DE60308722D1 - Verfahren, vorrichtung und computersoftware-produkt zur reaktion auf computereinbrüche - Google Patents
Verfahren, vorrichtung und computersoftware-produkt zur reaktion auf computereinbrücheInfo
- Publication number
- DE60308722D1 DE60308722D1 DE60308722T DE60308722T DE60308722D1 DE 60308722 D1 DE60308722 D1 DE 60308722D1 DE 60308722 T DE60308722 T DE 60308722T DE 60308722 T DE60308722 T DE 60308722T DE 60308722 D1 DE60308722 D1 DE 60308722D1
- Authority
- DE
- Germany
- Prior art keywords
- intrusion
- pattern
- computer
- interruptions
- respond
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/316—User authentication by observing the pattern of computer usage, e.g. typical user behaviour
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/556—Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2101—Auditing as a secondary aspect
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Social Psychology (AREA)
- Virology (AREA)
- Computer And Data Communications (AREA)
- Storage Device Security (AREA)
- Hardware Redundancy (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Devices For Executing Special Programs (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Debugging And Monitoring (AREA)
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US313732 | 1994-09-27 | ||
US10/313,732 US7941854B2 (en) | 2002-12-05 | 2002-12-05 | Method and system for responding to a computer intrusion |
PCT/GB2003/005219 WO2004051441A2 (en) | 2002-12-05 | 2003-11-28 | Method, system and computer software product for responding to a computer intrusion |
Publications (2)
Publication Number | Publication Date |
---|---|
DE60308722D1 true DE60308722D1 (de) | 2006-11-09 |
DE60308722T2 DE60308722T2 (de) | 2007-08-16 |
Family
ID=32468329
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
DE60308722T Expired - Lifetime DE60308722T2 (de) | 2002-12-05 | 2003-11-28 | Verfahren, vorrichtung und computersoftware-produkt zur reaktion auf computereinbrüche |
Country Status (10)
Country | Link |
---|---|
US (1) | US7941854B2 (de) |
EP (1) | EP1567926B1 (de) |
JP (1) | JP4283228B2 (de) |
KR (1) | KR100734732B1 (de) |
CN (1) | CN100518174C (de) |
AT (1) | ATE341024T1 (de) |
AU (1) | AU2003285563A1 (de) |
DE (1) | DE60308722T2 (de) |
TW (1) | TWI234707B (de) |
WO (1) | WO2004051441A2 (de) |
Families Citing this family (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7941854B2 (en) | 2002-12-05 | 2011-05-10 | International Business Machines Corporation | Method and system for responding to a computer intrusion |
US7483972B2 (en) * | 2003-01-08 | 2009-01-27 | Cisco Technology, Inc. | Network security monitoring system |
US8201249B2 (en) * | 2003-05-14 | 2012-06-12 | Northrop Grumman Systems Corporation | Steady state computer intrusion and misuse detection |
US6985920B2 (en) * | 2003-06-23 | 2006-01-10 | Protego Networks Inc. | Method and system for determining intra-session event correlation across network address translation devices |
US20070113272A2 (en) | 2003-07-01 | 2007-05-17 | Securityprofiling, Inc. | Real-time vulnerability monitoring |
US9100431B2 (en) | 2003-07-01 | 2015-08-04 | Securityprofiling, Llc | Computer program product and apparatus for multi-path remediation |
US8984644B2 (en) | 2003-07-01 | 2015-03-17 | Securityprofiling, Llc | Anti-vulnerability system, method, and computer program product |
US7644365B2 (en) | 2003-09-12 | 2010-01-05 | Cisco Technology, Inc. | Method and system for displaying network security incidents |
US20050076236A1 (en) * | 2003-10-03 | 2005-04-07 | Bryan Stephenson | Method and system for responding to network intrusions |
EP1668511B1 (de) * | 2003-10-03 | 2014-04-30 | Enterasys Networks, Inc. | Vorrichtung und verfahren zur dynamischen verteilung von intrusions-signaturen |
US8839417B1 (en) * | 2003-11-17 | 2014-09-16 | Mcafee, Inc. | Device, system and method for defending a computer network |
US20050198530A1 (en) * | 2003-12-12 | 2005-09-08 | Chess David M. | Methods and apparatus for adaptive server reprovisioning under security assault |
US7225468B2 (en) * | 2004-05-07 | 2007-05-29 | Digital Security Networks, Llc | Methods and apparatus for computer network security using intrusion detection and prevention |
US8850565B2 (en) * | 2005-01-10 | 2014-09-30 | Hewlett-Packard Development Company, L.P. | System and method for coordinating network incident response activities |
US7882262B2 (en) | 2005-08-18 | 2011-02-01 | Cisco Technology, Inc. | Method and system for inline top N query computation |
US20070195776A1 (en) * | 2006-02-23 | 2007-08-23 | Zheng Danyang R | System and method for channeling network traffic |
US8233388B2 (en) | 2006-05-30 | 2012-07-31 | Cisco Technology, Inc. | System and method for controlling and tracking network content flow |
US20080127343A1 (en) * | 2006-11-28 | 2008-05-29 | Avaya Technology Llc | Self-Operating Security Platform |
CN101286850B (zh) * | 2007-04-10 | 2010-12-15 | 深圳职业技术学院 | 路由器安全防御装置及防御系统和方法 |
US9843596B1 (en) * | 2007-11-02 | 2017-12-12 | ThetaRay Ltd. | Anomaly detection in dynamically evolving data and systems |
US8732829B2 (en) * | 2008-04-14 | 2014-05-20 | Tdi Technologies, Inc. | System and method for monitoring and securing a baseboard management controller |
KR101190559B1 (ko) | 2010-12-24 | 2012-10-16 | 한국인터넷진흥원 | 봇의 행위 모니터링 정보 및 봇넷 정보의 시각화 방법 |
CN104348795B (zh) * | 2013-07-30 | 2019-09-20 | 深圳市腾讯计算机系统有限公司 | 通用网关接口业务入侵防护的方法及装置 |
US20160164917A1 (en) | 2014-12-03 | 2016-06-09 | Phantom Cyber Corporation | Action recommendations for computing assets based on enrichment information |
US20160180078A1 (en) * | 2014-12-23 | 2016-06-23 | Jasmeet Chhabra | Technologies for enhanced user authentication using advanced sensor monitoring |
US10552615B2 (en) | 2016-02-18 | 2020-02-04 | Swimlane Llc | Threat response systems and methods |
WO2019084693A1 (en) * | 2017-11-06 | 2019-05-09 | Cyber Defence Qcd Corporation | Methods and systems for monitoring cyber-events |
KR102062718B1 (ko) * | 2019-07-29 | 2020-01-07 | 주식회사 에프원시큐리티 | 패킷 가상화를 이용한 IoT 허니넷 시스템 |
FR3104776B1 (fr) | 2019-12-17 | 2023-07-07 | Commissariat Energie Atomique | Procédé de détermination d’une réaction en réponse à une anomalie dans un réseau informatique |
AT523933B1 (de) * | 2020-11-18 | 2022-01-15 | Ait Austrian Inst Tech Gmbh | Verfahren zur Klassifizierung von anomalen Betriebszuständen eines Computernetzwerks |
Family Cites Families (38)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5542024A (en) | 1992-07-09 | 1996-07-30 | Johnson & Johnson | Graphically used expert system tool background of the invention |
JP2501771B2 (ja) | 1993-01-19 | 1996-05-29 | インターナショナル・ビジネス・マシーンズ・コーポレイション | 不所望のソフトウェア・エンティティの複数の有効なシグネチャを得る方法及び装置 |
JPH06282527A (ja) | 1993-03-29 | 1994-10-07 | Hitachi Software Eng Co Ltd | ネットワーク管理システム |
US5546507A (en) | 1993-08-20 | 1996-08-13 | Unisys Corporation | Apparatus and method for generating a knowledge base |
US5414833A (en) | 1993-10-27 | 1995-05-09 | International Business Machines Corporation | Network security system and method using a parallel finite state machine adaptive active monitor and responder |
US5557742A (en) * | 1994-03-07 | 1996-09-17 | Haystack Labs, Inc. | Method and system for detecting intrusion into and misuse of a data processing system |
US6144961A (en) | 1995-08-31 | 2000-11-07 | Compuware Corporation | Method and system for non-intrusive measurement of transaction response times on a network |
US6178509B1 (en) * | 1996-06-13 | 2001-01-23 | Intel Corporation | Tamper resistant methods and apparatus |
US5892903A (en) | 1996-09-12 | 1999-04-06 | Internet Security Systems, Inc. | Method and apparatus for detecting and identifying security vulnerabilities in an open network computer communication system |
US6119236A (en) | 1996-10-07 | 2000-09-12 | Shipley; Peter M. | Intelligent network security device and method |
US6802028B1 (en) * | 1996-11-11 | 2004-10-05 | Powerquest Corporation | Computer virus detection and removal |
US5850516A (en) | 1996-12-23 | 1998-12-15 | Schneier; Bruce | Method and apparatus for analyzing information systems using stored tree database structures |
US6618074B1 (en) * | 1997-08-01 | 2003-09-09 | Wells Fargo Alarm Systems, Inc. | Central alarm computer for video security system |
US6088804A (en) | 1998-01-12 | 2000-07-11 | Motorola, Inc. | Adaptive system and method for responding to computer network security attacks |
US6347374B1 (en) * | 1998-06-05 | 2002-02-12 | Intrusion.Com, Inc. | Event detection |
WO2000019324A1 (en) * | 1998-09-28 | 2000-04-06 | Argus Systems Group, Inc. | Trusted compartmentalized computer operating system |
US6321338B1 (en) * | 1998-11-09 | 2001-11-20 | Sri International | Network surveillance |
US6609205B1 (en) * | 1999-03-18 | 2003-08-19 | Cisco Technology, Inc. | Network intrusion detection signature analysis using decision graphs |
US6681331B1 (en) * | 1999-05-11 | 2004-01-20 | Cylant, Inc. | Dynamic software system intrusion detection |
US7020697B1 (en) * | 1999-10-01 | 2006-03-28 | Accenture Llp | Architectures for netcentric computing systems |
US6678734B1 (en) * | 1999-11-13 | 2004-01-13 | Ssh Communications Security Ltd. | Method for intercepting network packets in a computing device |
US6775657B1 (en) * | 1999-12-22 | 2004-08-10 | Cisco Technology, Inc. | Multilayered intrusion detection system and method |
US6535227B1 (en) * | 2000-02-08 | 2003-03-18 | Harris Corporation | System and method for assessing the security posture of a network and having a graphical user interface |
JP4700884B2 (ja) * | 2000-04-28 | 2011-06-15 | インターナショナル・ビジネス・マシーンズ・コーポレーション | コンピュータのセキュリティ情報を管理するための方法およびシステム |
US20030159070A1 (en) * | 2001-05-28 | 2003-08-21 | Yaron Mayer | System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages |
US7007301B2 (en) * | 2000-06-12 | 2006-02-28 | Hewlett-Packard Development Company, L.P. | Computer architecture for an intrusion detection system |
JP2002024831A (ja) | 2000-07-10 | 2002-01-25 | Casio Comput Co Ltd | 指紋認証装置及び指紋認証システム |
US7093239B1 (en) * | 2000-07-14 | 2006-08-15 | Internet Security Systems, Inc. | Computer immune system and method for detecting unwanted code in a computer system |
AU2001290861A1 (en) | 2000-09-15 | 2002-03-26 | Cymtec Systems, Inc. | Network management system |
US20020161929A1 (en) * | 2001-04-30 | 2002-10-31 | Longerbeam Donald A. | Method and apparatus for routing data through a computer network |
US6931552B2 (en) * | 2001-05-02 | 2005-08-16 | James B. Pritchard | Apparatus and method for protecting a computer system against computer viruses and unauthorized access |
JP2002342276A (ja) | 2001-05-17 | 2002-11-29 | Ntt Data Corp | ネットワーク侵入検知システムおよびその方法 |
AU2002322109A1 (en) * | 2001-06-13 | 2002-12-23 | Intruvert Networks, Inc. | Method and apparatus for distributed network security |
US6907430B2 (en) * | 2001-10-04 | 2005-06-14 | Booz-Allen Hamilton, Inc. | Method and system for assessing attacks on computer networks using Bayesian networks |
US6801940B1 (en) * | 2002-01-10 | 2004-10-05 | Networks Associates Technology, Inc. | Application performance monitoring expert |
US20030208616A1 (en) * | 2002-05-01 | 2003-11-06 | Blade Software, Inc. | System and method for testing computer network access and traffic control systems |
US6952779B1 (en) * | 2002-10-01 | 2005-10-04 | Gideon Cohen | System and method for risk detection and analysis in a computer network |
US7941854B2 (en) | 2002-12-05 | 2011-05-10 | International Business Machines Corporation | Method and system for responding to a computer intrusion |
-
2002
- 2002-12-05 US US10/313,732 patent/US7941854B2/en not_active Expired - Fee Related
-
2003
- 2003-11-28 EP EP03778561A patent/EP1567926B1/de not_active Expired - Lifetime
- 2003-11-28 AU AU2003285563A patent/AU2003285563A1/en not_active Abandoned
- 2003-11-28 KR KR1020057008221A patent/KR100734732B1/ko not_active IP Right Cessation
- 2003-11-28 JP JP2004556507A patent/JP4283228B2/ja not_active Expired - Fee Related
- 2003-11-28 DE DE60308722T patent/DE60308722T2/de not_active Expired - Lifetime
- 2003-11-28 AT AT03778561T patent/ATE341024T1/de not_active IP Right Cessation
- 2003-11-28 CN CNB2003801007455A patent/CN100518174C/zh not_active Expired - Fee Related
- 2003-11-28 WO PCT/GB2003/005219 patent/WO2004051441A2/en active IP Right Grant
- 2003-12-02 TW TW092133851A patent/TWI234707B/zh not_active IP Right Cessation
Also Published As
Publication number | Publication date |
---|---|
KR20050086445A (ko) | 2005-08-30 |
CN1695365A (zh) | 2005-11-09 |
US7941854B2 (en) | 2011-05-10 |
KR100734732B1 (ko) | 2007-07-04 |
US20040111637A1 (en) | 2004-06-10 |
AU2003285563A8 (en) | 2004-06-23 |
CN100518174C (zh) | 2009-07-22 |
EP1567926A2 (de) | 2005-08-31 |
ATE341024T1 (de) | 2006-10-15 |
WO2004051441A3 (en) | 2004-08-26 |
DE60308722T2 (de) | 2007-08-16 |
JP4283228B2 (ja) | 2009-06-24 |
TWI234707B (en) | 2005-06-21 |
WO2004051441A2 (en) | 2004-06-17 |
AU2003285563A1 (en) | 2004-06-23 |
JP2006509283A (ja) | 2006-03-16 |
TW200424845A (en) | 2004-11-16 |
EP1567926B1 (de) | 2006-09-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE60308722D1 (de) | Verfahren, vorrichtung und computersoftware-produkt zur reaktion auf computereinbrüche | |
ATE323371T1 (de) | Verfahren und system zur modellierung, analyse und anzeige von netzsicherheitsereignissen | |
WO2008070501A3 (en) | Determining advertisement effectiveness | |
Tedesco et al. | Mosquito politics: local vector control policies and the spread of West Nile Virus in the Chicago region | |
ATE513402T1 (de) | Verfahren zur risikodetektion und -analyse in einem computernetzwerk | |
WO2007022364A3 (en) | Change audit method, apparatus and system | |
DE602006011668D1 (de) | System und Verfahren zur Verwaltung von Benutzergruppen in einem Anwesenheitssystem | |
WO2008049092A3 (en) | Generic online ranking system and method suitable for syndication | |
DE60227496D1 (de) | Verfahren und system zur verwaltung von konfigurationsänderungen in einem datenverarbeitungssystem | |
ATE343277T1 (de) | System, verfahren und computerprogrammprodukt zur zentralisierten verwaltung eines verteilten infiniband-systemnetzwerks | |
ATE522832T1 (de) | Verfahren und systeme zur verarbeitung von mikroseismischen daten | |
ATE332555T1 (de) | Verfahren und system zur überwachung des orts einer vorrichtung | |
ATE476719T1 (de) | Verhaltensbasierte anpassung von computersystemen | |
ATE532289T1 (de) | System und verfahren für computersicherheit unter verwendung mehrerer käfige | |
WO2006049945A3 (en) | Method and apparatus for a mechanized attendance management system | |
ATE538438T1 (de) | Verfahren und system zur auflösung von adressierungskonflikten auf der basis von tunnelinformationen | |
ATE511265T1 (de) | Vorrichtung, system und verfahren zum dynamischen bestimmen einer menge von speicherbereichnetzwerkkomponenten zur überwachung der leistungsfähigkeit | |
DE602004027492D1 (de) | System und verfahren zur überwachung von netzwerkeinrichtungen auf agent-basis | |
DE60024304D1 (de) | Verbesserte schnittstelle zur behandlung von testbestimmungen | |
D'Egidio et al. | A study of the efficacy of flashing lights to increase the salience of alcohol-gel dispensers for improving hand hygiene compliance | |
DE602004028747D1 (de) | Verfahren zum zählen von objekten in einer überwachten umgebung und vorrichtung dafür | |
Nguyen et al. | Smoke-free environment policy in Vietnam: what did people see and how did they react when they visited various public places? | |
WO2005048513A3 (en) | Methods and systems for automated analysis of signaling link utilization | |
DE502005007323D1 (de) | Verfahren zur Übermittlung von Informationen von einem Informationsserver an einen Client | |
DE60330554D1 (de) | Verfahren und system zum analysieren und adressieren von alarmen aus netzwerkeindringdetektionssystemen |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
8364 | No opposition during term of opposition | ||
8320 | Willingness to grant licences declared (paragraph 23) |