DE60316543D1 - Adaptive verhaltensbezogene eindringdetektion - Google Patents

Adaptive verhaltensbezogene eindringdetektion

Info

Publication number
DE60316543D1
DE60316543D1 DE60316543T DE60316543T DE60316543D1 DE 60316543 D1 DE60316543 D1 DE 60316543D1 DE 60316543 T DE60316543 T DE 60316543T DE 60316543 T DE60316543 T DE 60316543T DE 60316543 D1 DE60316543 D1 DE 60316543D1
Authority
DE
Germany
Prior art keywords
intrusion detection
traffic
network
systems
impact detection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
DE60316543T
Other languages
English (en)
Other versions
DE60316543T2 (de
Inventor
Michael Stute
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Global Dataguard Inc
Original Assignee
Global Dataguard Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Global Dataguard Inc filed Critical Global Dataguard Inc
Publication of DE60316543D1 publication Critical patent/DE60316543D1/de
Application granted granted Critical
Publication of DE60316543T2 publication Critical patent/DE60316543T2/de
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • CCHEMISTRY; METALLURGY
    • C12BIOCHEMISTRY; BEER; SPIRITS; WINE; VINEGAR; MICROBIOLOGY; ENZYMOLOGY; MUTATION OR GENETIC ENGINEERING
    • C12QMEASURING OR TESTING PROCESSES INVOLVING ENZYMES, NUCLEIC ACIDS OR MICROORGANISMS; COMPOSITIONS OR TEST PAPERS THEREFOR; PROCESSES OF PREPARING SUCH COMPOSITIONS; CONDITION-RESPONSIVE CONTROL IN MICROBIOLOGICAL OR ENZYMOLOGICAL PROCESSES
    • C12Q1/00Measuring or testing processes involving enzymes, nucleic acids or microorganisms; Compositions therefor; Processes of preparing such compositions
    • C12Q1/68Measuring or testing processes involving enzymes, nucleic acids or microorganisms; Compositions therefor; Processes of preparing such compositions involving nucleic acids
    • C12Q1/6804Nucleic acid analysis using immunogens
    • CCHEMISTRY; METALLURGY
    • C12BIOCHEMISTRY; BEER; SPIRITS; WINE; VINEGAR; MICROBIOLOGY; ENZYMOLOGY; MUTATION OR GENETIC ENGINEERING
    • C12QMEASURING OR TESTING PROCESSES INVOLVING ENZYMES, NUCLEIC ACIDS OR MICROORGANISMS; COMPOSITIONS OR TEST PAPERS THEREFOR; PROCESSES OF PREPARING SUCH COMPOSITIONS; CONDITION-RESPONSIVE CONTROL IN MICROBIOLOGICAL OR ENZYMOLOGICAL PROCESSES
    • C12Q1/00Measuring or testing processes involving enzymes, nucleic acids or microorganisms; Compositions therefor; Processes of preparing such compositions
    • C12Q1/68Measuring or testing processes involving enzymes, nucleic acids or microorganisms; Compositions therefor; Processes of preparing such compositions involving nucleic acids
    • C12Q1/6844Nucleic acid amplification reactions
    • C12Q1/6865Promoter-based amplification, e.g. nucleic acid sequence amplification [NASBA], self-sustained sequence replication [3SR] or transcription-based amplification system [TAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
DE60316543T 2002-03-29 2003-03-28 Adaptive verhaltensbezogene eindringdetektion Expired - Lifetime DE60316543T2 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US36862902P 2002-03-29 2002-03-29
US368629P 2002-03-29
PCT/US2003/009543 WO2003083660A1 (en) 2002-03-29 2003-03-28 Adaptive behavioral intrusion detection systems and methods

Publications (2)

Publication Number Publication Date
DE60316543D1 true DE60316543D1 (de) 2007-11-08
DE60316543T2 DE60316543T2 (de) 2008-07-03

Family

ID=28675518

Family Applications (1)

Application Number Title Priority Date Filing Date
DE60316543T Expired - Lifetime DE60316543T2 (de) 2002-03-29 2003-03-28 Adaptive verhaltensbezogene eindringdetektion

Country Status (6)

Country Link
US (2) US8205259B2 (de)
EP (1) EP1490768B1 (de)
AT (1) ATE374493T1 (de)
AU (1) AU2003223379A1 (de)
DE (1) DE60316543T2 (de)
WO (1) WO2003083660A1 (de)

Families Citing this family (232)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS5991549A (ja) * 1982-11-17 1984-05-26 Nec Corp 命令バツフアへの命令語格納方式
US6681331B1 (en) * 1999-05-11 2004-01-20 Cylant, Inc. Dynamic software system intrusion detection
US7089591B1 (en) 1999-07-30 2006-08-08 Symantec Corporation Generic detection and elimination of marco viruses
US8037530B1 (en) * 2000-08-28 2011-10-11 Verizon Corporate Services Group Inc. Method and apparatus for providing adaptive self-synchronized dynamic address translation as an intrusion detection sensor
WO2002093334A2 (en) * 2001-04-06 2002-11-21 Symantec Corporation Temporal access control for computer virus outbreaks
US8209756B1 (en) 2002-02-08 2012-06-26 Juniper Networks, Inc. Compound attack detection in a computer network
US7155742B1 (en) 2002-05-16 2006-12-26 Symantec Corporation Countering infections to communications modules
US7418729B2 (en) 2002-07-19 2008-08-26 Symantec Corporation Heuristic detection of malicious computer code by page tracking
US7380277B2 (en) 2002-07-22 2008-05-27 Symantec Corporation Preventing e-mail propagation of malicious computer code
US7478431B1 (en) 2002-08-02 2009-01-13 Symantec Corporation Heuristic detection of computer viruses
US7159149B2 (en) * 2002-10-24 2007-01-02 Symantec Corporation Heuristic detection and termination of fast spreading network worm attacks
US7631353B2 (en) * 2002-12-17 2009-12-08 Symantec Corporation Blocking replication of e-mail worms
US7296293B2 (en) 2002-12-31 2007-11-13 Symantec Corporation Using a benevolent worm to assess and correct computer security vulnerabilities
US7483972B2 (en) * 2003-01-08 2009-01-27 Cisco Technology, Inc. Network security monitoring system
US7991751B2 (en) * 2003-04-02 2011-08-02 Portauthority Technologies Inc. Method and a system for information identification
US7293238B1 (en) * 2003-04-04 2007-11-06 Raytheon Company Graphical user interface for an enterprise intrusion detection system
US7895649B1 (en) 2003-04-04 2011-02-22 Raytheon Company Dynamic rule generation for an enterprise intrusion detection system
US8201249B2 (en) * 2003-05-14 2012-06-12 Northrop Grumman Systems Corporation Steady state computer intrusion and misuse detection
US7308716B2 (en) * 2003-05-20 2007-12-11 International Business Machines Corporation Applying blocking measures progressively to malicious network traffic
US6985920B2 (en) * 2003-06-23 2006-01-10 Protego Networks Inc. Method and system for determining intra-session event correlation across network address translation devices
US8271774B1 (en) 2003-08-11 2012-09-18 Symantec Corporation Circumstantial blocking of incoming network traffic containing code
US7644365B2 (en) * 2003-09-12 2010-01-05 Cisco Technology, Inc. Method and system for displaying network security incidents
US8347375B2 (en) * 2003-10-03 2013-01-01 Enterasys Networks, Inc. System and method for dynamic distribution of intrusion signatures
US20050086529A1 (en) * 2003-10-21 2005-04-21 Yair Buchsbaum Detection of misuse or abuse of data by authorized access to database
WO2005050369A2 (en) * 2003-11-12 2005-06-02 The Trustees Of Columbia University In The City Ofnew York Apparatus method and medium for detecting payload anomaly using n-gram distribution of normal data
US8590032B2 (en) * 2003-12-10 2013-11-19 Aventail Llc Rule-based routing to resources through a network
US8661158B2 (en) 2003-12-10 2014-02-25 Aventail Llc Smart tunneling to resources in a network
EP1544707A1 (de) * 2003-12-15 2005-06-22 Abb Research Ltd. Netzwerksicherheitssystem
US7337327B1 (en) 2004-03-30 2008-02-26 Symantec Corporation Using mobility tokens to observe malicious mobile code
US7966658B2 (en) * 2004-04-08 2011-06-21 The Regents Of The University Of California Detecting public network attacks using signatures and fast content analysis
EP1749255A1 (de) * 2004-04-22 2007-02-07 Computer Associates Think, Inc. Ordnen von intrusionserkennungsaufzeichnungen
US7779463B2 (en) 2004-05-11 2010-08-17 The Trustees Of Columbia University In The City Of New York Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems
US7370233B1 (en) 2004-05-21 2008-05-06 Symantec Corporation Verification of desired end-state using a virtual machine environment
US20060015715A1 (en) * 2004-07-16 2006-01-19 Eric Anderson Automatically protecting network service from network attack
US20060026273A1 (en) * 2004-08-02 2006-02-02 Forescout Inc. System and method for detection of reconnaissance activity in networks
US7523504B2 (en) 2004-08-02 2009-04-21 Netiq Corporation Methods, systems and computer program products for evaluating security of a network environment
US7441042B1 (en) 2004-08-25 2008-10-21 Symanetc Corporation System and method for correlating network traffic and corresponding file input/output traffic
US8176126B2 (en) 2004-08-26 2012-05-08 International Business Machines Corporation System, method and program to limit rate of transferring messages from suspected spammers
US7690034B1 (en) 2004-09-10 2010-03-30 Symantec Corporation Using behavior blocking mobility tokens to facilitate distributed worm detection
US7948889B2 (en) * 2004-09-29 2011-05-24 Ebay Inc. Method and system for analyzing network traffic
US20060236395A1 (en) * 2004-09-30 2006-10-19 David Barker System and method for conducting surveillance on a distributed network
WO2006044820A2 (en) 2004-10-14 2006-04-27 Aventail Corporation Rule-based routing to resources through a network
US7313878B2 (en) * 2004-11-05 2008-01-01 Tim Clegg Rotary pop-up envelope
US7784097B1 (en) * 2004-11-24 2010-08-24 The Trustees Of Columbia University In The City Of New York Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems
US20060129810A1 (en) * 2004-12-14 2006-06-15 Electronics And Telecommunications Research Institute Method and apparatus for evaluating security of subscriber network
US7626940B2 (en) * 2004-12-22 2009-12-01 Intruguard Devices, Inc. System and method for integrated header, state, rate and content anomaly prevention for domain name service
US7602731B2 (en) * 2004-12-22 2009-10-13 Intruguard Devices, Inc. System and method for integrated header, state, rate and content anomaly prevention with policy enforcement
US7769851B1 (en) 2005-01-27 2010-08-03 Juniper Networks, Inc. Application-layer monitoring and profiling network traffic
US7809826B1 (en) 2005-01-27 2010-10-05 Juniper Networks, Inc. Remote aggregation of network traffic profiling data
US7937755B1 (en) 2005-01-27 2011-05-03 Juniper Networks, Inc. Identification of network policy violations
US7810151B1 (en) 2005-01-27 2010-10-05 Juniper Networks, Inc. Automated change detection within a network environment
US7797411B1 (en) * 2005-02-02 2010-09-14 Juniper Networks, Inc. Detection and prevention of encapsulated network attacks using an intermediate device
US20060259950A1 (en) * 2005-02-18 2006-11-16 Ulf Mattsson Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior
KR20070117585A (ko) * 2005-02-24 2007-12-12 엘지전자 주식회사 네트워크 시스템의 네트워크 프로파일 구성 방법
US8104086B1 (en) 2005-03-03 2012-01-24 Symantec Corporation Heuristically detecting spyware/adware registry activity
KR100628328B1 (ko) * 2005-03-10 2006-09-27 한국전자통신연구원 적응적 침해 방지 장치 및 방법
US8339974B1 (en) * 2005-06-22 2012-12-25 Sprint Communications Company L.P. Method and system for detecting and mitigating RTP-based denial of service attacks
US7295950B2 (en) * 2005-06-23 2007-11-13 International Business Machines Corporation Monitoring multiple channels of data from real time process to detect recent abnormal behavior
US20060294588A1 (en) * 2005-06-24 2006-12-28 International Business Machines Corporation System, method and program for identifying and preventing malicious intrusions
US8572733B1 (en) 2005-07-06 2013-10-29 Raytheon Company System and method for active data collection in a network security system
FR2888440A1 (fr) * 2005-07-08 2007-01-12 France Telecom Procede et systeme de detection d'intrusions
US7937344B2 (en) 2005-07-25 2011-05-03 Splunk Inc. Machine data web
US7882262B2 (en) 2005-08-18 2011-02-01 Cisco Technology, Inc. Method and system for inline top N query computation
US8224761B1 (en) 2005-09-01 2012-07-17 Raytheon Company System and method for interactive correlation rule design in a network security system
US7950058B1 (en) 2005-09-01 2011-05-24 Raytheon Company System and method for collaborative information security correlation in low bandwidth environments
US9055093B2 (en) * 2005-10-21 2015-06-09 Kevin R. Borders Method, system and computer program product for detecting at least one of security threats and undesirable computer files
US8079080B2 (en) * 2005-10-21 2011-12-13 Mathew R. Syrowik Method, system and computer program product for detecting security threats in a computer network
WO2007050244A2 (en) 2005-10-27 2007-05-03 Georgia Tech Research Corporation Method and system for detecting and responding to attacking networks
US20070168696A1 (en) * 2005-11-15 2007-07-19 Aternity Information Systems, Ltd. System for inventing computer systems and alerting users of faults
US8352589B2 (en) * 2005-11-15 2013-01-08 Aternity Information Systems Ltd. System for monitoring computer systems and alerting users of faults
US7930752B2 (en) 2005-11-18 2011-04-19 Nexthink S.A. Method for the detection and visualization of anomalous behaviors in a computer network
US7793138B2 (en) * 2005-12-21 2010-09-07 Cisco Technology, Inc. Anomaly detection for storage traffic in a data center
US8862551B2 (en) 2005-12-29 2014-10-14 Nextlabs, Inc. Detecting behavioral patterns and anomalies using activity data
US9407662B2 (en) 2005-12-29 2016-08-02 Nextlabs, Inc. Analyzing activity data of an information management system
US7712134B1 (en) * 2006-01-06 2010-05-04 Narus, Inc. Method and apparatus for worm detection and containment in the internet core
US7849185B1 (en) 2006-01-10 2010-12-07 Raytheon Company System and method for attacker attribution in a network security system
US20070195776A1 (en) * 2006-02-23 2007-08-23 Zheng Danyang R System and method for channeling network traffic
US8407176B2 (en) 2006-05-05 2013-03-26 British Telecommunications Plc Data processing method for controlling a network
US8233388B2 (en) 2006-05-30 2012-07-31 Cisco Technology, Inc. System and method for controlling and tracking network content flow
US7543055B2 (en) * 2006-06-20 2009-06-02 Earthlink Service provider based network threat prevention
US8239915B1 (en) 2006-06-30 2012-08-07 Symantec Corporation Endpoint management using trust rating data
WO2008043082A2 (en) 2006-10-05 2008-04-10 Splunk Inc. Time series search engine
US8811156B1 (en) 2006-11-14 2014-08-19 Raytheon Company Compressing n-dimensional data
US20100071063A1 (en) * 2006-11-29 2010-03-18 Wisconsin Alumni Research Foundation System for automatic detection of spyware
CA2714549A1 (en) * 2007-02-09 2008-08-14 Smobile Systems, Inc. Off-line mms malware scanning system and method
WO2008121945A2 (en) * 2007-03-30 2008-10-09 Netqos, Inc. Statistical method and system for network anomaly detection
US8996681B2 (en) * 2007-04-23 2015-03-31 The Mitre Corporation Passively attributing anonymous network events to their associated users
US8707431B2 (en) * 2007-04-24 2014-04-22 The Mitre Corporation Insider threat detection
FR2917556A1 (fr) * 2007-06-15 2008-12-19 France Telecom Detection d'anomalie dans le trafic d'entites de service a travers un reseau de paquets
US8639797B1 (en) * 2007-08-03 2014-01-28 Xangati, Inc. Network monitoring of behavior probability density
US9009828B1 (en) 2007-09-28 2015-04-14 Dell SecureWorks, Inc. System and method for identification and blocking of unwanted network traffic
US20090094669A1 (en) * 2007-10-05 2009-04-09 Subex Azure Limited Detecting fraud in a communications network
US8959624B2 (en) * 2007-10-31 2015-02-17 Bank Of America Corporation Executable download tracking system
US8613096B2 (en) * 2007-11-30 2013-12-17 Microsoft Corporation Automatic data patch generation for unknown vulnerabilities
US9842204B2 (en) 2008-04-01 2017-12-12 Nudata Security Inc. Systems and methods for assessing security risk
WO2009122302A2 (en) 2008-04-01 2009-10-08 Leap Marketing Technologies Inc. Systems and methods for implementing and tracking identification tests
US8339959B1 (en) 2008-05-20 2012-12-25 Juniper Networks, Inc. Streamlined packet forwarding using dynamic filters for routing and security in a shared forwarding plane
US8856926B2 (en) * 2008-06-27 2014-10-07 Juniper Networks, Inc. Dynamic policy provisioning within network security devices
US10027688B2 (en) 2008-08-11 2018-07-17 Damballa, Inc. Method and system for detecting malicious and/or botnet-related domain names
US8955107B2 (en) * 2008-09-12 2015-02-10 Juniper Networks, Inc. Hierarchical application of security services within a computer network
US8040808B1 (en) 2008-10-20 2011-10-18 Juniper Networks, Inc. Service aware path selection with a network acceleration device
US7965636B2 (en) * 2008-12-05 2011-06-21 Hewlett-Packard Development Company, L.P. Loadbalancing network traffic across multiple remote inspection devices
NL2002694C2 (en) * 2009-04-01 2010-10-04 Univ Twente Method and system for alert classification in a computer network.
CN101854340B (zh) 2009-04-03 2015-04-01 瞻博网络公司 基于访问控制信息进行的基于行为的通信剖析
KR101039717B1 (ko) * 2009-07-07 2011-06-09 한국전자통신연구원 사이버위협을 예측하기 위한 사이버위협 예측 엔진 시스템 및 상기 시스템을 이용한 사이버위협 예측 방법
US8654655B2 (en) * 2009-12-17 2014-02-18 Thomson Licensing Detecting and classifying anomalies in communication networks
US8578497B2 (en) 2010-01-06 2013-11-05 Damballa, Inc. Method and system for detecting malware
US8826438B2 (en) * 2010-01-19 2014-09-02 Damballa, Inc. Method and system for network-based detecting of malware from behavioral clustering
US8800036B2 (en) * 2010-01-22 2014-08-05 The School Of Electrical Engineering And Computer Science (Seecs), National University Of Sciences And Technology (Nust) Method and system for adaptive anomaly-based intrusion detection
US8782209B2 (en) * 2010-01-26 2014-07-15 Bank Of America Corporation Insider threat correlation tool
US8793789B2 (en) 2010-07-22 2014-07-29 Bank Of America Corporation Insider threat correlation tool
US9038187B2 (en) * 2010-01-26 2015-05-19 Bank Of America Corporation Insider threat correlation tool
US8800034B2 (en) 2010-01-26 2014-08-05 Bank Of America Corporation Insider threat correlation tool
US8321551B2 (en) * 2010-02-02 2012-11-27 Symantec Corporation Using aggregated DNS information originating from multiple sources to detect anomalous DNS name resolutions
US8868728B2 (en) * 2010-03-11 2014-10-21 Accenture Global Services Limited Systems and methods for detecting and investigating insider fraud
US8544100B2 (en) 2010-04-16 2013-09-24 Bank Of America Corporation Detecting secure or encrypted tunneling in a computer network
US8782794B2 (en) 2010-04-16 2014-07-15 Bank Of America Corporation Detecting secure or encrypted tunneling in a computer network
US9032521B2 (en) * 2010-10-13 2015-05-12 International Business Machines Corporation Adaptive cyber-security analytics
US8683591B2 (en) 2010-11-18 2014-03-25 Nant Holdings Ip, Llc Vector-based anomaly detection
IL210900A (en) * 2011-01-27 2015-08-31 Verint Systems Ltd System and method for efficient classification and processing of network traffic
US9118702B2 (en) * 2011-05-31 2015-08-25 Bce Inc. System and method for generating and refining cyber threat intelligence data
US10356106B2 (en) 2011-07-26 2019-07-16 Palo Alto Networks (Israel Analytics) Ltd. Detecting anomaly action within a computer network
NL2007180C2 (en) 2011-07-26 2013-01-29 Security Matters B V Method and system for classifying a protocol message in a data communication network.
US9411970B2 (en) * 2011-08-19 2016-08-09 Microsoft Technology Licensing, Llc Sealing secret data with a policy that includes a sensor-based constraint
US8645681B1 (en) * 2011-09-28 2014-02-04 Emc Corporation Techniques for distributing secure communication secrets
EP2766814B1 (de) * 2011-10-10 2020-07-15 Masergy Communications, Inc. Erkennung eines emergenten verhaltens in kommunikationsnetzwerken
WO2013055807A1 (en) 2011-10-10 2013-04-18 Global Dataguard, Inc Detecting emergent behavior in communications networks
US8677487B2 (en) 2011-10-18 2014-03-18 Mcafee, Inc. System and method for detecting a malicious command and control channel
US8549645B2 (en) * 2011-10-21 2013-10-01 Mcafee, Inc. System and method for detection of denial of service attacks
US9813310B1 (en) * 2011-10-31 2017-11-07 Reality Analytics, Inc. System and method for discriminating nature of communication traffic transmitted through network based on envelope characteristics
US9251535B1 (en) 2012-01-05 2016-02-02 Juniper Networks, Inc. Offload of data transfer statistics from a mobile access gateway
US9922190B2 (en) 2012-01-25 2018-03-20 Damballa, Inc. Method and system for detecting DGA-based malware
AU2013272215B2 (en) 2012-03-22 2017-10-12 Imperial Innovations Limited Anomaly detection to identify coordinated group attacks in computer networks
RU2488880C1 (ru) * 2012-05-11 2013-07-27 Закрытое акционерное общество "Лаборатория Касперского" Система и способ адаптивной оптимизации проверки потока данных, передающихся по сети, на наличие угроз
US10547674B2 (en) 2012-08-27 2020-01-28 Help/Systems, Llc Methods and systems for network flow analysis
US10084806B2 (en) 2012-08-31 2018-09-25 Damballa, Inc. Traffic simulation to identify malicious activity
US9894088B2 (en) 2012-08-31 2018-02-13 Damballa, Inc. Data mining to identify malicious activity
US9191399B2 (en) * 2012-09-11 2015-11-17 The Boeing Company Detection of infected network devices via analysis of responseless outgoing network traffic
US20140181949A1 (en) * 2012-12-20 2014-06-26 Robert Hunter Methods and systems for a power firewall
WO2014111863A1 (en) 2013-01-16 2014-07-24 Light Cyber Ltd. Automated forensics of computer systems using behavioral intelligence
US20140229414A1 (en) * 2013-02-08 2014-08-14 Ebay Inc. Systems and methods for detecting anomalies
WO2014174798A1 (ja) * 2013-04-23 2014-10-30 日本電気株式会社 情報処理システム、情報処理方法および記憶媒体
US9571511B2 (en) 2013-06-14 2017-02-14 Damballa, Inc. Systems and methods for traffic classification
EP3053046B1 (de) * 2013-10-04 2021-11-03 Webroot Inc. Netzwerkeindringungserkennung
GB201321949D0 (en) 2013-12-12 2014-01-29 Ibm Semiconductor nanowire fabrication
US20150172096A1 (en) * 2013-12-17 2015-06-18 Microsoft Corporation System alert correlation via deltas
US20150180920A1 (en) * 2013-12-19 2015-06-25 Robert Hunter Methods and systems for secure data communication and system monitoring
US11405410B2 (en) 2014-02-24 2022-08-02 Cyphort Inc. System and method for detecting lateral movement and data exfiltration
US9195669B2 (en) 2014-02-26 2015-11-24 Iboss, Inc. Detecting and managing abnormal data behavior
US9660930B2 (en) 2014-03-17 2017-05-23 Splunk Inc. Dynamic data server nodes
US9753818B2 (en) 2014-09-19 2017-09-05 Splunk Inc. Data forwarding using multiple data pipelines
US9838346B2 (en) 2014-03-17 2017-12-05 Splunk Inc. Alerting on dual-queue systems
US20150317841A1 (en) * 2014-04-30 2015-11-05 Cubic Corporation Fare evasion detection using video analytics
US9419992B2 (en) * 2014-08-13 2016-08-16 Palantir Technologies Inc. Unwanted tunneling alert system
PL3095034T3 (pl) 2014-10-21 2019-11-29 Ironnet Cybersecurity Inc Układ zabezpieczeń cybernetycznych
KR101720686B1 (ko) * 2014-10-21 2017-03-28 한국전자통신연구원 시각화 유사도 기반 악성 어플리케이션 감지 장치 및 감지 방법
RU2580432C1 (ru) 2014-10-31 2016-04-10 Общество С Ограниченной Ответственностью "Яндекс" Способ для обработки запроса от потенциального несанкционированного пользователя на доступ к ресурсу и серверу, используемый в нем
RU2610280C2 (ru) 2014-10-31 2017-02-08 Общество С Ограниченной Ответственностью "Яндекс" Способ авторизации пользователя в сети и сервер, используемый в нем
EP3018876B1 (de) 2014-11-05 2020-01-01 Vodafone IP Licensing limited Überwachung von Signalgebungsverkehr
US9866578B2 (en) * 2014-12-03 2018-01-09 AlphaSix Corp. System and method for network intrusion detection anomaly risk scoring
US9922037B2 (en) 2015-01-30 2018-03-20 Splunk Inc. Index time, delimiter based extractions and previewing for use in indexing
US9930065B2 (en) 2015-03-25 2018-03-27 University Of Georgia Research Foundation, Inc. Measuring, categorizing, and/or mitigating malware distribution paths
CN104967535A (zh) * 2015-06-09 2015-10-07 南京联成科技发展有限公司 一种应用于信息安全运维管理的大数据分析
US9628442B2 (en) 2015-06-22 2017-04-18 Cisco Technology, Inc. DNS snooping to create IP address-based trust database used to select deep packet inspection and storage of IP packets
US9407652B1 (en) 2015-06-26 2016-08-02 Palantir Technologies Inc. Network anomaly detection
US9537880B1 (en) 2015-08-19 2017-01-03 Palantir Technologies Inc. Anomalous network monitoring, user behavior detection and database system
US9699205B2 (en) * 2015-08-31 2017-07-04 Splunk Inc. Network security system
US9979747B2 (en) 2015-09-05 2018-05-22 Mastercard Technologies Canada ULC Systems and methods for detecting and preventing spoofing
US9454564B1 (en) 2015-09-09 2016-09-27 Palantir Technologies Inc. Data integrity checks
US10044745B1 (en) 2015-10-12 2018-08-07 Palantir Technologies, Inc. Systems for computer network security risk assessment including user compromise analysis associated with a network of devices
US10169719B2 (en) * 2015-10-20 2019-01-01 International Business Machines Corporation User configurable message anomaly scoring to identify unusual activity in information technology systems
US10673887B2 (en) * 2015-10-28 2020-06-02 Qomplx, Inc. System and method for cybersecurity analysis and score generation for insurance purposes
CN108369542A (zh) * 2015-11-09 2018-08-03 西普霍特公司 用于检测横向运动和数据泄漏的系统和方法
WO2017100364A1 (en) * 2015-12-07 2017-06-15 Prismo Systems Inc. Systems and methods for detecting and responding to security threats using application execution and connection lineage tracing
US9973528B2 (en) 2015-12-21 2018-05-15 Fortinet, Inc. Two-stage hash based logic for application layer distributed denial of service (DDoS) attack attribution
IL243825B (en) * 2016-01-28 2021-05-31 Verint Systems Ltd A system and method for automated forensic investigation
US10084808B2 (en) * 2016-03-14 2018-09-25 The Boeing Company Selective extended archiving of data
EP3223063A1 (de) 2016-03-24 2017-09-27 Thomson Licensing Vorrichtung zur bildung von einem feldintensitätsmuster im nahbereich aus einfallenden elektromagnetischen wellen
CN105912934B (zh) * 2016-04-20 2018-10-30 迅鳐成都科技有限公司 一种面向数据产权保护的反内爬访控方法
ES2728337T3 (es) 2016-07-14 2019-10-23 Ironnet Cybersecurity Inc Simulación y realidad virtual basada en sistemas de comportamiento cibernético
EP3293937A1 (de) * 2016-09-12 2018-03-14 Vectra Networks, Inc. Verfahren und system zum erkennen von bösartigen nutzdaten
EP3312660A1 (de) 2016-10-21 2018-04-25 Thomson Licensing Vorrichtung zur bildung von mindestens einem geneigten fokussierten strahl im nahbereich aus einfallenden elektromagnetischen wellen
EP3312646A1 (de) 2016-10-21 2018-04-25 Thomson Licensing Vorrichtung und verfahren zur abschirmung von mindestens einem sub-wellenlängen-skala-objekt von einer einfallenden elektromagnetischen welle
US10313396B2 (en) * 2016-11-15 2019-06-04 Cisco Technology, Inc. Routing and/or forwarding information driven subscription against global security policy data
US11126971B1 (en) * 2016-12-12 2021-09-21 Jpmorgan Chase Bank, N.A. Systems and methods for privacy-preserving enablement of connections within organizations
US11477202B2 (en) 2016-12-29 2022-10-18 AVAST Software s.r.o. System and method for detecting unknown IoT device types by monitoring their behavior
US10264005B2 (en) 2017-01-11 2019-04-16 Cisco Technology, Inc. Identifying malicious network traffic based on collaborative sampling
US10491616B2 (en) * 2017-02-13 2019-11-26 Microsoft Technology Licensing, Llc Multi-signal analysis for compromised scope identification
US10673816B1 (en) * 2017-04-07 2020-06-02 Perspecta Labs Inc. Low delay network intrusion prevention
EP3385219B1 (de) 2017-04-07 2021-07-14 InterDigital CE Patent Holdings Verfahren zur herstellung einer vorrichtung zum ausbilden wenigstens eines fokussierten strahls in einem nahbereich
US10007776B1 (en) 2017-05-05 2018-06-26 Mastercard Technologies Canada ULC Systems and methods for distinguishing among human users and software robots
US10127373B1 (en) 2017-05-05 2018-11-13 Mastercard Technologies Canada ULC Systems and methods for distinguishing among human users and software robots
US9990487B1 (en) 2017-05-05 2018-06-05 Mastercard Technologies Canada ULC Systems and methods for distinguishing among human users and software robots
US10642676B2 (en) * 2017-05-11 2020-05-05 Microsoft Technology Licensing, Llc Scalable automated detection of functional behavior
US10594725B2 (en) * 2017-07-27 2020-03-17 Cypress Semiconductor Corporation Generating and analyzing network profile data
US11468165B2 (en) * 2017-08-18 2022-10-11 Nippon Telegraph And Telephone Corporation Intrusion prevention device, intrusion prevention method, and program
US10756956B2 (en) * 2018-03-05 2020-08-25 Schweitzer Engineering Laboratories, Inc. Trigger alarm actions and alarm-triggered network flows in software-defined networks
US10965516B2 (en) 2018-03-27 2021-03-30 Cisco Technology, Inc. Deep fusion reasoning engine (DFRE) for prioritizing network monitoring alerts
US10887326B2 (en) * 2018-03-30 2021-01-05 Microsoft Technology Licensing, Llc Distributed system for adaptive protection against web-service- targeted vulnerability scanners
US10999304B2 (en) 2018-04-11 2021-05-04 Palo Alto Networks (Israel Analytics) Ltd. Bind shell attack detection
US20210126933A1 (en) * 2018-06-22 2021-04-29 Nec Corporation Communication analysis apparatus, communication analysis method, communication environment analysis apparatus, communication environment analysis method, and program
US11323465B2 (en) * 2018-09-19 2022-05-03 Nec Corporation Temporal behavior analysis of network traffic
US10326676B1 (en) * 2019-01-08 2019-06-18 Extrahop Networks, Inc. Automated risk assessment based on machine generated investigation
US11184377B2 (en) 2019-01-30 2021-11-23 Palo Alto Networks (Israel Analytics) Ltd. Malicious port scan detection using source profiles
US11184378B2 (en) 2019-01-30 2021-11-23 Palo Alto Networks (Israel Analytics) Ltd. Scanner probe detection
US11316872B2 (en) 2019-01-30 2022-04-26 Palo Alto Networks (Israel Analytics) Ltd. Malicious port scan detection using port profiles
US11070569B2 (en) 2019-01-30 2021-07-20 Palo Alto Networks (Israel Analytics) Ltd. Detecting outlier pairs of scanned ports
US11184376B2 (en) 2019-01-30 2021-11-23 Palo Alto Networks (Israel Analytics) Ltd. Port scan detection using destination profiles
JP7081695B2 (ja) * 2019-02-05 2022-06-07 日本電気株式会社 優先度判定装置、優先度判定方法、及び制御プログラム
US11720461B2 (en) 2019-03-12 2023-08-08 Microsoft Technology Licensing, Llc Automated detection of code regressions from time-series data
US11736499B2 (en) 2019-04-09 2023-08-22 Corner Venture Partners, Llc Systems and methods for detecting injection exploits
US11388188B2 (en) * 2019-05-10 2022-07-12 The Boeing Company Systems and methods for automated intrusion detection
US11263295B2 (en) 2019-07-08 2022-03-01 Cloud Linux Software Inc. Systems and methods for intrusion detection and prevention using software patching and honeypots
US11409862B2 (en) 2019-07-22 2022-08-09 Cloud Linux Software Inc. Intrusion detection and prevention for unknown software vulnerabilities using live patching
US11550899B2 (en) 2019-07-22 2023-01-10 Cloud Linux Software Inc. Systems and methods for hardening security systems using live patching
US11275842B2 (en) 2019-09-20 2022-03-15 The Toronto-Dominion Bank Systems and methods for evaluating security of third-party applications
US11436336B2 (en) 2019-09-23 2022-09-06 The Toronto-Dominion Bank Systems and methods for evaluating data access signature of third-party applications
JP7368762B2 (ja) * 2020-02-05 2023-10-25 日本電信電話株式会社 警報監視システム、警報監視方法、及びプログラム
US11388168B2 (en) * 2020-02-10 2022-07-12 EMC IP Holding Company LLC Data governance operations in highly distributed data platforms
US10986116B1 (en) * 2020-07-16 2021-04-20 SOURCE Ltd. System and method for analyzing and correcting an anomaly in split computer networks
CN112000863B (zh) * 2020-08-14 2024-04-09 北京百度网讯科技有限公司 用户行为数据的分析方法、装置、设备和介质
US11509680B2 (en) 2020-09-30 2022-11-22 Palo Alto Networks (Israel Analytics) Ltd. Classification of cyber-alerts into security incidents
US11363000B1 (en) 2021-01-04 2022-06-14 Bank Of America Corporation System for virtual private network authentication sensitivity with read only sandbox integration
US11343373B1 (en) 2021-01-29 2022-05-24 T-Mobile Usa, Inc. Machine intelligent isolation of international calling performance degradation
EP4060533A1 (de) * 2021-03-15 2022-09-21 Amadeus S.A.S. Detektion eines aktuellen angriffs basierend auf einer signaturerzeugungstechnik in einer computerisierten umgebung
US11799880B2 (en) 2022-01-10 2023-10-24 Palo Alto Networks (Israel Analytics) Ltd. Network adaptive alert prioritization system
US20230291755A1 (en) * 2022-03-10 2023-09-14 C3.Ai, Inc. Enterprise cybersecurity ai platform
WO2024009741A1 (ja) * 2022-07-05 2024-01-11 パナソニックIpマネジメント株式会社 セキュリティ監視装置、セキュリティ監視方法、および、プログラム
DE102022125399A1 (de) 2022-09-30 2024-04-04 Bundesdruckerei Gmbh Detektieren eines Angriffs auf ein zu schützendes Computersystem
CN116185672B (zh) * 2023-04-28 2023-08-22 北京亿赛通科技发展有限责任公司 一种数据监控方法、装置及存储介质
CN117395070B (zh) * 2023-11-16 2024-05-03 国家计算机网络与信息安全管理中心 一种基于流量特征的异常流量检测方法
CN117879978A (zh) * 2024-03-11 2024-04-12 米烁网络科技(广州)有限公司 一种用于网关路由器的入侵检测系统

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5892903A (en) 1996-09-12 1999-04-06 Internet Security Systems, Inc. Method and apparatus for detecting and identifying security vulnerabilities in an open network computer communication system
US6279113B1 (en) * 1998-03-16 2001-08-21 Internet Tools, Inc. Dynamic signature inspection-based network intrusion detection
US6282546B1 (en) 1998-06-30 2001-08-28 Cisco Technology, Inc. System and method for real-time insertion of data into a multi-dimensional database for network intrusion detection and vulnerability assessment
US6321338B1 (en) 1998-11-09 2001-11-20 Sri International Network surveillance
US6301668B1 (en) * 1998-12-29 2001-10-09 Cisco Technology, Inc. Method and system for adaptive network security using network vulnerability assessment
US6477651B1 (en) 1999-01-08 2002-11-05 Cisco Technology, Inc. Intrusion detection system and method having dynamically loaded signatures
US6487666B1 (en) 1999-01-15 2002-11-26 Cisco Technology, Inc. Intrusion detection signature analysis using regular expressions and logical operators
US7032005B2 (en) * 2000-04-14 2006-04-18 Slam Dunk Networks, Inc. System for handling information and information transfers in a computer network
US7215637B1 (en) * 2000-04-17 2007-05-08 Juniper Networks, Inc. Systems and methods for processing packets
US7007301B2 (en) 2000-06-12 2006-02-28 Hewlett-Packard Development Company, L.P. Computer architecture for an intrusion detection system
DE60116877T2 (de) * 2000-08-11 2006-09-14 British Telecommunications P.L.C. System und verfahren zum erfassen von ereignissen
AU2001281401A1 (en) 2000-08-18 2002-03-04 Invicta Networks, Inc. Systems and methods for distributed network protection
US7475405B2 (en) 2000-09-06 2009-01-06 International Business Machines Corporation Method and system for detecting unusual events and application thereof in computer intrusion detection
GB0022485D0 (en) * 2000-09-13 2000-11-01 Apl Financial Services Oversea Monitoring network activity
US20020083344A1 (en) * 2000-12-21 2002-06-27 Vairavan Kannan P. Integrated intelligent inter/intra networking device
US7168093B2 (en) 2001-01-25 2007-01-23 Solutionary, Inc. Method and apparatus for verifying the integrity and security of computer networks and implementation of counter measures
US7307999B1 (en) * 2001-02-16 2007-12-11 Bbn Technologies Corp. Systems and methods that identify normal traffic during network attacks
US7089592B2 (en) * 2001-03-15 2006-08-08 Brighterion, Inc. Systems and methods for dynamic detection and prevention of electronic fraud
US7493659B1 (en) * 2002-03-05 2009-02-17 Mcafee, Inc. Network intrusion detection and analysis system and method

Also Published As

Publication number Publication date
US20050044406A1 (en) 2005-02-24
EP1490768A1 (de) 2004-12-29
EP1490768B1 (de) 2007-09-26
US8448247B2 (en) 2013-05-21
AU2003223379A1 (en) 2003-10-13
US20120210429A1 (en) 2012-08-16
ATE374493T1 (de) 2007-10-15
US8205259B2 (en) 2012-06-19
DE60316543T2 (de) 2008-07-03
WO2003083660A1 (en) 2003-10-09
EP1490768A4 (de) 2005-11-16

Similar Documents

Publication Publication Date Title
DE60316543D1 (de) Adaptive verhaltensbezogene eindringdetektion
Sohal et al. A cybersecurity framework to identify malicious edge device in fog computing and cloud-of-things environments
Ramaki et al. RTECA: Real time episode correlation algorithm for multi-step attack scenarios detection
Hu et al. A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection
US20170214702A1 (en) Distributed techniques for detecting atypical or malicious wireless communications activity
CN109639634B (zh) 一种物联网自适应安全防护方法及系统
Bouchama et al. Enhancing Cyber Threat Detection through Machine Learning-Based Behavioral Modeling of Network Traffic Patterns
Botha et al. Utilising fuzzy logic and trend analysis for effective intrusion detection
Khairi et al. Detection and classification of conflict flows in SDN using machine learning algorithms
Lefoane et al. Machine learning for botnet detection: An optimized feature selection approach
Balueva et al. Approach to detection of Denial-of-Sleep attacks in wireless sensor networks on the base of machine learning
Wu et al. Validation of chaos hypothesis in NADA and improved DDoS detection algorithm
Chowdhury et al. A novel insider attack and machine learning based detection for the internet of things
Grosser et al. Detecting fraud in mobile telephony using neural networks
Demertzis Blockchained federated learning for threat defense
Rajasoundaran et al. Secure and optimized intrusion detection scheme using LSTM-MAC principles for underwater wireless sensor networks
Thomas et al. Sec 2: A secure and energy efficient barrier coverage scheduling for wsn-based iot applications
Lee et al. A novel deep learning-based IoT device transmission interval management scheme for enhanced scalability in LoRa networks
Yungaicela-Naula et al. Physical assessment of an SDN-based security framework for DDoS attack mitigation: Introducing the SDN-SlowRate-DDoS dataset
CN109617684A (zh) 自修复主动防御式真随机数发生装置及生成方法
Cicirello et al. Designing dependable agent systems for mobile wireless networks
Joshi et al. Hidden Markov trust for attenuation of selfish and malicious nodes in the IoT network
Divya et al. Real-time intrusion prediction using hidden Markov model with genetic algorithm
Kidmose et al. Correlating intrusion detection alerts on bot malware infections using neural network
Meleshko et al. Approach to Anomaly Detection in Self-Organized Decentralized Wireless Sensor Network for Air Pollution Monitoring

Legal Events

Date Code Title Description
8364 No opposition during term of opposition