[특허]System and method for detecting buffer overflow attacks

System and method for detecting buffer overflow attacks 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	G06F-011/00
출원번호	US-0651306 (2000-08-30)
발명자 / 주소	Moran, Douglas B.
출원인 / 주소	Symantec Corporation
대리인 / 주소	Van Pelt & Yi LLP
인용정보	피인용 횟수 : 93 인용 특허 : 14

초록 ▼

A system and method are disclosed for detecting intrusions in a host system on a network. The intrusion detection system comprises an analysis engine configured to use continuations and apply forward- and backward-chaining using rules. Also provided are sensors, which communicate with the analysis engine using a meta-protocol in which the data packet comprises a 4-tuple. A configuration discovery mechanism locates host system files and communicates the locations to the analysis engine. A file processing mechanism matches contents of a deleted file to a directory or filename, and a directory processing mechanism extracts deallocated directory entries from a directory, creating a partial ordering of the entries. A signature checking mechanism computes the signature of a file and compares it to previously computed signatures. A buffer overflow attack detector compares access times of commands and their associated files. The intrusion detection system further includes a mechanism for checking timestamps to identify and analyze forward and backward time steps in a log file.

대표청구항 ▼

1. A system for detecting intrusions on a host, comprising:a) a database of commands and files accessed by the commands, including dependencies encoded as classes of objects; andb) an analysis engine configured to compare an access time of a first command with access and modification times of files expected to be accessed by the first command and identify the first command as suspicious if the files expected to be accessed by the first command were not in fact accessed. 2. The system as recited in claim 1, further comprising a sensor configured to collect an instance of the first command executed by the host. 3. The system as recited in claim 1, wherein the database comprises set user identifier commands. 4. The system as recited in claim 1, wherein the database comprises set group identifier commands. 5. The system as recited in claim 1, further comprising a configuration discovery mechanism configured to return information about logfiles, and wherein the analysis engine is further configured to encode the information about logfiles in the database. 6. The system as recited in claim 5, wherein the configuration discovery mechanism is configured to assign membership of classes. 7. The system as recited in claim 2, wherein the sensor is configured to collect the instance from a logfile. 8. The system as recited in claim 2, wherein the sensor is configured to communicate the first command to the analysis engine. 9. The system as recited in claim 2, wherein the analysis engine is further configured to assign a suspicion level based on the comparison of times. 10. The system as recited in claim 9, wherein the analysis engine includes a time decay function. 11. The system as recited in claim 10, wherein the analysis engine is configured to use the time decay function to downgrade a suspicion level associated with the instance of the first command. 12. The system as recited in claim 11, wherein the time decay function is exponential. 13. The system as recited in claim 9, further comprising a user interface, wherein the analysis engine is configured to provide the user interface with an analysis based on the suspicion value, and information relating to the analysis. 14. The system as recited in claim 9, further comprising a sensor configured to collect a second instance of a second command, corresponding to the first command, executed by a second host. 15. The system as recited in claim 14, wherein the analysis engine includes a time decay function. 16. The system as recited in claim 15, wherein the analysis engine is further configured to use the first instance, second instance, and time decay function in assigning a suspicion value to the first or second instance. 17. A method for detecting intrusions on a host, comprising the steps of:a) providing a database of commands and files accessed by the commandsb) encoding dependencies as classes of objects in the database;c) comparing an access time of a first command with access and modification times of files expected to be accessed by the first command; andd) identifying the first command as suspicious if the files expected to be accessed by the first command were not in fact accessed. 18. A computer program product for detecting intrusions on a host, the computer program product being embodied in a computer readable medium having machine readable code embodied therein for performing the steps of:a) providing a database of commands and files accessed by the commandsb) encoding dependencies as classes of objects in the database;c) comparing an access time of a first command with access and modification times of files expected to be accessed by the first command;d) identifying the first command as suspicious if the files expected to be accessed by the first command were not in fact accessed.

이 특허에 인용된 특허 (14)

Andres Frederic,FRX, Apparatus for evaluating database query performance having libraries containing information for modeling the various sys.
상세보기
Farber David A. ; Lachman Ronald D., Data processing system using substantially unique identifiers to identify data items, whereby identical data items hav.
상세보기
Dunphy William E. (Westminster CO) Halladay Steven M. (Louisville CO) Moy Michael E. (Lafayette CO) Munro Frederick G. (Broomfield CO), Data storage and protection system.
상세보기
Leblang David B. (Wayland MA) Allen Larry W. (Cambridge MA) Chase ; Jr. Robert P. (Newton MA) Douros Bryan P. (Framingham MA) Jabs David E. (Sudbury MA) McLean ; Jr. Gordon D. (Brookline MA) Minard D, Dynamic software version auditor which monitors a process to provide a list of objects that are accessed.
상세보기
Lermuzeaux Jean-Marc (St Michel sur Orge FRX) Emery Thierry (St Germain les Arpajon FRX) Gonthier Patrice (Antony FRX), Facility for detecting intruders and suspect callers in a computer installation and a security system including such a f.
상세보기
Maloney Michael P. ; Suit John M. ; Rubel Rich ; Woodus Francis M., Information security analysis system.
상세보기
Bellare Mihir ; Guerin Roch Andre ; Rogaway Phillip Walder, Method and apparatus for data authentication in a data communication environment.
상세보기
Bruell Gregory O. (Carlisle MA), Method and apparatus for defining data packet formats.
상세보기
Mattison Phillip E., Method and apparatus for protecting flash memory.
상세보기
Smaha Stephen E. (Austin TX) Snapp Steven R. (Austin TX), Method and system for detecting intrusion into and misuse of a data processing system.
상세보기
Walker Jeffrey H., Method and system for reducing the volume of audit data and normalizing the audit data received from heterogeneous sources.
상세보기
Shieh Shiuh-Pyung W. (Hsinchu MD TWX) Gligor Virgil D. (Chevy Chase MD), Pattern-oriented intrusion-detection system and method.
상세보기
Davis Derek L., Secure BIOS.
상세보기
Miller Arnold (Bellevue WA) Neeman Yuval (Bellevue WA) Contorer Aaron M. (Kirkland WA) Misra Pradyumna K. (Issaquah WA) Seaman Michael R. C. (Kirkland WA) Rubin Darryl E. (Redmond WA), Unification of directory service with file system services.
상세보기

이 특허를 인용한 특허 (93)

Gustin, Jay W., Apparatus and methods for monitoring network traffic.
상세보기
Porras,Phillip Andrew; Almgren,Magnus; Lindqvist,Ulf E.; Dawson,Steven Mark, Application-layer anomaly and misuse detection.
상세보기
Case, Sr., Paul, Case secure computer architecture.
상세보기
Case, Sr., Paul, Case secure computer architecture.
상세보기
Brennan, Todd, Centralized timed analysis in a network security system.
상세보기
Florencio, Dinei A.; Herley, Cormac E., Client side attack resistant phishing detection.
상세보기
Cormode, Graham; Korn, Philip; Tirthapura, Srikanta, Computing time-decayed aggregates under smooth decay functions.
상세보기
Cormode, Graham; Korn, Philip; Tirthapura, Srikanta, Computing time-decayed aggregates under smooth decay functions.
상세보기
Brennan, Todd, Content extractor and analysis system.
상세보기
Wells, Joseph; Xie, Michael, Content pattern recognition language processor and methods of using the same.
상세보기
Wells, Joseph; Xie, Michael, Content pattern recognition language processor and methods of using the same.
상세보기
Xie, Michael, Detecting network traffic content.
상세보기
Xie, Michael, Detecting network traffic content.
상세보기
Xie, Michael, Detecting network traffic content.
상세보기
Xie, Michael, Detecting network traffic content.
상세보기
Dixon, Christopher John; Pinckney, Thomas, Determining website reputations using automatic testing.
상세보기
Markovich, Slavik; Shuchami, Nathan, Device, system and method of database security.
상세보기
Borde, Shrikrishna V.; Lafreniere, Louis; Morrison, Vance P., Dynamically determining a buffer-stack overrun.
상세보기
Gupta, Manish; Kothari, Ravi; Mann, Vijay; Vishnoi, Anil Kumar, Fast detection and diagnosis of system outages.
상세보기
Gustin, Jay, Hardware assist for redundant ethernet network.
상세보기
Xie, Michael, Hardware based detection devices for detecting network traffic content and methods of using the same.
상세보기
Xie, Michael, Hardware based detection devices for detecting network traffic content and methods of using the same.
상세보기
Xie, Michael, Hardware based detection devices for detecting network traffic content and methods of using the same.
상세보기
Miyagawa,Akiko; Inada,Toru; Ushirozawa,Shinobu, Illegal access data handling apparatus and method for handling illegal access data.
상세보기
Dixon, Christopher John; Pinckney, Thomas, Indicating Website reputations during Website manipulation of user information.
상세보기
Dixon, Christopher John; Pinckney, Thomas, Indicating website reputations based on website handling of personal information.
상세보기
Dixon, Christopher John; Pinckney, Thomas, Indicating website reputations during an electronic commerce transaction.
상세보기
Dixon, Christopher John; Pinckney, Thomas, Indicating website reputations during user interactions.
상세보기
Dixon, Christopher John; Pinckney, Thomas, Indicating website reputations during website manipulation of user information.
상세보기
Dixon, Christopher John; Pinckney, Thomas, Indicating website reputations during website manipulation of user information.
상세보기
Cothrell, Scott A.; Richardson, Aaron S., Inline intrusion detection.
상세보기
Cothrell, Scott A.; Richardson, Aaron S., Inline intrusion detection.
상세보기
Hall, Michael Lee; Wiley, Kevin L.; Hossain, Munawar; Sirrianni, Joseph M., Inline intrusion detection using a single physical port.
상세보기
Haeffele, Steven M.; Gupta, Ramesh M.; Raman, Ananth; Vissamsetti, Srikant, Integrated firewall, IPS, and virus scanner system and method.
상세보기
Haeffele, Steven M.; Gupta, Ramesh M.; Raman, Ananth; Vissamsetti, Srikant, Integrated firewall, IPS, and virus scanner system and method.
상세보기
Haeffele, Steven M.; Gupta, Ramesh M.; Raman, Ananth; Vissamsetti, Srikant, Integrated firewall, IPS, and virus scanner system and method.
상세보기
Haeffele, Steven M.; Gupta, Ramesh M.; Raman, Ananth; Vissamsetti, Srikant, Integrated firewall, IPS, and virus scanner system and method.
상세보기
Bardsley,Jeffrey Scott; Brock,Ashley Anderson; Kim,Nathaniel Wook; Lingafelt,Charles Steven, Limiting the output of alerts generated by an intrusion detection sensor during a denial of service attack.
상세보기
Xie, Michael, Managing network traffic flow.
상세보기
Xie, Michael, Managing network traffic flow.
상세보기
Sarcar,Kanoj, Method and apparatus for detecting an overflow condition in a kernel stack during operating system development.
상세보기
Liu, Peter; Yueh, Jason; Lin, Gene, Method and apparatus for detecting and removing kernel rootkits.
상세보기
Patel, Meena; Rajan, Basant, Method and apparatus for securing sensitive data from misappropriation by malicious software.
상세보기
Bhattacharya,Partha; Liao,Yu, Method and system for determining intra-session event correlation across network address translation devices.
상세보기
Bhattacharya, Partha; Lee, Imin T.; Joseph, Aji; Stevens, Eli; Naramreddy, Diwakar, Method and system for displaying network security incidents.
상세보기
Bhattacharya, Partha; Lee, Imin; Joseph, Aji; Stevens, Eli; Naramreddy, Diwakar, Method and system for displaying network security incidents.
상세보기
Bhattacharya, Partha; Wang, Yuewei; Stevens, Eli Nathaniel; Sasu, Gheorghe Mircea, Method and system for inline top N query computation.
상세보기
Wiley,Kevin L.; Lathem,Gerald S.; Hall, Jr.,Michael L., Method and system for maintaining network activity data for intrusion detection.
상세보기
Goyal, Rajan; Mihailovici, Virgil N.; Gupta, Rahul; Monclus, Pere; Habib, Ahsan; Prabhu, Kirtikumar L.; Paggen, Christophe J.; Kaluve, Shyamasundar S., Method and system for network security.
상세보기
Bhattacharya, Partha; Liao, Yu, Method of determining intra-session event correlation across network address translation devices.
상세보기
Norman, Andrew Patrick; Brawn, John Melvin; Scrimsher, John P; Griffin, Jonathan, Method of identifying software vulnerabilities on a computer system.
상세보기
Bardsley, Jeffrey Scott; Brock, Ashley Anderson; Kim, Nathaniel Wook; Lingafelt, Charles Steven, Method of operating an intrusion detection system.
상세보기
Blumenau, Steven M., Methods and apparatus for interfacing to a data storage system.
상세보기
Blumenau, Steven M., Methods and apparatus for interfacing to a data storage system.
상세보기
Williamson, Matthew Murray; Norman, Andrew Patrick; Griffin, Jonathan, Network management.
상세보기
Hernacki, Brian; Bennett, Jeremy, Network risk analysis.
상세보기
Hernacki,Brian; Bennett,Jeremy, Network risk analysis.
상세보기
Bhattacharya,Partha; Lawrence,Jan Christian, Network security monitoring system.
상세보기
Porras, Phillip Andrew; Valdes, Alfonso De Jesus, Network surveillance.
상세보기
Porras, Phillip Andrew; Valdes, Alfonso, Network surveillance using long-term and short-term statistical profiles to determine suspicious network activity.
상세보기
Porras, Phillip Andrew; Fong, Martin Wayne, Network-based alert management system.
상세보기
Bezilla, Daniel Bailey; Immordina, John Leonard; Le Ogura, James, Policy based selection of remediation.
상세보기
Bezilla, Daniel B.; Immordino, John L.; Le Ogura, James, Policy-based selection of remediation.
상세보기
Bezilla, Daniel B.; Immordino, John L.; Ogura, James Le, Policy-based selection of remediation.
상세보기
Bezilla, Daniel B.; Immordino, John L.; Ogura, James Le, Policy-based selection of remediation.
상세보기
Bezilla, Daniel B.; Immordino, John L.; Ogura, James Le, Policy-based selection of remediation.
상세보기
Bezilla, Daniel B.; Immordino, John L.; Ogura, James Le, Policy-based selection of remediation.
상세보기
Bezilla, Daniel B.; Immordino, John L.; Ogura, James Le, Policy-based selection of remediation.
상세보기
Bezilla, Daniel B.; Immordino, John L.; Ogura, James Le, Policy-based selection of remediation.
상세보기
AlHarbi, Khalid Nawaf; Lin, Xiaodong, Preventing stack buffer overflow attacks.
상세보기
Dixon, Christopher John; Pinckney, Thomas, Providing alternative web content based on website reputation assessment.
상세보기
Lin, Yichin; Yueh, Peng-Yuan; Liu, Yu-Heng, Secure computer system integrity check.
상세보기
Wilkins, Jonathan; Gjonej, Gerard; Back, Adam, Security attack detection and defense.
상세보기
Freund, Gregor Paul, Security system with methodology providing verified secured individual end points.
상세보기
Smith, Shawn A. P.; Karipides, Daniel P., Session-based processing method and system.
상세보기
Smith, Shawn A. P.; Karipides, Daniel P., Session-based processing method and system.
상세보기
Smith, Shawn A. P.; Karipides, Daniel P., Session-based processing method and system.
상세보기
Brawn,John Melvin; Norman,Andrew Patrick; Dalton,Chris Ralph; Griffin,Jonathan, Signal level propagation mechanism for distribution of a payload to vulnerable systems.
상세보기
Bolles,Gregory Allin; Mohandas,Radhesh; Simpson, Jr.,Russell L., Source throttling using CPU stamping.
상세보기
Lyle, Michael P.; Ross, Robert F.; Maricondo, James R., System and method for computer security.
상세보기
Zheng, Danyang Raymond; Cham, Jack C., System and method for controlling and tracking network content flow.
상세보기
Pavlyushchik, Mikhail A., System and method for file integrity monitoring using timestamps.
상세보기
Lyle, Michael P.; Ross, Robert F.; Maricondo, James R., System and method for generating fictitious content for a computer.
상세보기
Lyle, Michael P.; Ross, Robert F.; Maricondo, James R., System and method for preventing detection of a selected process running on a computer.
상세보기
Moran,Douglas B., System and method for using login correlations to detect intrusions.
상세보기
Moran, Douglas B., System and method for using timestamps to detect attacks.
상세보기
Johnson, Harold J.; Chow, Stanley T.; Main, Alexander, System and method of foiling buffer-overflow and alien-code attacks.
상세보기
Heron, George L.; Bolin, Christopher S., System, method and computer program product for obtaining a reputation associated with a file.
상세보기
Dixon, Christopher John; Pinckney, Thomas, System, method, and computer program product for presenting an indicia of risk associated with search results within a graphical user interface.
상세보기
Dixon, Christopher John; Pinckney, Thomas, System, method, and computer program product for presenting an indicia of risk associated with search results within a graphical user interface.
상세보기
Dixon, Christopher John; Pinckney, Thomas, System, method, and computer program product for presenting an indicia of risk reflecting an analysis associated with search results within a graphical user interface.
상세보기
Dixon, Christopher John; Pinckney, Thomas, System, method, and computer program product for presenting an indicia of risk reflecting an analysis associated with search results within a graphical user interface.
상세보기
Gupta, Manish; Kothari, Ravi; Mann, Vijay; Vishnoi, Anil Kumar, Systems and methods for fast detection and diagnosis of system outages.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

System and method for detecting buffer overflow attacks 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (14)

이 특허를 인용한 특허 (93)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

System and method for detecting buffer overflow attacks 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (14)

이 특허를 인용한 특허 (93)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트