[특허]System and method for using login correlations to detect intrusions

System and method for using login correlations to detect intrusions 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	G06F-011/34 G06F-012/14 H04L-009/00
출원번호	US-0651854 (2000-08-30)
발명자 / 주소	Moran,Douglas B.
출원인 / 주소	Symantec Corporation
대리인 / 주소	Van Pelt, Yi &
인용정보	피인용 횟수 : 38 인용 특허 : 28

초록 ▼

A system and method are disclosed for detecting intrusions in a host system on a network. The intrusion detection system comprises an analysis engine configured to use continuations and apply forward-and backward-chaining using rules. Also provided are sensors, which communicate with the analysis engine using a meta-protocol in which the data packet comprises a 4-tuple. A configuration discovery mechanism locates host system files and communicates the locations to the analysis engine. A file processing mechanism matches contents of a deleted file to a directory or filename, and a directory processing mechanism extracts deallocated directory entries from a directory, creating a partial ordering of the entries. A signature checking mechanism computes the signature of a file and compares it to previously computed signatures. A buffer overflow attack detector compares access times of commands and their associated files. The intrusion detection system further includes a mechanism for checking timestamps to identify and analyze forward and backward time steps in a log file.

대표청구항 ▼

What is claimed is: 1. A method for detecting intrusions on a host, comprising: collecting information from a logfile located on the host; and analyzing the logfile, including by using a time decay function to compute a suspicion value for an entry in the logfile including by computing a probability for an end of a session with which the entry is associated. 2. A method as recited in claim 1, wherein the logfile is sulog and the session is an su session. 3. A computer program product for detecting intrusions on a host, the computer program product being embodied in a computer readable medium and comprising computer instructions for: collecting information from a logfile located on the host; and analyzing the logfile, including by using a time decay function to compute a suspicion value for an entry in the logfile including by using the time decay function to compute a probability for an end of a session with which the entry is associated. 4. A computer program product as recited in claim 3, wherein the logfile is sulog and the session is an su session.

이 특허에 인용된 특허 (28)

Andres Frederic,FRX, Apparatus for evaluating database query performance having libraries containing information for modeling the various sys.
상세보기
Gupta Sarbari (Rockville MD) Gligor Virgil D. (Chevy Chase MD), Automated penetration analysis system and method.
상세보기
Farber David A. ; Lachman Ronald D., Data processing system using substantially unique identifiers to identify data items, whereby identical data items hav.
상세보기
Dunphy William E. (Westminster CO) Halladay Steven M. (Louisville CO) Moy Michael E. (Lafayette CO) Munro Frederick G. (Broomfield CO), Data storage and protection system.
상세보기
Hecht Matthew S. (Potomac MD) Johri Abhai (Gaithersburg MD) Wei Tsung T. (Gaithersburg MD) Steves Douglas H. (Austin TX), Distributed security auditing subsystem for an operating system.
상세보기
Munson, John C.; Elbaum, Sebastian G., Dynamic software system intrusion detection.
상세보기
Leblang David B. (Wayland MA) Allen Larry W. (Cambridge MA) Chase ; Jr. Robert P. (Newton MA) Douros Bryan P. (Framingham MA) Jabs David E. (Sudbury MA) McLean ; Jr. Gordon D. (Brookline MA) Minard D, Dynamic software version auditor which monitors a process to provide a list of objects that are accessed.
상세보기
David L. Drake ; David J. Webster, Event detection.
상세보기
Lermuzeaux Jean-Marc (St Michel sur Orge FRX) Emery Thierry (St Germain les Arpajon FRX) Gonthier Patrice (Antony FRX), Facility for detecting intruders and suspect callers in a computer installation and a security system including such a f.
상세보기
Phillip Andrew Porras ; Alfonso Valdes, Hierarchical event monitoring and analysis.
상세보기
Craig H. Rowland, Intrusion detection system.
상세보기
Esbensen Daniel, Method and apparatus for automated network-wide surveillance and security breach intervention.
상세보기
Bellare Mihir ; Guerin Roch Andre ; Rogaway Phillip Walder, Method and apparatus for data authentication in a data communication environment.
상세보기
Bruell Gregory O. (Carlisle MA), Method and apparatus for defining data packet formats.
상세보기
Mattison Phillip E., Method and apparatus for protecting flash memory.
상세보기
Campbell, Wayne A.; Walker, Jeffrey H., Method and system for detecting intrusion into and misuse of a data processing system.
상세보기
Smaha Stephen E. (Austin TX) Snapp Steven R. (Austin TX), Method and system for detecting intrusion into and misuse of a data processing system.
상세보기
Howard Steven Kenneth ; Martin David Charles ; Plutowski Mark Earl Paul, Method and system for emulating web site traffic to identify web site usage patterns.
상세보기
Milan V. Trcka ; Kenneth T. Fallon ; Mark R. Jones ; Ronald W. Walker, Network security and surveillance system.
상세보기
Porras Phillip A. ; Valdes Alfonso, Network surveillance.
상세보기
Porras, Phillip Andrew; Valdes, Alfonso, Network surveillance.
상세보기
Porras, Phillip Andrew; Valdes, Alfonso, Network surveillance.
상세보기
Conklin David Allen ; Harrison John Reed, Network surveillance system.
상세보기
Porras, Phillip Andrew; Fong, Martin Wayne, Network-based alert management.
상세보기
Davis Derek L., Secure BIOS.
상세보기
Moran, Douglas B., System and method for detecting buffer overflow attacks.
상세보기
Andrew Flint CA; Irving Reid CA; Gene Amdur CA, System and method for implementing a security policy.
상세보기
Miller Arnold (Bellevue WA) Neeman Yuval (Bellevue WA) Contorer Aaron M. (Kirkland WA) Misra Pradyumna K. (Issaquah WA) Seaman Michael R. C. (Kirkland WA) Rubin Darryl E. (Redmond WA), Unification of directory service with file system services.
상세보기

이 특허를 인용한 특허 (38)

Rook, Derek, Addressing inside-enterprise hack attempts.
상세보기
Srinivas,Muktevi; Shankar,Jagannathan Shiva; Patakolusu,Damodar; Hegde,Prashant, Approach for managing internet protocol telephony devices in networks.
상세보기
Case, Sr., Paul, Case secure computer architecture.
상세보기
Case, Sr., Paul, Case secure computer architecture.
상세보기
Roberts, Rodeny B.; Gardner, Ronald B., Device detection system for monitoring use of removable media in networked computers.
상세보기
Adams, Phillip M., Enforcement process for correction of hardware and software defects.
상세보기
Adams,Phillip M., Enforcement process for correction of hardware and software defects.
상세보기
Varadarajan, Sridhar, Enterprise black box system and method for data centers.
상세보기
Cangini, Gianluca; Zabetta, Francesco Coda; Lamastra, Gerardo, Intrusion detection method and system, related network and computer program product therefor.
상세보기
Bruton, III,David Aro; Jakubik,Patricia; LiVecchi,Patrick Michael; Overby, Jr.,Linwood Hugh, Intrusion event filtering.
상세보기
Cohen, Oded; Margalit, Yanki; Margalit, Dany, Method and system for indicating an executable as trojan horse.
상세보기
Ahrens, David; Mani, Mahalingam, Method for cooperative intrusion prevention through collaborative inference.
상세보기
Kraemer, Jeffrey A.; Malver, Debra L., Methods and apparatus providing security for multiple operational states of a computerized device.
상세보기
John, Pramod; Chen, Tsehua A.; Christensen, Mitchell T.; Erlund, Maxine R., Monitoring network traffic by using a monitor device.
상세보기
John, Pramod; Wang, Yingxian; Marti, Ramachandran V.; Erlund, Maxine R., Monitoring network traffic by using event log information.
상세보기
John, Pramod; Wang, Yingxian; Marti, Ramachandran V.; Erlund, Maxine R., Monitoring network traffic by using event log information.
상세보기
John, Pramod; Chang, Ai-Lan; Lassig, Daniel J.; Fong, Rendell K. G.; Jee, Emmanuel W., Network security policy enforcement using application session information and object attributes.
상세보기
Tarquini, Richard Paul; Schertz, Richard Louis, Node, method and computer readable medium for optimizing performance of signature rule matching in a network.
상세보기
Wade, Roy, Object code configuration tool.
상세보기
Verbowski, Chad; Lee, Juhan; Liu, Xiaogang; Roussev, Roussi; Wang, Yi-Min, Program modification and loading times in computing devices.
상세보기
Cohen, Alexander J.; Jung, Edward K. Y.; Levien, Royce A.; Lord, Robert W.; Malamud, Mark A.; Mangione-Smith, William Henry; Rinaldo, Jr., John D.; Tegreene, Clarence T., Receiving an indication of a security breach of a protected set of files.
상세보기
Ng, Norman N.; Hart, Michael P.; Miller, David M.; Wilkins, Jonathan; Fern, Kenneth; MacLin, Markham F.; Ford, Peter S.; Sanders, Scott D.; VonKoch, Walter, Remote command framework for devices.
상세보기
John, Pramod, Secure enterprise network.
상세보기
Pramod, John, Secure enterprise network.
상세보기
Albornoz, Jordi A., Secure initialization of intrusion detection system.
상세보기
Hrabik, Michael; Guilfoyle, Jeffrey J.; Beaver, Edward “Mac”, Security system for a computer network having a security subsystem and a master system which monitors the integrity of a security subsystem.
상세보기
Cohen, Alexander J.; Jung, Edward K.Y.; Levien, Royce A.; Lord, Robert W.; Malamud, Mark A.; Mangione-Smith, William Henry; Rinaldo, Jr., John D.; Tegreene, Clarence T., Signaling a security breach of a protected set of files.
상세보기
Walsh, Sean; Wheeler, Brian; Leng, Jeremy, Social log file collaboration and annotation.
상세보기
Thioux, Emmanuel; Amin, Muhammad; Ismael, Osman Abdoul, System and method for analysis of a memory dump associated with a potentially malicious content suspect.
상세보기
Lyle, Michael P.; Ross, Robert F.; Maricondo, James R., System and method for computer security.
상세보기
Beachem, Brent; Boucher, Peter; Nault, Gabe; Rollins, Richard; Wood, Jonathan Brett; Wright, Michael, System and method for filtering access points presented to a user and locking onto an access point.
상세보기
Lyle, Michael P.; Ross, Robert F.; Maricondo, James R., System and method for generating fictitious content for a computer.
상세보기
Lyle, Michael P.; Ross, Robert F.; Maricondo, James R., System and method for preventing detection of a selected process running on a computer.
상세보기
Moran, Douglas B., System and method for using timestamps to detect attacks.
상세보기
Hammond, II, Frank J.; Carlander, Steven J.; Ricotta, Jr., Frank J., System and method of non-centralized zero knowledge authentication for a computer network.
상세보기
Hammond, II, Frank J.; Ricotta, Jr., Frank J.; Dykstra, Hans Michael; Williams, Blake Andrew; Carlander, Steven James; Williams Gerber, Sarah, Systems and methods for enterprise security with collaborative peer to peer architecture.
상세보기
Vedula, Srinivas; Morris, Cameron Craig, Techniques for credential strength analysis via failed intruder access attempts.
상세보기
John, Pramod; Marti, Ramachandran V.; Wang, Yingxian; Erlund, Maxine R., Verifying user authentication.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

System and method for using login correlations to detect intrusions 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (28)

이 특허를 인용한 특허 (38)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

System and method for using login correlations to detect intrusions 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (28)

이 특허를 인용한 특허 (38)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트