DE60308722D1 - Verfahren, vorrichtung und computersoftware-produkt zur reaktion auf computereinbrüche - Google Patents

Verfahren, vorrichtung und computersoftware-produkt zur reaktion auf computereinbrüche

Info

Publication number
DE60308722D1
DE60308722D1 DE60308722T DE60308722T DE60308722D1 DE 60308722 D1 DE60308722 D1 DE 60308722D1 DE 60308722 T DE60308722 T DE 60308722T DE 60308722 T DE60308722 T DE 60308722T DE 60308722 D1 DE60308722 D1 DE 60308722D1
Authority
DE
Germany
Prior art keywords
intrusion
pattern
computer
interruptions
respond
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
DE60308722T
Other languages
English (en)
Other versions
DE60308722T2 (de
Inventor
Thomas Baffes
Michael Gilfix
Michael Garrison
Allan Hsu
Tyron Jerrod Stading
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Application granted granted Critical
Publication of DE60308722D1 publication Critical patent/DE60308722D1/de
Publication of DE60308722T2 publication Critical patent/DE60308722T2/de
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/316User authentication by observing the pattern of computer usage, e.g. typical user behaviour
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/556Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Social Psychology (AREA)
  • Virology (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)
  • Hardware Redundancy (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Devices For Executing Special Programs (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Debugging And Monitoring (AREA)
DE60308722T 2002-12-05 2003-11-28 Verfahren, vorrichtung und computersoftware-produkt zur reaktion auf computereinbrüche Expired - Lifetime DE60308722T2 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US313732 1994-09-27
US10/313,732 US7941854B2 (en) 2002-12-05 2002-12-05 Method and system for responding to a computer intrusion
PCT/GB2003/005219 WO2004051441A2 (en) 2002-12-05 2003-11-28 Method, system and computer software product for responding to a computer intrusion

Publications (2)

Publication Number Publication Date
DE60308722D1 true DE60308722D1 (de) 2006-11-09
DE60308722T2 DE60308722T2 (de) 2007-08-16

Family

ID=32468329

Family Applications (1)

Application Number Title Priority Date Filing Date
DE60308722T Expired - Lifetime DE60308722T2 (de) 2002-12-05 2003-11-28 Verfahren, vorrichtung und computersoftware-produkt zur reaktion auf computereinbrüche

Country Status (10)

Country Link
US (1) US7941854B2 (de)
EP (1) EP1567926B1 (de)
JP (1) JP4283228B2 (de)
KR (1) KR100734732B1 (de)
CN (1) CN100518174C (de)
AT (1) ATE341024T1 (de)
AU (1) AU2003285563A1 (de)
DE (1) DE60308722T2 (de)
TW (1) TWI234707B (de)
WO (1) WO2004051441A2 (de)

Families Citing this family (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7941854B2 (en) 2002-12-05 2011-05-10 International Business Machines Corporation Method and system for responding to a computer intrusion
US7483972B2 (en) * 2003-01-08 2009-01-27 Cisco Technology, Inc. Network security monitoring system
US8201249B2 (en) * 2003-05-14 2012-06-12 Northrop Grumman Systems Corporation Steady state computer intrusion and misuse detection
US6985920B2 (en) * 2003-06-23 2006-01-10 Protego Networks Inc. Method and system for determining intra-session event correlation across network address translation devices
US20070113272A2 (en) 2003-07-01 2007-05-17 Securityprofiling, Inc. Real-time vulnerability monitoring
US9100431B2 (en) 2003-07-01 2015-08-04 Securityprofiling, Llc Computer program product and apparatus for multi-path remediation
US8984644B2 (en) 2003-07-01 2015-03-17 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US7644365B2 (en) 2003-09-12 2010-01-05 Cisco Technology, Inc. Method and system for displaying network security incidents
US20050076236A1 (en) * 2003-10-03 2005-04-07 Bryan Stephenson Method and system for responding to network intrusions
EP1668511B1 (de) * 2003-10-03 2014-04-30 Enterasys Networks, Inc. Vorrichtung und verfahren zur dynamischen verteilung von intrusions-signaturen
US8839417B1 (en) * 2003-11-17 2014-09-16 Mcafee, Inc. Device, system and method for defending a computer network
US20050198530A1 (en) * 2003-12-12 2005-09-08 Chess David M. Methods and apparatus for adaptive server reprovisioning under security assault
US7225468B2 (en) * 2004-05-07 2007-05-29 Digital Security Networks, Llc Methods and apparatus for computer network security using intrusion detection and prevention
US8850565B2 (en) * 2005-01-10 2014-09-30 Hewlett-Packard Development Company, L.P. System and method for coordinating network incident response activities
US7882262B2 (en) 2005-08-18 2011-02-01 Cisco Technology, Inc. Method and system for inline top N query computation
US20070195776A1 (en) * 2006-02-23 2007-08-23 Zheng Danyang R System and method for channeling network traffic
US8233388B2 (en) 2006-05-30 2012-07-31 Cisco Technology, Inc. System and method for controlling and tracking network content flow
US20080127343A1 (en) * 2006-11-28 2008-05-29 Avaya Technology Llc Self-Operating Security Platform
CN101286850B (zh) * 2007-04-10 2010-12-15 深圳职业技术学院 路由器安全防御装置及防御系统和方法
US9843596B1 (en) * 2007-11-02 2017-12-12 ThetaRay Ltd. Anomaly detection in dynamically evolving data and systems
US8732829B2 (en) * 2008-04-14 2014-05-20 Tdi Technologies, Inc. System and method for monitoring and securing a baseboard management controller
KR101190559B1 (ko) 2010-12-24 2012-10-16 한국인터넷진흥원 봇의 행위 모니터링 정보 및 봇넷 정보의 시각화 방법
CN104348795B (zh) * 2013-07-30 2019-09-20 深圳市腾讯计算机系统有限公司 通用网关接口业务入侵防护的方法及装置
US20160164917A1 (en) 2014-12-03 2016-06-09 Phantom Cyber Corporation Action recommendations for computing assets based on enrichment information
US20160180078A1 (en) * 2014-12-23 2016-06-23 Jasmeet Chhabra Technologies for enhanced user authentication using advanced sensor monitoring
US10552615B2 (en) 2016-02-18 2020-02-04 Swimlane Llc Threat response systems and methods
WO2019084693A1 (en) * 2017-11-06 2019-05-09 Cyber Defence Qcd Corporation Methods and systems for monitoring cyber-events
KR102062718B1 (ko) * 2019-07-29 2020-01-07 주식회사 에프원시큐리티 패킷 가상화를 이용한 IoT 허니넷 시스템
FR3104776B1 (fr) 2019-12-17 2023-07-07 Commissariat Energie Atomique Procédé de détermination d’une réaction en réponse à une anomalie dans un réseau informatique
AT523933B1 (de) * 2020-11-18 2022-01-15 Ait Austrian Inst Tech Gmbh Verfahren zur Klassifizierung von anomalen Betriebszuständen eines Computernetzwerks

Family Cites Families (38)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5542024A (en) 1992-07-09 1996-07-30 Johnson & Johnson Graphically used expert system tool background of the invention
JP2501771B2 (ja) 1993-01-19 1996-05-29 インターナショナル・ビジネス・マシーンズ・コーポレイション 不所望のソフトウェア・エンティティの複数の有効なシグネチャを得る方法及び装置
JPH06282527A (ja) 1993-03-29 1994-10-07 Hitachi Software Eng Co Ltd ネットワーク管理システム
US5546507A (en) 1993-08-20 1996-08-13 Unisys Corporation Apparatus and method for generating a knowledge base
US5414833A (en) 1993-10-27 1995-05-09 International Business Machines Corporation Network security system and method using a parallel finite state machine adaptive active monitor and responder
US5557742A (en) * 1994-03-07 1996-09-17 Haystack Labs, Inc. Method and system for detecting intrusion into and misuse of a data processing system
US6144961A (en) 1995-08-31 2000-11-07 Compuware Corporation Method and system for non-intrusive measurement of transaction response times on a network
US6178509B1 (en) * 1996-06-13 2001-01-23 Intel Corporation Tamper resistant methods and apparatus
US5892903A (en) 1996-09-12 1999-04-06 Internet Security Systems, Inc. Method and apparatus for detecting and identifying security vulnerabilities in an open network computer communication system
US6119236A (en) 1996-10-07 2000-09-12 Shipley; Peter M. Intelligent network security device and method
US6802028B1 (en) * 1996-11-11 2004-10-05 Powerquest Corporation Computer virus detection and removal
US5850516A (en) 1996-12-23 1998-12-15 Schneier; Bruce Method and apparatus for analyzing information systems using stored tree database structures
US6618074B1 (en) * 1997-08-01 2003-09-09 Wells Fargo Alarm Systems, Inc. Central alarm computer for video security system
US6088804A (en) 1998-01-12 2000-07-11 Motorola, Inc. Adaptive system and method for responding to computer network security attacks
US6347374B1 (en) * 1998-06-05 2002-02-12 Intrusion.Com, Inc. Event detection
WO2000019324A1 (en) * 1998-09-28 2000-04-06 Argus Systems Group, Inc. Trusted compartmentalized computer operating system
US6321338B1 (en) * 1998-11-09 2001-11-20 Sri International Network surveillance
US6609205B1 (en) * 1999-03-18 2003-08-19 Cisco Technology, Inc. Network intrusion detection signature analysis using decision graphs
US6681331B1 (en) * 1999-05-11 2004-01-20 Cylant, Inc. Dynamic software system intrusion detection
US7020697B1 (en) * 1999-10-01 2006-03-28 Accenture Llp Architectures for netcentric computing systems
US6678734B1 (en) * 1999-11-13 2004-01-13 Ssh Communications Security Ltd. Method for intercepting network packets in a computing device
US6775657B1 (en) * 1999-12-22 2004-08-10 Cisco Technology, Inc. Multilayered intrusion detection system and method
US6535227B1 (en) * 2000-02-08 2003-03-18 Harris Corporation System and method for assessing the security posture of a network and having a graphical user interface
JP4700884B2 (ja) * 2000-04-28 2011-06-15 インターナショナル・ビジネス・マシーンズ・コーポレーション コンピュータのセキュリティ情報を管理するための方法およびシステム
US20030159070A1 (en) * 2001-05-28 2003-08-21 Yaron Mayer System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages
US7007301B2 (en) * 2000-06-12 2006-02-28 Hewlett-Packard Development Company, L.P. Computer architecture for an intrusion detection system
JP2002024831A (ja) 2000-07-10 2002-01-25 Casio Comput Co Ltd 指紋認証装置及び指紋認証システム
US7093239B1 (en) * 2000-07-14 2006-08-15 Internet Security Systems, Inc. Computer immune system and method for detecting unwanted code in a computer system
AU2001290861A1 (en) 2000-09-15 2002-03-26 Cymtec Systems, Inc. Network management system
US20020161929A1 (en) * 2001-04-30 2002-10-31 Longerbeam Donald A. Method and apparatus for routing data through a computer network
US6931552B2 (en) * 2001-05-02 2005-08-16 James B. Pritchard Apparatus and method for protecting a computer system against computer viruses and unauthorized access
JP2002342276A (ja) 2001-05-17 2002-11-29 Ntt Data Corp ネットワーク侵入検知システムおよびその方法
AU2002322109A1 (en) * 2001-06-13 2002-12-23 Intruvert Networks, Inc. Method and apparatus for distributed network security
US6907430B2 (en) * 2001-10-04 2005-06-14 Booz-Allen Hamilton, Inc. Method and system for assessing attacks on computer networks using Bayesian networks
US6801940B1 (en) * 2002-01-10 2004-10-05 Networks Associates Technology, Inc. Application performance monitoring expert
US20030208616A1 (en) * 2002-05-01 2003-11-06 Blade Software, Inc. System and method for testing computer network access and traffic control systems
US6952779B1 (en) * 2002-10-01 2005-10-04 Gideon Cohen System and method for risk detection and analysis in a computer network
US7941854B2 (en) 2002-12-05 2011-05-10 International Business Machines Corporation Method and system for responding to a computer intrusion

Also Published As

Publication number Publication date
KR20050086445A (ko) 2005-08-30
CN1695365A (zh) 2005-11-09
US7941854B2 (en) 2011-05-10
KR100734732B1 (ko) 2007-07-04
US20040111637A1 (en) 2004-06-10
AU2003285563A8 (en) 2004-06-23
CN100518174C (zh) 2009-07-22
EP1567926A2 (de) 2005-08-31
ATE341024T1 (de) 2006-10-15
WO2004051441A3 (en) 2004-08-26
DE60308722T2 (de) 2007-08-16
JP4283228B2 (ja) 2009-06-24
TWI234707B (en) 2005-06-21
WO2004051441A2 (en) 2004-06-17
AU2003285563A1 (en) 2004-06-23
JP2006509283A (ja) 2006-03-16
TW200424845A (en) 2004-11-16
EP1567926B1 (de) 2006-09-27

Similar Documents

Publication Publication Date Title
DE60308722D1 (de) Verfahren, vorrichtung und computersoftware-produkt zur reaktion auf computereinbrüche
ATE323371T1 (de) Verfahren und system zur modellierung, analyse und anzeige von netzsicherheitsereignissen
WO2008070501A3 (en) Determining advertisement effectiveness
Tedesco et al. Mosquito politics: local vector control policies and the spread of West Nile Virus in the Chicago region
ATE513402T1 (de) Verfahren zur risikodetektion und -analyse in einem computernetzwerk
WO2007022364A3 (en) Change audit method, apparatus and system
DE602006011668D1 (de) System und Verfahren zur Verwaltung von Benutzergruppen in einem Anwesenheitssystem
WO2008049092A3 (en) Generic online ranking system and method suitable for syndication
DE60227496D1 (de) Verfahren und system zur verwaltung von konfigurationsänderungen in einem datenverarbeitungssystem
ATE343277T1 (de) System, verfahren und computerprogrammprodukt zur zentralisierten verwaltung eines verteilten infiniband-systemnetzwerks
ATE522832T1 (de) Verfahren und systeme zur verarbeitung von mikroseismischen daten
ATE332555T1 (de) Verfahren und system zur überwachung des orts einer vorrichtung
ATE476719T1 (de) Verhaltensbasierte anpassung von computersystemen
ATE532289T1 (de) System und verfahren für computersicherheit unter verwendung mehrerer käfige
WO2006049945A3 (en) Method and apparatus for a mechanized attendance management system
ATE538438T1 (de) Verfahren und system zur auflösung von adressierungskonflikten auf der basis von tunnelinformationen
ATE511265T1 (de) Vorrichtung, system und verfahren zum dynamischen bestimmen einer menge von speicherbereichnetzwerkkomponenten zur überwachung der leistungsfähigkeit
DE602004027492D1 (de) System und verfahren zur überwachung von netzwerkeinrichtungen auf agent-basis
DE60024304D1 (de) Verbesserte schnittstelle zur behandlung von testbestimmungen
D'Egidio et al. A study of the efficacy of flashing lights to increase the salience of alcohol-gel dispensers for improving hand hygiene compliance
DE602004028747D1 (de) Verfahren zum zählen von objekten in einer überwachten umgebung und vorrichtung dafür
Nguyen et al. Smoke-free environment policy in Vietnam: what did people see and how did they react when they visited various public places?
WO2005048513A3 (en) Methods and systems for automated analysis of signaling link utilization
DE502005007323D1 (de) Verfahren zur Übermittlung von Informationen von einem Informationsserver an einen Client
DE60330554D1 (de) Verfahren und system zum analysieren und adressieren von alarmen aus netzwerkeindringdetektionssystemen

Legal Events

Date Code Title Description
8364 No opposition during term of opposition
8320 Willingness to grant licences declared (paragraph 23)