12-05 Fox Paul D. System and method for providing network security policy enforcement
US7237264B1 (en) 2001-06-04 2007-06-26 Internet Security Systems, Inc. System and method for preventing network misuse
US7624444B2 (en) * 2001-06-13 2009-11-24 Mcafee, Inc. Method and apparatus for detecting intrusions on a computer system
US7657419B2 (en) 2001-06-19 2010-02-02 International Business Machines Corporation Analytical virtual machine
US7231661B1 (en) 2001-06-21 2007-06-12 Oracle International Corporation Authorization services with external authentication
US7096503B1 (en) * 2001-06-29 2006-08-22 Mcafee, Inc. Network-based risk-assessment tool for remotely detecting local computer vulnerabilities
US20030014557A1 (en) * 2001-06-29 2003-01-16 Joubert Berger System and method for transforming operating system audit data to a desired format
US7904454B2 (en) 2001-07-16 2011-03-08 International Business Machines Corporation Database access security
US7299496B2 (en) 2001-08-14 2007-11-20 Illinois Institute Of Technology Detection of misuse of authorized access in an information retrieval system
US7657935B2 (en) * 2001-08-16 2010-02-02 The Trustees Of Columbia University In The City Of New York System and methods for detecting malicious email transmission
US7574501B2 (en) * 2001-09-25 2009-08-11 Siebel Systems, Inc. System and method for configuring and viewing audit trails in an information network
US7181765B2 (en) * 2001-10-12 2007-02-20 Motorola, Inc. Method and apparatus for providing node security in a router of a packet network
US20030074568A1 (en) * 2001-10-17 2003-04-17 Kinsella David J. Methods and apparatuses for performing secure transactions without transmitting biometric information
US20030084318A1 (en) * 2001-10-31 2003-05-01 Schertz Richard L. System and method of graphically correlating data for an intrusion protection system
US20030084344A1 (en) * 2001-10-31 2003-05-01 Tarquini Richard Paul Method and computer readable medium for suppressing execution of signature file directives during a network exploit
US7836503B2 (en) * 2001-10-31 2010-11-16 Hewlett-Packard Development Company, L.P. Node, method and computer readable medium for optimizing performance of signature rule matching in a network
US20030084340A1 (en) * 2001-10-31 2003-05-01 Schertz Richard L. System and method of graphically displaying data for an intrusion protection system
US7320142B1 (en) * 2001-11-09 2008-01-15 Cisco Technology, Inc. Method and system for configurable network intrusion detection
US7143444B2 (en) * 2001-11-28 2006-11-28 Sri International Application-layer anomaly and misuse detection
US7512980B2 (en) * 2001-11-30 2009-03-31 Lancope, Inc. Packet sampling flow-based detection of network intrusions
US7895326B2 (en) * 2002-03-25 2011-02-22 Lancope, Inc. Network service zone locking
US7225256B2 (en) 2001-11-30 2007-05-29 Oracle International Corporation Impersonation in an access system
US7475426B2 (en) * 2001-11-30 2009-01-06 Lancope, Inc. Flow-based detection of network intrusions
US7644151B2 (en) 2002-01-31 2010-01-05 Lancope, Inc. Network service zone locking
US8544087B1 (en) * 2001-12-14 2013-09-24 The Trustess Of Columbia University In The City Of New York Methods of unsupervised anomaly detection using a geometric framework
US9306966B2 (en) 2001-12-14 2016-04-05 The Trustees Of Columbia University In The City Of New York Methods of unsupervised anomaly detection using a geometric framework
US7398389B2 (en) 2001-12-20 2008-07-08 Coretrace Corporation Kernel-based network security infrastructure
WO2003058451A1 (en) 2002-01-04 2003-07-17 Internet Security Systems, Inc. System and method for the managed security control of processes on a computer system
US7225343B1 (en) 2002-01-25 2007-05-29 The Trustees Of Columbia University In The City Of New York System and methods for adaptive model generation for detecting intrusions in computer systems
US7529242B1 (en) 2002-02-15 2009-05-05 Symantec Corporation Routing network packets for multi-processor network flow analysis
US6941467B2 (en) * 2002-03-08 2005-09-06 Ciphertrust, Inc. Systems and methods for adaptive message interrogation through multiple queues
US8132250B2 (en) 2002-03-08 2012-03-06 Mcafee, Inc. Message profiling systems and methods
US8578480B2 (en) 2002-03-08 2013-11-05 Mcafee, Inc. Systems and methods for identifying potentially malicious messages
US7124438B2 (en) 2002-03-08 2006-10-17 Ciphertrust, Inc. Systems and methods for anomaly detection in patterns of monitored communications
US7694128B2 (en) 2002-03-08 2010-04-06 Mcafee, Inc. Systems and methods for secure communication delivery
US7903549B2 (en) 2002-03-08 2011-03-08 Secure Computing Corporation Content-based policy compliance systems and methods
US20060015942A1 (en) 2002-03-08 2006-01-19 Ciphertrust, Inc. Systems and methods for classification of messaging entities
US7870203B2 (en) 2002-03-08 2011-01-11 Mcafee, Inc. Methods and systems for exposing messaging reputation to an end user
US7693947B2 (en) 2002-03-08 2010-04-06 Mcafee, Inc. Systems and methods for graphically displaying messaging traffic
US20030172291A1 (en) 2002-03-08 2003-09-11 Paul Judge Systems and methods for automated whitelisting in monitored communications
US8561167B2 (en) 2002-03-08 2013-10-15 Mcafee, Inc. Web reputation scoring
US7458098B2 (en) 2002-03-08 2008-11-25 Secure Computing Corporation Systems and methods for enhancing electronic communication security
US7216260B2 (en) * 2002-03-27 2007-05-08 International Business Machines Corporation Method, system and program product for dynamically detecting errant data sequences and performing corresponding actions
US7370360B2 (en) 2002-05-13 2008-05-06 International Business Machines Corporation Computer immune system and method for detecting unwanted code in a P-code or partially compiled native-code program executing within a virtual machine
US6654882B1 (en) 2002-05-24 2003-11-25 Rackspace, Ltd Network security system protecting against disclosure of information to unauthorized agents
US7904955B1 (en) 2002-06-13 2011-03-08 Mcafee, Inc. Method and apparatus for detecting shellcode
US7203963B1 (en) 2002-06-13 2007-04-10 Mcafee, Inc. Method and apparatus for adaptively classifying network traffic
US7788718B1 (en) 2002-06-13 2010-08-31 Mcafee, Inc. Method and apparatus for detecting a distributed denial of service attack
US7519990B1 (en) 2002-07-19 2009-04-14 Fortinet, Inc. Managing network traffic flow
US7212950B2 (en) * 2002-09-18 2007-05-01 Onwafer Technologies, Inc. Methods and apparatus for equipment matching and characterization
US8407798B1 (en) 2002-10-01 2013-03-26 Skybox Secutiry Inc. Method for simulation aided security event management
US7506360B1 (en) 2002-10-01 2009-03-17 Mirage Networks, Inc. Tracking communication for determining device states
US7469418B1 (en) 2002-10-01 2008-12-23 Mirage Networks, Inc. Deterring network incursion
US8819285B1 (en) 2002-10-01 2014-08-26 Trustwave Holdings, Inc. System and method for managing network communications
US6952779B1 (en) 2002-10-01 2005-10-04 Gideon Cohen System and method for risk detection and analysis in a computer network
US7308706B2 (en) * 2002-10-28 2007-12-11 Secure Computing Corporation Associative policy model
US7761917B1 (en) 2002-11-21 2010-07-20 Vmware, Inc. Method and apparatus for the detection and prevention of intrusions, computer worms, and denial of service attacks
US7359930B2 (en) * 2002-11-21 2008-04-15 Arbor Networks System and method for managing computer networks
US7779113B1 (en) * 2002-11-25 2010-08-17 Oracle International Corporation Audit management system for networks
US7607169B1 (en) 2002-12-02 2009-10-20 Arcsight, Inc. User interface for network security console
US7788722B1 (en) * 2002-12-02 2010-08-31 Arcsight, Inc. Modular agent for network security intrusion detection system
US7899901B1 (en) * 2002-12-02 2011-03-01 Arcsight, Inc. Method and apparatus for exercising and debugging correlations for network security system
US8176527B1 (en) 2002-12-02 2012-05-08 Hewlett-Packard Development Company, L. P. Correlation engine with support for time-based rules
US7219239B1 (en) 2002-12-02 2007-05-15 Arcsight, Inc. Method for batching events for transmission by software agent
US7650638B1 (en) * 2002-12-02 2010-01-19 Arcsight, Inc. Network security monitoring system employing bi-directional communication
US7376969B1 (en) 2002-12-02 2008-05-20 Arcsight, Inc. Real time monitoring and analysis of events from multiple network security devices
US7941854B2 (en) * 2002-12-05 2011-05-10 International Business Machines Corporation Method and system for responding to a computer intrusion
US7552472B2 (en) * 2002-12-19 2009-06-23 International Business Machines Corporation Developing and assuring policy documents through a process of refinement and classification
US8229903B2 (en) * 2002-12-19 2012-07-24 International Business Machines Corporation Suggesting data interpretations and patterns for updating policy documents
US8239942B2 (en) * 2002-12-30 2012-08-07 Cisco Technology, Inc. Parallel intrusion detection sensors with load balancing for high speed networks
US7657937B1 (en) 2003-01-02 2010-02-02 Vmware, Inc. Method for customizing processing and response for intrusion prevention
US7409721B2 (en) * 2003-01-21 2008-08-05 Symantac Corporation Network risk analysis
US7913303B1 (en) 2003-01-21 2011-03-22 International Business Machines Corporation Method and system for dynamically protecting a computer system from attack
US7150044B2 (en) * 2003-03-10 2006-12-12 Mci, Llc Secure self-organizing and self-provisioning anomalous event detection systems
US8024795B2 (en) 2003-05-09 2011-09-20 Q1 Labs, Inc. Network intelligence system
US7681235B2 (en) * 2003-05-19 2010-03-16 Radware Ltd. Dynamic network protection
US7617526B2 (en) * 2003-05-20 2009-11-10 International Business Machines Corporation Blocking of spam e-mail at a firewall
US7464404B2 (en) * 2003-05-20 2008-12-09 International Business Machines Corporation Method of responding to a truncated secure session attack
US7308716B2 (en) * 2003-05-20 2007-12-11 International Business Machines Corporation Applying blocking measures progressively to malicious network traffic
US7260844B1 (en) 2003-09-03 2007-08-21 Arcsight, Inc. Threat detection in a network security system
US9027120B1 (en) 2003-10-10 2015-05-05 Hewlett-Packard Development Company, L.P. Hierarchical architecture in a network security system
US8015604B1 (en) 2003-10-10 2011-09-06 Arcsight Inc Hierarchical architecture in a network security system
US7464158B2 (en) 2003-10-15 2008-12-09 International Business Machines Corporation Secure initialization of intrusion detection system
US20050086529A1 (en) * 2003-10-21 2005-04-21 Yair Buchsbaum Detection of misuse or abuse of data by authorized access to database
US7657938B2 (en) 2003-10-28 2010-02-02 International Business Machines Corporation Method and system for protecting computer networks by altering unwanted network data traffic
US8356349B2 (en) * 2003-10-30 2013-01-15 Telecom Italia S.P.A. Method and system for intrusion prevention and deflection
US7565696B1 (en) 2003-12-10 2009-07-21 Arcsight, Inc. Synchronizing network security devices within a network security system
US7487542B2 (en) * 2004-01-14 2009-02-03 International Business Machines Corporation Intrusion detection using a network processor and a parallel pattern detection engine
US9978031B2 (en) 2004-02-13 2018-05-22 Fis Financial Compliance Solutions, Llc Systems and methods for monitoring and detecting fraudulent uses of business applications
US9026467B2 (en) * 2004-02-13 2015-05-05 Fis Financial Compliance Solutions, Llc Systems and methods for monitoring and detecting fraudulent uses of business applications
US8612479B2 (en) * 2004-02-13 2013-12-17 Fis Financial Compliance Solutions, Llc Systems and methods for monitoring and detecting fraudulent uses of business applications
US7523308B2 (en) * 2004-02-23 2009-04-21 Microsoft Corporation Method and system for dynamic system protection
US7673049B2 (en) * 2004-04-19 2010-03-02 Brian Dinello Network security system
US7509677B2 (en) 2004-05-04 2009-03-24 Arcsight, Inc. Pattern discovery in a network security system
US8203941B2 (en) * 2004-05-28 2012-06-19 Hewlett-Packard Development Company, L.P. Virus/worm throttle threshold settings
US7774848B2 (en) * 2004-07-23 2010-08-10 Fortinet, Inc. Mapping remediation to plurality of vulnerabilities
US7562389B1 (en) 2004-07-30 2009-07-14 Cisco Technology, Inc. Method and system for network security
US7555774B2 (en) * 2004-08-02 2009-06-30 Cisco Technology, Inc. Inline intrusion detection using a single physical port
US8176126B2 (en) 2004-08-26 2012-05-08 International Business Machines Corporation System, method and program to limit rate of transferring messages from suspected spammers
US7630974B2 (en) 2004-09-28 2009-12-08 Oracle International Corporation Multi-language support for enterprise identity and access management
US8499337B1 (en) * 2004-10-06 2013-07-30 Mcafee, Inc. Systems and methods for delegation and notification of administration of internet access
US7644438B1 (en) 2004-10-27 2010-01-05 Arcsight, Inc. Security event aggregation at software agent
US9100422B1 (en) 2004-10-27 2015-08-04 Hewlett-Packard Development Company, L.P. Network zone identification in a network security system
US8635690B2 (en) 2004-11-05 2014-01-21 Mcafee, Inc. Reputation based message processing
US20060117004A1 (en) * 2004-11-30 2006-06-01 Hunt Charles L System and method for contextually understanding and analyzing system use and misuse
US7607170B2 (en) 2004-12-22 2009-10-20 Radware Ltd. Stateful attack protection
US7809131B1 (en) 2004-12-23 2010-10-05 Arcsight, Inc. Adjusting sensor time in a network security system
US7343599B2 (en) * 2005-01-03 2008-03-11 Blue Lane Technologies Inc. Network-based patching machine
US7647632B1 (en) 2005-01-04 2010-01-12 Arcsight, Inc. Object reference in a system
US7610610B2 (en) 2005-01-10 2009-10-27 Mcafee, Inc. Integrated firewall, IPS, and virus scanner system and method
US8850565B2 (en) * 2005-01-10 2014-09-30 Hewlett-Packard Development Company, L.P. System and method for coordinating network incident response activities
US7725938B2 (en) * 2005-01-20 2010-05-25 Cisco Technology, Inc. Inline intrusion detection
US7844999B1 (en) 2005-03-01 2010-11-30 Arcsight, Inc. Message parsing in a network security system
US7810142B2 (en) * 2005-03-21 2010-10-05 International Business Machines Corporation Auditing compliance with a hippocratic database
US8578500B2 (en) * 2005-05-31 2013-11-05 Kurt James Long System and method of fraud and misuse detection
US20070073519A1 (en) * 2005-05-31 2007-03-29 Long Kurt J System and Method of Fraud and Misuse Detection Using Event Logs
US9330134B2 (en) 2005-05-31 2016-05-03 Fairwarning Ip, Llc User identity mapping system and method of use
US7937480B2 (en) 2005-06-02 2011-05-03 Mcafee, Inc. Aggregation of reputation data
US7302442B2 (en) * 2005-06-02 2007-11-27 Data Pattern Index Method for recording, identification, selection, and reporting network transversal paths
US7970788B2 (en) * 2005-08-02 2011-06-28 International Business Machines Corporation Selective local database access restriction
US7933923B2 (en) 2005-11-04 2011-04-26 International Business Machines Corporation Tracking and reconciling database commands
US8468589B2 (en) 2006-01-13 2013-06-18 Fortinet, Inc. Computerized system and method for advanced network content processing
US8244532B1 (en) * 2005-12-23 2012-08-14 At&T Intellectual Property Ii, L.P. Systems, methods, and programs for detecting unauthorized use of text based communications services
US8688813B2 (en) 2006-01-11 2014-04-01 Oracle International Corporation Using identity/resource profile and directory enablers to support identity management
US20070255818A1 (en) * 2006-04-29 2007-11-01 Kolnos Systems, Inc. Method of detecting unauthorized access to a system or an electronic device
US20070283166A1 (en) * 2006-06-05 2007-12-06 Kabushiki Kaisha Toshiba System and method for state transition intrusion detection
US9178907B2 (en) 2006-06-09 2015-11-03 Mcafee, Inc. System, method and computer program product for detecting encoded shellcode in network traffic
US9860274B2 (en) 2006-09-13 2018-01-02 Sophos Limited Policy management
US8141100B2 (en) 2006-12-20 2012-03-20 International Business Machines Corporation Identifying attribute propagation for multi-tier processing
US7779156B2 (en) 2007-01-24 2010-08-17 Mcafee, Inc. Reputation based load balancing
US8214497B2 (en) 2007-01-24 2012-07-03 Mcafee, Inc. Multi-dimensional reputation scoring
US8179798B2 (en) 2007-01-24 2012-05-15 Mcafee, Inc. Reputation based connection throttling
US8763114B2 (en) 2007-01-24 2014-06-24 Mcafee, Inc. Detecting image spam
US7949716B2 (en) 2007-01-24 2011-05-24 Mcafee, Inc. Correlation and analysis of entity attributes
US8495367B2 (en) 2007-02-22 2013-07-23 International Business Machines Corporation Nondestructive interception of secure data in transit
US7613888B2 (en) * 2007-04-11 2009-11-03 International Bsuiness Machines Corporation Maintain owning application information of data for a data storage system
US7610459B2 (en) * 2007-04-11 2009-10-27 International Business Machines Corporation Maintain owning application information of data for a data storage system
US8307001B2 (en) * 2007-08-23 2012-11-06 International Business Machines Corporation Auditing of curation information
US7792770B1 (en) 2007-08-24 2010-09-07 Louisiana Tech Research Foundation; A Division Of Louisiana Tech University Foundation, Inc. Method to indentify anomalous data using cascaded K-Means clustering and an ID3 decision tree
US9438641B2 (en) * 2007-09-12 2016-09-06 Avaya Inc. State machine profiling for voice over IP calls
US9100417B2 (en) * 2007-09-12 2015-08-04 Avaya Inc. Multi-node and multi-call state machine profiling for detecting SPIT
US9736172B2 (en) * 2007-09-12 2017-08-15 Avaya Inc. Signature-free intrusion detection
US9178898B2 (en) * 2007-09-12 2015-11-03 Avaya Inc. Distributed stateful intrusion detection for voice over IP
US8032497B2 (en) * 2007-09-26 2011-10-04 International Business Machines Corporation Method and system providing extended and end-to-end data integrity through database and other system layers
US8621605B2 (en) * 2007-10-09 2013-12-31 International Business Machines Corporation Method for reducing the time to diagnose the cause of unexpected changes to system files
JP5104187B2 (en) * 2007-10-15 2012-12-19 ソニー株式会社 VIDEO / AUDIO SETTING INFORMATION MANAGEMENT DEVICE, PROCESSING METHOD THEREOF, AND PROGRAM
US8185930B2 (en) 2007-11-06 2012-05-22 Mcafee, Inc. Adjusting filter or classification control settings
US8045458B2 (en) 2007-11-08 2011-10-25 Mcafee, Inc. Prioritizing network traffic
US8160975B2 (en) 2008-01-25 2012-04-17 Mcafee, Inc. Granular support vector machine with random granularity
US8589503B2 (en) 2008-04-04 2013-11-19 Mcafee, Inc. Prioritizing network traffic
US8261326B2 (en) 2008-04-25 2012-09-04 International Business Machines Corporation Network intrusion blocking security overlay
US20090293121A1 (en) * 2008-05-21 2009-11-26 Bigus Joseph P Deviation detection of usage patterns of computer resources
US8214364B2 (en) * 2008-05-21 2012-07-03 International Business Machines Corporation Modeling user access to computer resources
MY151479A (en) * 2008-12-16 2014-05-30 Secure Corp M Sdn Bhd F Method and apparatus for detecting shellcode insertion
US8621638B2 (en) 2010-05-14 2013-12-31 Mcafee, Inc. Systems and methods for classification of messaging entities
DE102010062469A1 (en) * 2010-12-06 2012-06-06 Bayerische Motoren Werke Aktiengesellschaft Method for encrypted radio transmission of data
US8769688B2 (en) * 2011-09-23 2014-07-01 Universidad Politécnica de P.R. Simultaneous determination of a computer location and user identification
US9961096B1 (en) 2013-09-17 2018-05-01 Cisco Technology, Inc. Distributed behavior based anomaly detection
US20150221193A1 (en) * 2014-02-04 2015-08-06 Aruba Networks, Inc. Intrusion Detection and Video Surveillance Activation and Processing
WO2016138400A1 (en) 2015-02-27 2016-09-01 Cisco Technology, Inc. System and methods for computer network security involving user confirmation of network connections
US10552615B2 (en) 2016-02-18 2020-02-04 Swimlane Llc Threat response systems and methods
US10678928B1 (en) 2016-04-20 2020-06-09 State Farm Mutual Automobile Insurance Company Data movement perimeter monitoring
US10885213B2 (en) 2017-09-12 2021-01-05 Sophos Limited Secure firewall configurations
JP2022159823A (en) * 2021-04-05 2022-10-18 株式会社エビデント System, controller, method for extracting log, and program
US11811668B2 (en) 2021-08-19 2023-11-07 Bank Of America Corporation System for implementing disposition bias for validating network traffic from upstream applications

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4672609A (en) * 1982-01-19 1987-06-09 Tandem Computers Incorporated Memory system with operation error detection
US4773028A (en) * 1984-10-01 1988-09-20 Tektronix, Inc. Method and apparatus for improved monitoring and detection of improper device operation
US5210704A (en) * 1990-10-02 1993-05-11 Technology International Incorporated System for prognosis and diagnostics of failure and wearout monitoring and for prediction of life expectancy of helicopter gearboxes and other rotating equipment

Also Published As

Publication number Publication date
US5557742A (en) 1996-09-17
CA2144105C (en) 1999-08-17

Similar Documents

Publication Publication Date Title
CA2144105A1 (en) Method and System for Detecting Intrusion Into and Misuse of a Data Processing System
Ilgun USTAT: A real-time intrusion detection system for UNIX
Dowell et al. The computer watch data reduction tool
US6526512B1 (en) Access key codes for computer resources
AU5922696A (en) Tokenless identification system for authorization of electronic transactions and electronic transmissions
CA2172860A1 (en) Method of Token Verification in a Key Management System
CA2133057A1 (en) Electronic combination lock utilizing a one-time use combination
WO2016091439A1 (en) A security device for a vehicle&#39;s electronic system
CA2188701A1 (en) Method and apparatus for authenticating documents
WO2003081397A3 (en) A method of protecting the integrity of a computer program
AU6326696A (en) Systems and methods for secure transaction management and electronic rights protection
CA2245083A1 (en) Method and system for enhancing security and for audit and control of cryptographic verifier
CA2018319A1 (en) Method of providing mandatory secrecy and integrity file security in a computer system
Jajodia et al. Application-level isolation to cope with malicious database users
EP0809217A3 (en) Secret information indentification system
AU2001252841A1 (en) Check of fingerprints
Buhan et al. A false rejection oriented threat model for the design of biometric authentication systems
CN111368280A (en) Authority management method and system based on face recognition
Needham Computer security?
JP2518924B2 (en) Dynamic qualification confirmation method
CN116743434A (en) Industrial Internet protection system and method
WO2001027716A3 (en) Data management systems, apparatus and methods
Betts National Security Agency calls for more secure software.
Greenleaf Computers and crime-the hacker's new rules
Hancock Export of cryptographic information from the US: A brief look at the problems

Legal Events

Date Code Title Description
EEER Examination request
MKEX Expiry

Effective date: 20150309