ATE341024T1 - Verfahren, vorrichtung und computersoftware- produkt zur reaktion auf computereinbrüche - Google Patents

Verfahren, vorrichtung und computersoftware- produkt zur reaktion auf computereinbrüche

Info

Publication number
ATE341024T1
ATE341024T1 AT03778561T AT03778561T ATE341024T1 AT E341024 T1 ATE341024 T1 AT E341024T1 AT 03778561 T AT03778561 T AT 03778561T AT 03778561 T AT03778561 T AT 03778561T AT E341024 T1 ATE341024 T1 AT E341024T1
Authority
AT
Austria
Prior art keywords
intrusion
pattern
computer
responding
software product
Prior art date
Application number
AT03778561T
Other languages
English (en)
Inventor
Paul Thomas Baffes
Michael Gilfix
John Michael Garrison
Allan Hsu
Tyron Jerrod Stading
Original Assignee
Ibm
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ibm filed Critical Ibm
Application granted granted Critical
Publication of ATE341024T1 publication Critical patent/ATE341024T1/de

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/316User authentication by observing the pattern of computer usage, e.g. typical user behaviour
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/556Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Social Psychology (AREA)
  • Virology (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)
  • Hardware Redundancy (AREA)
  • Devices For Executing Special Programs (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Debugging And Monitoring (AREA)
AT03778561T 2002-12-05 2003-11-28 Verfahren, vorrichtung und computersoftware- produkt zur reaktion auf computereinbrüche ATE341024T1 (de)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US10/313,732 US7941854B2 (en) 2002-12-05 2002-12-05 Method and system for responding to a computer intrusion

Publications (1)

Publication Number Publication Date
ATE341024T1 true ATE341024T1 (de) 2006-10-15

Family

ID=32468329

Family Applications (1)

Application Number Title Priority Date Filing Date
AT03778561T ATE341024T1 (de) 2002-12-05 2003-11-28 Verfahren, vorrichtung und computersoftware- produkt zur reaktion auf computereinbrüche

Country Status (10)

Country Link
US (1) US7941854B2 (de)
EP (1) EP1567926B1 (de)
JP (1) JP4283228B2 (de)
KR (1) KR100734732B1 (de)
CN (1) CN100518174C (de)
AT (1) ATE341024T1 (de)
AU (1) AU2003285563A1 (de)
DE (1) DE60308722T2 (de)
TW (1) TWI234707B (de)
WO (1) WO2004051441A2 (de)

Families Citing this family (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7941854B2 (en) 2002-12-05 2011-05-10 International Business Machines Corporation Method and system for responding to a computer intrusion
US7483972B2 (en) * 2003-01-08 2009-01-27 Cisco Technology, Inc. Network security monitoring system
US8201249B2 (en) * 2003-05-14 2012-06-12 Northrop Grumman Systems Corporation Steady state computer intrusion and misuse detection
US6985920B2 (en) * 2003-06-23 2006-01-10 Protego Networks Inc. Method and system for determining intra-session event correlation across network address translation devices
US8984644B2 (en) 2003-07-01 2015-03-17 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US20070113272A2 (en) 2003-07-01 2007-05-17 Securityprofiling, Inc. Real-time vulnerability monitoring
US9100431B2 (en) 2003-07-01 2015-08-04 Securityprofiling, Llc Computer program product and apparatus for multi-path remediation
US7644365B2 (en) * 2003-09-12 2010-01-05 Cisco Technology, Inc. Method and system for displaying network security incidents
WO2005036339A2 (en) * 2003-10-03 2005-04-21 Enterasys Networks, Inc. System and method for dynamic distribution of intrusion signatures
US20050076236A1 (en) * 2003-10-03 2005-04-07 Bryan Stephenson Method and system for responding to network intrusions
US8839417B1 (en) * 2003-11-17 2014-09-16 Mcafee, Inc. Device, system and method for defending a computer network
US20050198530A1 (en) * 2003-12-12 2005-09-08 Chess David M. Methods and apparatus for adaptive server reprovisioning under security assault
US7225468B2 (en) * 2004-05-07 2007-05-29 Digital Security Networks, Llc Methods and apparatus for computer network security using intrusion detection and prevention
US8850565B2 (en) * 2005-01-10 2014-09-30 Hewlett-Packard Development Company, L.P. System and method for coordinating network incident response activities
US7882262B2 (en) 2005-08-18 2011-02-01 Cisco Technology, Inc. Method and system for inline top N query computation
US20070195776A1 (en) * 2006-02-23 2007-08-23 Zheng Danyang R System and method for channeling network traffic
US8233388B2 (en) 2006-05-30 2012-07-31 Cisco Technology, Inc. System and method for controlling and tracking network content flow
US20080127343A1 (en) * 2006-11-28 2008-05-29 Avaya Technology Llc Self-Operating Security Platform
CN101286850B (zh) * 2007-04-10 2010-12-15 深圳职业技术学院 路由器安全防御装置及防御系统和方法
US9843596B1 (en) * 2007-11-02 2017-12-12 ThetaRay Ltd. Anomaly detection in dynamically evolving data and systems
US8732829B2 (en) * 2008-04-14 2014-05-20 Tdi Technologies, Inc. System and method for monitoring and securing a baseboard management controller
KR101190559B1 (ko) 2010-12-24 2012-10-16 한국인터넷진흥원 봇의 행위 모니터링 정보 및 봇넷 정보의 시각화 방법
CN104348795B (zh) * 2013-07-30 2019-09-20 深圳市腾讯计算机系统有限公司 通用网关接口业务入侵防护的方法及装置
US9712555B2 (en) 2014-12-03 2017-07-18 Phantom Cyber Corporation Automated responses to security threats
US20160180078A1 (en) * 2014-12-23 2016-06-23 Jasmeet Chhabra Technologies for enhanced user authentication using advanced sensor monitoring
US10552615B2 (en) 2016-02-18 2020-02-04 Swimlane Llc Threat response systems and methods
US11489851B2 (en) * 2017-11-06 2022-11-01 Cyber Defence Qcd Corporation Methods and systems for monitoring cyber-events
KR102062718B1 (ko) * 2019-07-29 2020-01-07 주식회사 에프원시큐리티 패킷 가상화를 이용한 IoT 허니넷 시스템
FR3104776B1 (fr) 2019-12-17 2023-07-07 Commissariat Energie Atomique Procédé de détermination d’une réaction en réponse à une anomalie dans un réseau informatique
AT523933B1 (de) * 2020-11-18 2022-01-15 Ait Austrian Inst Tech Gmbh Verfahren zur Klassifizierung von anomalen Betriebszuständen eines Computernetzwerks

Family Cites Families (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5542024A (en) 1992-07-09 1996-07-30 Johnson & Johnson Graphically used expert system tool background of the invention
JP2501771B2 (ja) 1993-01-19 1996-05-29 インターナショナル・ビジネス・マシーンズ・コーポレイション 不所望のソフトウェア・エンティティの複数の有効なシグネチャを得る方法及び装置
JPH06282527A (ja) 1993-03-29 1994-10-07 Hitachi Software Eng Co Ltd ネットワーク管理システム
US5546507A (en) 1993-08-20 1996-08-13 Unisys Corporation Apparatus and method for generating a knowledge base
US5414833A (en) 1993-10-27 1995-05-09 International Business Machines Corporation Network security system and method using a parallel finite state machine adaptive active monitor and responder
US5557742A (en) * 1994-03-07 1996-09-17 Haystack Labs, Inc. Method and system for detecting intrusion into and misuse of a data processing system
US6144961A (en) 1995-08-31 2000-11-07 Compuware Corporation Method and system for non-intrusive measurement of transaction response times on a network
US6178509B1 (en) * 1996-06-13 2001-01-23 Intel Corporation Tamper resistant methods and apparatus
US5892903A (en) 1996-09-12 1999-04-06 Internet Security Systems, Inc. Method and apparatus for detecting and identifying security vulnerabilities in an open network computer communication system
US6119236A (en) 1996-10-07 2000-09-12 Shipley; Peter M. Intelligent network security device and method
US6802028B1 (en) * 1996-11-11 2004-10-05 Powerquest Corporation Computer virus detection and removal
US5850516A (en) 1996-12-23 1998-12-15 Schneier; Bruce Method and apparatus for analyzing information systems using stored tree database structures
US6618074B1 (en) * 1997-08-01 2003-09-09 Wells Fargo Alarm Systems, Inc. Central alarm computer for video security system
KR100545512B1 (ko) * 1997-08-01 2006-01-24 퀄컴 인코포레이티드 무선통신에서의 재사용 침입 방지 시스템 및 방법
US6088804A (en) 1998-01-12 2000-07-11 Motorola, Inc. Adaptive system and method for responding to computer network security attacks
US6347374B1 (en) * 1998-06-05 2002-02-12 Intrusion.Com, Inc. Event detection
EP1119813A1 (de) * 1998-09-28 2001-08-01 Argus Systems Group, Inc. Gesichertes unterteiltes computersbetriebsystem
US6321338B1 (en) * 1998-11-09 2001-11-20 Sri International Network surveillance
US6609205B1 (en) * 1999-03-18 2003-08-19 Cisco Technology, Inc. Network intrusion detection signature analysis using decision graphs
US6681331B1 (en) * 1999-05-11 2004-01-20 Cylant, Inc. Dynamic software system intrusion detection
US7020697B1 (en) * 1999-10-01 2006-03-28 Accenture Llp Architectures for netcentric computing systems
US6678734B1 (en) * 1999-11-13 2004-01-13 Ssh Communications Security Ltd. Method for intercepting network packets in a computing device
US6775657B1 (en) * 1999-12-22 2004-08-10 Cisco Technology, Inc. Multilayered intrusion detection system and method
US6535227B1 (en) * 2000-02-08 2003-03-18 Harris Corporation System and method for assessing the security posture of a network and having a graphical user interface
EP1277326A2 (de) * 2000-04-28 2003-01-22 Internet Security Systems, Inc. Verfahren und vorrichtung zur computersicherheitsinformationverwaltung
US20030159070A1 (en) * 2001-05-28 2003-08-21 Yaron Mayer System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages
US7007301B2 (en) * 2000-06-12 2006-02-28 Hewlett-Packard Development Company, L.P. Computer architecture for an intrusion detection system
JP2002024831A (ja) 2000-07-10 2002-01-25 Casio Comput Co Ltd 指紋認証装置及び指紋認証システム
US7093239B1 (en) * 2000-07-14 2006-08-15 Internet Security Systems, Inc. Computer immune system and method for detecting unwanted code in a computer system
AU2001290861A1 (en) 2000-09-15 2002-03-26 Cymtec Systems, Inc. Network management system
US20020161929A1 (en) * 2001-04-30 2002-10-31 Longerbeam Donald A. Method and apparatus for routing data through a computer network
US6931552B2 (en) * 2001-05-02 2005-08-16 James B. Pritchard Apparatus and method for protecting a computer system against computer viruses and unauthorized access
JP2002342276A (ja) 2001-05-17 2002-11-29 Ntt Data Corp ネットワーク侵入検知システムおよびその方法
US7234168B2 (en) * 2001-06-13 2007-06-19 Mcafee, Inc. Hierarchy-based method and apparatus for detecting attacks on a computer system
US6907430B2 (en) * 2001-10-04 2005-06-14 Booz-Allen Hamilton, Inc. Method and system for assessing attacks on computer networks using Bayesian networks
US6633835B1 (en) * 2002-01-10 2003-10-14 Networks Associates Technology, Inc. Prioritized data capture, classification and filtering in a network monitoring environment
US20030208616A1 (en) * 2002-05-01 2003-11-06 Blade Software, Inc. System and method for testing computer network access and traffic control systems
US6952779B1 (en) * 2002-10-01 2005-10-04 Gideon Cohen System and method for risk detection and analysis in a computer network
US7941854B2 (en) 2002-12-05 2011-05-10 International Business Machines Corporation Method and system for responding to a computer intrusion

Also Published As

Publication number Publication date
CN1695365A (zh) 2005-11-09
US20040111637A1 (en) 2004-06-10
WO2004051441A3 (en) 2004-08-26
WO2004051441A2 (en) 2004-06-17
CN100518174C (zh) 2009-07-22
JP4283228B2 (ja) 2009-06-24
DE60308722T2 (de) 2007-08-16
EP1567926B1 (de) 2006-09-27
DE60308722D1 (de) 2006-11-09
AU2003285563A1 (en) 2004-06-23
EP1567926A2 (de) 2005-08-31
TW200424845A (en) 2004-11-16
TWI234707B (en) 2005-06-21
US7941854B2 (en) 2011-05-10
AU2003285563A8 (en) 2004-06-23
KR20050086445A (ko) 2005-08-30
KR100734732B1 (ko) 2007-07-04
JP2006509283A (ja) 2006-03-16

Similar Documents

Publication Publication Date Title
ATE341024T1 (de) Verfahren, vorrichtung und computersoftware- produkt zur reaktion auf computereinbrüche
WO2008070501A3 (en) Determining advertisement effectiveness
WO2007022364A3 (en) Change audit method, apparatus and system
ATE513402T1 (de) Verfahren zur risikodetektion und -analyse in einem computernetzwerk
DE602004002880D1 (de) System, verfahren und computerprogrammprodukt zur zentralisierten verwaltung eines verteilten infiniband-systemnetzwerks
ATE455428T1 (de) System und verfahren zur verwaltung von benutzergruppen in einem anwesenheitssystem
ATE400938T1 (de) Verfahren und system zur verwaltung von konfigurationsänderungen in einem datenverarbeitungssystem
ATE538438T1 (de) Verfahren und system zur auflösung von adressierungskonflikten auf der basis von tunnelinformationen
DE602007006048D1 (de) System und verfahren zur analyse von web-adressen
ATE512396T1 (de) Zeitgeteiltes elektronisches katalogsystem und verfahren
ATE300145T1 (de) Vorrichtung und verfahren zur beurteilung der verletzlichkeit des netzsicherheit
ATE465576T1 (de) Verfahren und schaltungsanordnung zur überwachung und verwaltung von datenverkehr in einem kommunikationssystem mit mehreren kommunikationsknoten
D'Egidio et al. A study of the efficacy of flashing lights to increase the salience of alcohol-gel dispensers for improving hand hygiene compliance
WO2015096610A1 (zh) 一种数据处理的方法及装置
ATE478399T1 (de) Verfahren zum zählen von objekten in einer überwachten umgebung und vorrichtung dafür
ATE292302T1 (de) Vorrichtung und verfahren in einer büroapplikation zur bereitstellung von inhaltsabhängiger hilfeinformation
DE602004027492D1 (de) System und verfahren zur überwachung von netzwerkeinrichtungen auf agent-basis
ATE439714T1 (de) Verfahren und system zur überwachung von serverereignissen in einer knotenkonfiguration durch verwendung direkter kommunikation zwischen servern
Thomas et al. Vocal behavior of the elusive purple frog of India (Nasikabatrachus sahyadrensis), a fossorial species endemic to the Western Ghats
Rajaguru et al. Temporal aggregation, cointegration and causality inference
DE60134014D1 (de) Vorrichtung und verfahren zur analyse eines systems mit fehlstarten
Greig et al. Danger may enhance communication: predator calls alert females to male displays
WO2005048513A3 (en) Methods and systems for automated analysis of signaling link utilization
ATE415776T1 (de) Verfahren und vorrichtung zum abhandeln von informationen den client betreffend in einem applikationsserver
Khan et al. Pervasive approach to acoustic source perception in horizontal plane

Legal Events

Date Code Title Description
RER Ceased as to paragraph 5 lit. 3 law introducing patent treaties