JP2007536646A - ネットワーク・セキュリティ・システムにおけるパターン発見方法及びシステム - Google Patents
ネットワーク・セキュリティ・システムにおけるパターン発見方法及びシステム Download PDFInfo
- Publication number
- JP2007536646A JP2007536646A JP2007511653A JP2007511653A JP2007536646A JP 2007536646 A JP2007536646 A JP 2007536646A JP 2007511653 A JP2007511653 A JP 2007511653A JP 2007511653 A JP2007511653 A JP 2007511653A JP 2007536646 A JP2007536646 A JP 2007536646A
- Authority
- JP
- Japan
- Prior art keywords
- event
- transaction
- pattern
- patterns
- network security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
Abstract
Description
Claims (27)
- 複数のセキュリティ・イベントから成るイベント・ストリームを受け取ることと、
前記受け取ったイベント・ストリームにおける1以上の未知のイベント・パターンを発見すること、
からなる方法。 - 前記1以上のイベント・パターンを発見することは、トランザクション・パラメータに基づき前記イベント・ストリームを複数のトランザクションに弁別することを含む請求項1に記載の方法。
- 前記トランザクション・パラメータは時間である請求項2に記載の方法。
- 前記トランザクション・パラメータは送信元アドレスを含む請求項2に記載の方法。
- 前記トランザクション・パラメータは送信元アドレス及び送信先アドレスを含む請求項2に記載の方法。
- 前記1以上のイベント・パターンを発見することは、更に、前記複数のトランザクションを用いてトランザクション・ツリーを作成することを含む請求項2に記載の方法。
- 前記1以上のイベント・パターンを発見することは、更に、サポートの落ち込みを観察することにより前記トランザクション・ツリーを構文解析することを含む請求項6に記載の方法。
- 更に、前記発見された1以上のイベント・パターンを1以上の相関則に変換するオプションをユーザに提供することを具備する請求項1に記載の方法。
- 更に、前記発見された1以上のイベント・パターンのうち少なくとも1のイベント・パターンを用いて新しいイベント相関則を作成することを具備する請求項1に記載の方法。
- 前記イベント・ストリームを受け取る際ことは、既に収集されたセキュリティ・イベントを記憶したイベント・データベースから前記イベント・ストリームを受け取ることを含む請求項1に記載の方法。
- ユーザの動作に応じて、選択された新たに定義されたパターンを相関則に変換するように構成された規則生成ツールを具備することを特徴とするネットワーク・セキュリティ・システムのユーザ・インターフェース。
- 前記ユーザの動作は1回のマウス・クリックである請求項11に記載のユーザ・インターフェース。
- 更に、既に記憶されたセキュリティ・イベントのサブセットをユーザが選択できるように構成されたパターン発見ツールを具備し、前記ネットワーク・セキュリティ・システムは、前記ユーザの選択に応じて前記選択されたセキュリティ・イベントのサブセットにおける未知のパターンを発見する請求項11に記載したユーザ・インターフェース。
- 複数のセキュリティ・イベントを記憶するイベント・データベースと、
前記イベント・データベースに記憶された前記複数のセキュリティ・イベントのサブセットから成るイベント・ストリームにおける1以上の未知のイベント・パターンを発見するパターン発見モジュールと
を具備するネットワーク・セキュリティ・システム。 - 前記パターン発見モジュールは、トランザクション・パラメータに基づき前記イベント・ストリームを複数のトランザクションに選別する複数のトランザクション・フィルタを具備する請求項14に記載したネットワーク・セキュリティ・システム。
- 前記トランザクション・パラメータは時間を含む請求項15に記載のネットワーク・セキュリティ・システム。
- 前記トランザクション・パラメータは送信元アドレスを含む請求項15に記載のネットワーク・セキュリティ・システム。
- 前記トランザクション・パラメータは送信元アドレス及び送信先アドレスを含む請求項15に記載のネットワーク・セキュリティ・システム。
- 前記パターン発見モジュールは前記複数のトランザクションを用いてトランザクション・ツリーを作成するツリー・ビルダから成る請求項15に記載のネットワーク・セキュリティ・システム。
- 前記パターン発見モジュールは、更に、サポートの落ち込みを観察することにより前記トランザクション・ツリーを解析するツリー解析部を具備する請求項19に記載のネットワーク・セキュリティ・システム。
- 更に、前記発見された1以上のイベント・パターンを1以上のイベント相関則に変換するツールをユーザに提供するユーザ・インターフェースから成る請求項14に記載のネットワーク・セキュリティ・システム。
- ネットワーク・セキュリティ・システムのプロセッサにより実行されるプログラムを記憶したコンピュータ読み取り可能な記憶媒体であって、前記プロセッサに、
イベント・ストリームにおける1以上の未知のイベント・パターンを発見する手順を実行させるプログラムを記憶しており、前記イベント・ストリームは前記ネットワーク・セキュリティ・システムによって予め記憶されたセキュリティ・イベントの選択されたサブセットから成る。 - 前記1以上の未知のイベント・パターンを発見する手順は、トランザクション・パラメータに基づき前記イベント・ストリームを複数のトランザクションに弁別することを含む請求項22に記載の記憶媒体。
- 前記1以上の未知のイベント・パターンを発見することは、前記複数のトランザクションを用いてトランザクション・ツリーを作成することを含む請求項23に記載の記憶媒体。
- 前記1以上の未知のイベント・パターンを発見することは、更に、サポートの落ち込みを観察することにより前記トランザクション・ツリーを解析することを含む請求項24に記載の記憶媒体。
- 前記プログラムは、前記プロセッサに、更に、前記発見された1以上のイベント・パターンを1以上のイベント相関則に変換するオプションをユーザに提供する手順を実行させるものである請求項22に記載の記憶媒体。
- 前記プログラムは、前記プロセッサに、更に、前記発見された1以上のイベント・パターンのうち少なくとも1のイベント・パターンを用いて新しいイベント相関則を作成する手順を実行させるものである請求項22に記載の記憶媒体。
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/839,613 US7509677B2 (en) | 2004-05-04 | 2004-05-04 | Pattern discovery in a network security system |
US10/839,613 | 2004-05-04 | ||
PCT/US2005/015933 WO2005107424A2 (en) | 2004-05-04 | 2005-05-04 | Pattern discovery in a network security system |
Publications (3)
Publication Number | Publication Date |
---|---|
JP2007536646A true JP2007536646A (ja) | 2007-12-13 |
JP2007536646A5 JP2007536646A5 (ja) | 2010-08-05 |
JP5038888B2 JP5038888B2 (ja) | 2012-10-03 |
Family
ID=35240831
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2007511653A Expired - Fee Related JP5038888B2 (ja) | 2004-05-04 | 2005-05-04 | ネットワーク・セキュリティ・システムにおけるパターン発見方法及びシステム |
Country Status (13)
Country | Link |
---|---|
US (2) | US7509677B2 (ja) |
EP (1) | EP1749386B1 (ja) |
JP (1) | JP5038888B2 (ja) |
KR (1) | KR101007899B1 (ja) |
AT (1) | ATE464729T1 (ja) |
AU (1) | AU2005240203B2 (ja) |
CA (1) | CA2565343C (ja) |
DE (1) | DE602005020609D1 (ja) |
HK (1) | HK1096794A1 (ja) |
IL (1) | IL178861A (ja) |
NZ (1) | NZ550752A (ja) |
PL (1) | PL1749386T3 (ja) |
WO (1) | WO2005107424A2 (ja) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2014531647A (ja) * | 2011-09-09 | 2014-11-27 | ヒューレット−パッカード デベロップメント カンパニー エル.ピー.Hewlett‐Packard Development Company, L.P. | 基準ベースラインに基づき、イベントシーケンス中の時間的位置に従ってイベントを評価するシステム及び方法 |
KR20160120761A (ko) | 2014-03-31 | 2016-10-18 | 가부시키가이샤 랏쿠 | 로그 분석 시스템 |
KR20160134676A (ko) | 2014-03-31 | 2016-11-23 | 가부시키가이샤 랏쿠 | 로그 분석 시스템 |
JP2017144852A (ja) * | 2016-02-17 | 2017-08-24 | 日立オートモティブシステムズ株式会社 | 車両制御装置 |
CN107209834A (zh) * | 2015-02-04 | 2017-09-26 | 日本电信电话株式会社 | 恶意通信模式提取装置、恶意通信模式提取系统、恶意通信模式提取方法及恶意通信模式提取程序 |
Families Citing this family (116)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8209756B1 (en) | 2002-02-08 | 2012-06-26 | Juniper Networks, Inc. | Compound attack detection in a computer network |
US8479057B2 (en) * | 2002-11-04 | 2013-07-02 | Riverbed Technology, Inc. | Aggregator for connection based anomaly detection |
US8504879B2 (en) * | 2002-11-04 | 2013-08-06 | Riverbed Technology, Inc. | Connection based anomaly detection |
US7899901B1 (en) | 2002-12-02 | 2011-03-01 | Arcsight, Inc. | Method and apparatus for exercising and debugging correlations for network security system |
US7788722B1 (en) | 2002-12-02 | 2010-08-31 | Arcsight, Inc. | Modular agent for network security intrusion detection system |
US7219239B1 (en) | 2002-12-02 | 2007-05-15 | Arcsight, Inc. | Method for batching events for transmission by software agent |
US7607169B1 (en) | 2002-12-02 | 2009-10-20 | Arcsight, Inc. | User interface for network security console |
US8176527B1 (en) | 2002-12-02 | 2012-05-08 | Hewlett-Packard Development Company, L. P. | Correlation engine with support for time-based rules |
US7650638B1 (en) | 2002-12-02 | 2010-01-19 | Arcsight, Inc. | Network security monitoring system employing bi-directional communication |
US7376969B1 (en) | 2002-12-02 | 2008-05-20 | Arcsight, Inc. | Real time monitoring and analysis of events from multiple network security devices |
US7260844B1 (en) | 2003-09-03 | 2007-08-21 | Arcsight, Inc. | Threat detection in a network security system |
US9027120B1 (en) | 2003-10-10 | 2015-05-05 | Hewlett-Packard Development Company, L.P. | Hierarchical architecture in a network security system |
US8015604B1 (en) | 2003-10-10 | 2011-09-06 | Arcsight Inc | Hierarchical architecture in a network security system |
US8548170B2 (en) | 2003-12-10 | 2013-10-01 | Mcafee, Inc. | Document de-registration |
US7814327B2 (en) * | 2003-12-10 | 2010-10-12 | Mcafee, Inc. | Document registration |
US7899828B2 (en) * | 2003-12-10 | 2011-03-01 | Mcafee, Inc. | Tag data structure for maintaining relational data over captured objects |
US7565696B1 (en) | 2003-12-10 | 2009-07-21 | Arcsight, Inc. | Synchronizing network security devices within a network security system |
US20050131876A1 (en) * | 2003-12-10 | 2005-06-16 | Ahuja Ratinder Paul S. | Graphical user interface for capture system |
US7984175B2 (en) | 2003-12-10 | 2011-07-19 | Mcafee, Inc. | Method and apparatus for data capture and analysis system |
US8656039B2 (en) * | 2003-12-10 | 2014-02-18 | Mcafee, Inc. | Rule parser |
US7774604B2 (en) * | 2003-12-10 | 2010-08-10 | Mcafee, Inc. | Verifying captured objects before presentation |
US7930540B2 (en) * | 2004-01-22 | 2011-04-19 | Mcafee, Inc. | Cryptographic policy enforcement |
US8528077B1 (en) * | 2004-04-09 | 2013-09-03 | Hewlett-Packard Development Company, L.P. | Comparing events from multiple network security devices |
US7509677B2 (en) | 2004-05-04 | 2009-03-24 | Arcsight, Inc. | Pattern discovery in a network security system |
US7962591B2 (en) * | 2004-06-23 | 2011-06-14 | Mcafee, Inc. | Object classification in a capture system |
US8560534B2 (en) * | 2004-08-23 | 2013-10-15 | Mcafee, Inc. | Database for a capture system |
US7949849B2 (en) * | 2004-08-24 | 2011-05-24 | Mcafee, Inc. | File system for a capture system |
US7644438B1 (en) | 2004-10-27 | 2010-01-05 | Arcsight, Inc. | Security event aggregation at software agent |
US9100422B1 (en) * | 2004-10-27 | 2015-08-04 | Hewlett-Packard Development Company, L.P. | Network zone identification in a network security system |
US20060130070A1 (en) * | 2004-11-22 | 2006-06-15 | Graf Lars O | System and method of event correlation |
US7809131B1 (en) | 2004-12-23 | 2010-10-05 | Arcsight, Inc. | Adjusting sensor time in a network security system |
US7647632B1 (en) | 2005-01-04 | 2010-01-12 | Arcsight, Inc. | Object reference in a system |
US8850565B2 (en) * | 2005-01-10 | 2014-09-30 | Hewlett-Packard Development Company, L.P. | System and method for coordinating network incident response activities |
US7809826B1 (en) * | 2005-01-27 | 2010-10-05 | Juniper Networks, Inc. | Remote aggregation of network traffic profiling data |
US7937755B1 (en) | 2005-01-27 | 2011-05-03 | Juniper Networks, Inc. | Identification of network policy violations |
US7797411B1 (en) | 2005-02-02 | 2010-09-14 | Juniper Networks, Inc. | Detection and prevention of encapsulated network attacks using an intermediate device |
US7844999B1 (en) | 2005-03-01 | 2010-11-30 | Arcsight, Inc. | Message parsing in a network security system |
US20060248179A1 (en) * | 2005-04-29 | 2006-11-02 | Short Michael E | Method and system for event-driven network management |
US8209759B2 (en) * | 2005-07-18 | 2012-06-26 | Q1 Labs, Inc. | Security incident manager |
US7907608B2 (en) * | 2005-08-12 | 2011-03-15 | Mcafee, Inc. | High speed packet capture |
US7818326B2 (en) * | 2005-08-31 | 2010-10-19 | Mcafee, Inc. | System and method for word indexing in a capture system and querying thereof |
US20070089172A1 (en) * | 2005-10-14 | 2007-04-19 | Bare Ballard C | Methods for identifying self-replicating threats using historical data |
US7730011B1 (en) | 2005-10-19 | 2010-06-01 | Mcafee, Inc. | Attributes of captured objects in a capture system |
US7657104B2 (en) * | 2005-11-21 | 2010-02-02 | Mcafee, Inc. | Identifying image type in a capture system |
US7663479B1 (en) * | 2005-12-21 | 2010-02-16 | At&T Corp. | Security infrastructure |
US20070226504A1 (en) * | 2006-03-24 | 2007-09-27 | Reconnex Corporation | Signature match processing in a document registration system |
US8504537B2 (en) | 2006-03-24 | 2013-08-06 | Mcafee, Inc. | Signature distribution in a document registration system |
US7958227B2 (en) | 2006-05-22 | 2011-06-07 | Mcafee, Inc. | Attributes of captured objects in a capture system |
US7689614B2 (en) | 2006-05-22 | 2010-03-30 | Mcafee, Inc. | Query generation for a capture system |
US8010689B2 (en) * | 2006-05-22 | 2011-08-30 | Mcafee, Inc. | Locational tagging in a capture system |
US20070300300A1 (en) * | 2006-06-27 | 2007-12-27 | Matsushita Electric Industrial Co., Ltd. | Statistical instrusion detection using log files |
US9715675B2 (en) | 2006-08-10 | 2017-07-25 | Oracle International Corporation | Event-driven customizable automated workflows for incident remediation |
US7870612B2 (en) * | 2006-09-11 | 2011-01-11 | Fujian Eastern Micropoint Info-Tech Co., Ltd | Antivirus protection system and method for computers |
US9824107B2 (en) * | 2006-10-25 | 2017-11-21 | Entit Software Llc | Tracking changing state data to assist in computer network security |
US9166989B2 (en) | 2006-12-28 | 2015-10-20 | Hewlett-Packard Development Company, L.P. | Storing log data efficiently while supporting querying |
US20080184368A1 (en) * | 2007-01-31 | 2008-07-31 | Coon James R | Preventing False Positive Detections in an Intrusion Detection System |
CA2714549A1 (en) * | 2007-02-09 | 2008-08-14 | Smobile Systems, Inc. | Off-line mms malware scanning system and method |
US8112440B2 (en) * | 2007-04-13 | 2012-02-07 | The University Of Vermont And State Agricultural College | Relational pattern discovery across multiple databases |
KR100901696B1 (ko) | 2007-07-04 | 2009-06-08 | 한국전자통신연구원 | 보안 이벤트의 컨텐츠에 기반한 보안 이벤트 샘플링 장치및 방법 |
US8091065B2 (en) * | 2007-09-25 | 2012-01-03 | Microsoft Corporation | Threat analysis and modeling during a software development lifecycle of a software application |
US8612409B2 (en) * | 2007-12-18 | 2013-12-17 | Yahoo! Inc. | Method and apparatus for detecting and explaining bursty stream events in targeted groups |
US7953685B2 (en) * | 2007-12-27 | 2011-05-31 | Intel Corporation | Frequent pattern array |
US8839345B2 (en) * | 2008-03-17 | 2014-09-16 | International Business Machines Corporation | Method for discovering a security policy |
US9842204B2 (en) * | 2008-04-01 | 2017-12-12 | Nudata Security Inc. | Systems and methods for assessing security risk |
US9275215B2 (en) | 2008-04-01 | 2016-03-01 | Nudata Security Inc. | Systems and methods for implementing and tracking identification tests |
US8495701B2 (en) | 2008-06-05 | 2013-07-23 | International Business Machines Corporation | Indexing of security policies |
US8205242B2 (en) * | 2008-07-10 | 2012-06-19 | Mcafee, Inc. | System and method for data mining and security policy management |
US9253154B2 (en) | 2008-08-12 | 2016-02-02 | Mcafee, Inc. | Configuration management for a capture/registration system |
US8504504B2 (en) * | 2008-09-26 | 2013-08-06 | Oracle America, Inc. | System and method for distributed denial of service identification and prevention |
US8850591B2 (en) | 2009-01-13 | 2014-09-30 | Mcafee, Inc. | System and method for concept building |
US8706709B2 (en) | 2009-01-15 | 2014-04-22 | Mcafee, Inc. | System and method for intelligent term grouping |
US8473442B1 (en) | 2009-02-25 | 2013-06-25 | Mcafee, Inc. | System and method for intelligent state management |
US8667121B2 (en) | 2009-03-25 | 2014-03-04 | Mcafee, Inc. | System and method for managing data and policies |
US8447722B1 (en) | 2009-03-25 | 2013-05-21 | Mcafee, Inc. | System and method for data mining and security policy management |
US9215212B2 (en) * | 2009-06-22 | 2015-12-15 | Citrix Systems, Inc. | Systems and methods for providing a visualizer for rules of an application firewall |
US9269061B2 (en) * | 2009-12-10 | 2016-02-23 | Equinix, Inc. | Performance, analytics and auditing framework for portal applications |
US8595176B2 (en) * | 2009-12-16 | 2013-11-26 | The Boeing Company | System and method for network security event modeling and prediction |
US8769373B2 (en) | 2010-03-22 | 2014-07-01 | Cleon L. Rogers, JR. | Method of identifying and protecting the integrity of a set of source data |
EP2577545A4 (en) | 2010-05-25 | 2014-10-08 | Hewlett Packard Development Co | SAFETY EVENTS ASSOCIATED SAFETY IDENTIFICATION DETECTION AND ACTUATOR CATEGORY MODEL |
US20120078912A1 (en) * | 2010-09-23 | 2012-03-29 | Chetan Kumar Gupta | Method and system for event correlation |
US20120095750A1 (en) * | 2010-10-14 | 2012-04-19 | Microsoft Corporation | Parsing observable collections |
US8806615B2 (en) | 2010-11-04 | 2014-08-12 | Mcafee, Inc. | System and method for protecting specified data combinations |
US8478736B2 (en) * | 2011-02-08 | 2013-07-02 | International Business Machines Corporation | Pattern matching accelerator |
US8412722B2 (en) * | 2011-02-08 | 2013-04-02 | International Business Machines Corporation | Upload manager for use in a pattern matching accelerator |
US8799188B2 (en) * | 2011-02-08 | 2014-08-05 | International Business Machines Corporation | Algorithm engine for use in a pattern matching accelerator |
US8447749B2 (en) * | 2011-02-08 | 2013-05-21 | International Business Machines Corporation | Local results processor for use in a pattern matching accelerator |
US8661456B2 (en) | 2011-06-01 | 2014-02-25 | Hewlett-Packard Development Company, L.P. | Extendable event processing through services |
EP2737427A4 (en) | 2011-07-29 | 2015-04-15 | Hewlett Packard Development Co | SYSTEMS AND METHOD FOR THE DISTRIBUTED CONTROL-BASED CORRELATION OF EVENTS |
US20130246334A1 (en) | 2011-12-27 | 2013-09-19 | Mcafee, Inc. | System and method for providing data protection workflows in a network environment |
US9026550B2 (en) * | 2012-01-30 | 2015-05-05 | Siemens Aktiengesellschaft | Temporal pattern matching in large collections of log messages |
US8789181B2 (en) | 2012-04-11 | 2014-07-22 | Ca, Inc. | Flow data for security data loss prevention |
US9531755B2 (en) * | 2012-05-30 | 2016-12-27 | Hewlett Packard Enterprise Development Lp | Field selection for pattern discovery |
EP2856332A4 (en) * | 2012-05-30 | 2016-02-24 | Hewlett Packard Development Co | ADJUSTING PARAMETERS FOR DISCOVERING PATTERNS |
US9092625B1 (en) * | 2012-07-03 | 2015-07-28 | Bromium, Inc. | Micro-virtual machine forensics and detection |
US10607007B2 (en) | 2012-07-03 | 2020-03-31 | Hewlett-Packard Development Company, L.P. | Micro-virtual machine forensics and detection |
US9411955B2 (en) * | 2012-08-09 | 2016-08-09 | Qualcomm Incorporated | Server-side malware detection and classification |
US8938805B1 (en) * | 2012-09-24 | 2015-01-20 | Emc Corporation | Detection of tampering with software installed on a processing device |
US9830451B2 (en) | 2012-11-30 | 2017-11-28 | Entit Software Llc | Distributed pattern discovery |
US9922192B1 (en) | 2012-12-07 | 2018-03-20 | Bromium, Inc. | Micro-virtual machine forensics and detection |
US9471788B2 (en) * | 2012-12-14 | 2016-10-18 | Sap Se | Evaluation of software applications |
US9071535B2 (en) | 2013-01-03 | 2015-06-30 | Microsoft Technology Licensing, Llc | Comparing node states to detect anomalies |
US9420002B1 (en) * | 2013-03-14 | 2016-08-16 | Mark McGovern | Authorization server access system |
EP2785009A1 (en) * | 2013-03-29 | 2014-10-01 | British Telecommunications public limited company | Method and apparatus for detecting a multi-stage event |
EP2785008A1 (en) | 2013-03-29 | 2014-10-01 | British Telecommunications public limited company | Method and apparatus for detecting a multi-stage event |
EP3039566A4 (en) * | 2013-08-28 | 2017-06-21 | Hewlett-Packard Enterprise Development LP | Distributed pattern discovery |
US10430614B2 (en) | 2014-01-31 | 2019-10-01 | Bromium, Inc. | Automatic initiation of execution analysis |
US9794113B2 (en) * | 2014-02-04 | 2017-10-17 | Cisco Technology, Inc. | Network alert pattern mining |
US20150281276A1 (en) * | 2014-03-26 | 2015-10-01 | Juniper Networks, Inc. | Monitoring compliance with security policies for computer networks |
CN105450600B (zh) * | 2014-08-19 | 2018-09-11 | 阿里巴巴集团控股有限公司 | 操作的识别方法及服务器 |
US20170223030A1 (en) | 2016-01-29 | 2017-08-03 | Splunk Inc. | Detection of security transactions |
US9948664B2 (en) * | 2016-07-11 | 2018-04-17 | Petabi, Inc. | Method and system for correlation and management of distributed and heterogeneous events |
US10474966B2 (en) * | 2017-02-27 | 2019-11-12 | Microsoft Technology Licensing, Llc | Detecting cyber attacks by correlating alerts sequences in a cluster environment |
US10586051B2 (en) * | 2017-08-31 | 2020-03-10 | International Business Machines Corporation | Automatic transformation of security event detection rules |
US11755927B2 (en) | 2019-08-23 | 2023-09-12 | Bank Of America Corporation | Identifying entitlement rules based on a frequent pattern tree |
US10911471B1 (en) * | 2019-11-27 | 2021-02-02 | The Florida International University Board Of Trustees | Systems and methods for network-based intrusion detection |
US11775639B2 (en) * | 2020-10-23 | 2023-10-03 | Sophos Limited | File integrity monitoring |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040015719A1 (en) * | 2002-07-16 | 2004-01-22 | Dae-Hyung Lee | Intelligent security engine and intelligent and integrated security system using the same |
GB2391650A (en) * | 2001-12-26 | 2004-02-11 | Yaron Mayer | Computer security arrangement for protection against malicious attacks |
Family Cites Families (61)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5557742A (en) | 1994-03-07 | 1996-09-17 | Haystack Labs, Inc. | Method and system for detecting intrusion into and misuse of a data processing system |
US5717919A (en) | 1995-10-02 | 1998-02-10 | Sybase, Inc. | Database system with methods for appending data records by partitioning an object into multiple page chains |
US5956404A (en) | 1996-09-30 | 1999-09-21 | Schneier; Bruce | Digital signature with auditing bits |
US6453345B2 (en) * | 1996-11-06 | 2002-09-17 | Datadirect Networks, Inc. | Network security and surveillance system |
US5850516A (en) | 1996-12-23 | 1998-12-15 | Schneier; Bruce | Method and apparatus for analyzing information systems using stored tree database structures |
US6192034B1 (en) | 1997-06-30 | 2001-02-20 | Sterling Commerce, Inc. | System and method for network integrity management |
US5978475A (en) | 1997-07-18 | 1999-11-02 | Counterpane Internet Security, Inc. | Event auditing system |
US6070244A (en) | 1997-11-10 | 2000-05-30 | The Chase Manhattan Bank | Computer network security management system |
US6408391B1 (en) | 1998-05-06 | 2002-06-18 | Prc Inc. | Dynamic system defense for information warfare |
US6275942B1 (en) | 1998-05-20 | 2001-08-14 | Network Associates, Inc. | System, method and computer program product for automatic response to computer system misuse using active response modules |
US6134664A (en) | 1998-07-06 | 2000-10-17 | Prc Inc. | Method and system for reducing the volume of audit data and normalizing the audit data received from heterogeneous sources |
US6408404B1 (en) | 1998-07-29 | 2002-06-18 | Northrop Grumman Corporation | System and method for ensuring and managing situation awareness |
US6321338B1 (en) | 1998-11-09 | 2001-11-20 | Sri International | Network surveillance |
US6839850B1 (en) | 1999-03-04 | 2005-01-04 | Prc, Inc. | Method and system for detecting intrusion into and misuse of a data processing system |
US6694362B1 (en) | 2000-01-03 | 2004-02-17 | Micromuse Inc. | Method and system for network event impact analysis and correlation with network administrators, management policies and procedures |
US7159237B2 (en) | 2000-03-16 | 2007-01-02 | Counterpane Internet Security, Inc. | Method and system for dynamic network intrusion monitoring, detection and response |
EP1277326A2 (en) | 2000-04-28 | 2003-01-22 | Internet Security Systems, Inc. | Method and system for managing computer security information |
WO2001084775A2 (en) | 2000-04-28 | 2001-11-08 | Internet Security Systems, Inc. | System and method for managing security events on a network |
US7127743B1 (en) | 2000-06-23 | 2006-10-24 | Netforensics, Inc. | Comprehensive security structure platform for network managers |
US20020091680A1 (en) * | 2000-08-28 | 2002-07-11 | Chirstos Hatzis | Knowledge pattern integration system |
US6542075B2 (en) | 2000-09-28 | 2003-04-01 | Vigilos, Inc. | System and method for providing configurable security monitoring utilizing an integrated information portal |
US7383191B1 (en) | 2000-11-28 | 2008-06-03 | International Business Machines Corporation | Method and system for predicting causes of network service outages using time domain correlation |
KR100376618B1 (ko) | 2000-12-05 | 2003-03-17 | 주식회사 싸이버텍홀딩스 | 에이전트 기반의 지능형 보안 시스템 |
US7168093B2 (en) | 2001-01-25 | 2007-01-23 | Solutionary, Inc. | Method and apparatus for verifying the integrity and security of computer networks and implementation of counter measures |
US20020147803A1 (en) | 2001-01-31 | 2002-10-10 | Dodd Timothy David | Method and system for calculating risk in association with a security audit of a computer network |
US6966015B2 (en) | 2001-03-22 | 2005-11-15 | Micromuse, Ltd. | Method and system for reducing false alarms in network fault management systems |
AU2002344308A1 (en) | 2001-05-31 | 2002-12-09 | Internet Security Systems, Inc. | Method and system for implementing security devices in a network |
US7043727B2 (en) | 2001-06-08 | 2006-05-09 | Micromuse Ltd. | Method and system for efficient distribution of network event data |
US7516208B1 (en) | 2001-07-20 | 2009-04-07 | International Business Machines Corporation | Event database management method and system for network event reporting system |
US7278160B2 (en) | 2001-08-16 | 2007-10-02 | International Business Machines Corporation | Presentation of correlated events as situation classes |
US7039953B2 (en) * | 2001-08-30 | 2006-05-02 | International Business Machines Corporation | Hierarchical correlation of intrusion detection events |
US6928556B2 (en) | 2001-08-30 | 2005-08-09 | International Business Machines Corporation | Method and apparatus in a data processing system for managing situations from correlated events |
US7379993B2 (en) | 2001-09-13 | 2008-05-27 | Sri International | Prioritizing Bayes network alerts |
US20030084349A1 (en) | 2001-10-12 | 2003-05-01 | Oliver Friedrichs | Early warning system for network attacks |
US20030093692A1 (en) | 2001-11-13 | 2003-05-15 | Porras Phillip A. | Global deployment of host-based intrusion sensors |
US7143444B2 (en) | 2001-11-28 | 2006-11-28 | Sri International | Application-layer anomaly and misuse detection |
US7171689B2 (en) | 2002-02-25 | 2007-01-30 | Symantec Corporation | System and method for tracking and filtering alerts in an enterprise and generating alert indications for analysis |
US20030221123A1 (en) | 2002-02-26 | 2003-11-27 | Beavers John B. | System and method for managing alert indications in an enterprise |
US20030188189A1 (en) | 2002-03-27 | 2003-10-02 | Desai Anish P. | Multi-level and multi-platform intrusion detection and response system |
US20040024864A1 (en) | 2002-07-31 | 2004-02-05 | Porras Phillip Andrew | User, process, and application tracking in an intrusion detection system |
EP1535164B1 (en) | 2002-08-26 | 2012-01-04 | International Business Machines Corporation | Determining threat level associated with network activity |
US7219239B1 (en) | 2002-12-02 | 2007-05-15 | Arcsight, Inc. | Method for batching events for transmission by software agent |
US7376969B1 (en) | 2002-12-02 | 2008-05-20 | Arcsight, Inc. | Real time monitoring and analysis of events from multiple network security devices |
US7308689B2 (en) | 2002-12-18 | 2007-12-11 | International Business Machines Corporation | Method, apparatus, and program for associating related heterogeneous events in an event handler |
US7483972B2 (en) * | 2003-01-08 | 2009-01-27 | Cisco Technology, Inc. | Network security monitoring system |
US6985920B2 (en) * | 2003-06-23 | 2006-01-10 | Protego Networks Inc. | Method and system for determining intra-session event correlation across network address translation devices |
US7260844B1 (en) | 2003-09-03 | 2007-08-21 | Arcsight, Inc. | Threat detection in a network security system |
US7644365B2 (en) | 2003-09-12 | 2010-01-05 | Cisco Technology, Inc. | Method and system for displaying network security incidents |
US7333999B1 (en) | 2003-10-30 | 2008-02-19 | Arcsight, Inc. | Expression editor |
FR2864392A1 (fr) | 2003-12-17 | 2005-06-24 | France Telecom | Procede de classification automatique d'un ensemble d'alertes issues de sondes de detection d'intrusions d'un systeme de securite d'information |
FR2864282A1 (fr) | 2003-12-17 | 2005-06-24 | France Telecom | Procede de gestion d'un ensemble d'alertes issus de sondes de detection d'intrusions d'un systeme de securite d'informations. |
US7509677B2 (en) | 2004-05-04 | 2009-03-24 | Arcsight, Inc. | Pattern discovery in a network security system |
US20080165000A1 (en) | 2004-05-10 | 2008-07-10 | France Telecom | Suppression of False Alarms in Alarms Arising from Intrusion Detection Probes in a Monitored Information System |
US7424742B1 (en) | 2004-10-27 | 2008-09-09 | Arcsight, Inc. | Dynamic security events and event channels in a network security system |
US8850565B2 (en) | 2005-01-10 | 2014-09-30 | Hewlett-Packard Development Company, L.P. | System and method for coordinating network incident response activities |
US7577633B2 (en) | 2005-12-08 | 2009-08-18 | Intellitactics Inc. | Self learning event parser |
US7961633B2 (en) | 2005-12-08 | 2011-06-14 | Sanjeev Shankar | Method and system for real time detection of threats in high volume data streams |
US7437359B2 (en) | 2006-04-05 | 2008-10-14 | Arcsight, Inc. | Merging multiple log entries in accordance with merge properties and mapping properties |
US9824107B2 (en) | 2006-10-25 | 2017-11-21 | Entit Software Llc | Tracking changing state data to assist in computer network security |
US8108550B2 (en) | 2006-10-25 | 2012-01-31 | Hewlett-Packard Development Company, L.P. | Real-time identification of an asset model and categorization of an asset to assist in computer network security |
WO2008083267A2 (en) | 2006-12-28 | 2008-07-10 | Arcsight, Inc. | Storing log data efficiently while supporting querying to assist in computer network security |
-
2004
- 2004-05-04 US US10/839,613 patent/US7509677B2/en not_active Expired - Fee Related
-
2005
- 2005-05-04 PL PL05746753T patent/PL1749386T3/pl unknown
- 2005-05-04 CA CA2565343A patent/CA2565343C/en not_active Expired - Fee Related
- 2005-05-04 EP EP05746753A patent/EP1749386B1/en not_active Not-in-force
- 2005-05-04 DE DE602005020609T patent/DE602005020609D1/de active Active
- 2005-05-04 WO PCT/US2005/015933 patent/WO2005107424A2/en active Application Filing
- 2005-05-04 AU AU2005240203A patent/AU2005240203B2/en not_active Ceased
- 2005-05-04 KR KR1020067025550A patent/KR101007899B1/ko not_active IP Right Cessation
- 2005-05-04 JP JP2007511653A patent/JP5038888B2/ja not_active Expired - Fee Related
- 2005-05-04 NZ NZ550752A patent/NZ550752A/en not_active IP Right Cessation
- 2005-05-04 AT AT05746753T patent/ATE464729T1/de active
-
2006
- 2006-10-25 IL IL178861A patent/IL178861A/en active IP Right Grant
-
2007
- 2007-04-17 HK HK07104042.3A patent/HK1096794A1/xx not_active IP Right Cessation
-
2008
- 2008-10-01 US US12/243,838 patent/US7984502B2/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2391650A (en) * | 2001-12-26 | 2004-02-11 | Yaron Mayer | Computer security arrangement for protection against malicious attacks |
US20040015719A1 (en) * | 2002-07-16 | 2004-01-22 | Dae-Hyung Lee | Intelligent security engine and intelligent and integrated security system using the same |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2014531647A (ja) * | 2011-09-09 | 2014-11-27 | ヒューレット−パッカード デベロップメント カンパニー エル.ピー.Hewlett‐Packard Development Company, L.P. | 基準ベースラインに基づき、イベントシーケンス中の時間的位置に従ってイベントを評価するシステム及び方法 |
US9646155B2 (en) | 2011-09-09 | 2017-05-09 | Hewlett Packard Enterprise Development Lp | Systems and methods for evaluation of events based on a reference baseline according to temporal position in a sequence of events |
KR20160120761A (ko) | 2014-03-31 | 2016-10-18 | 가부시키가이샤 랏쿠 | 로그 분석 시스템 |
KR20160134676A (ko) | 2014-03-31 | 2016-11-23 | 가부시키가이샤 랏쿠 | 로그 분석 시스템 |
CN107209834A (zh) * | 2015-02-04 | 2017-09-26 | 日本电信电话株式会社 | 恶意通信模式提取装置、恶意通信模式提取系统、恶意通信模式提取方法及恶意通信模式提取程序 |
JP2017144852A (ja) * | 2016-02-17 | 2017-08-24 | 日立オートモティブシステムズ株式会社 | 車両制御装置 |
WO2017141589A1 (ja) * | 2016-02-17 | 2017-08-24 | 日立オートモティブシステムズ株式会社 | 車両制御装置 |
Also Published As
Publication number | Publication date |
---|---|
US20090064333A1 (en) | 2009-03-05 |
WO2005107424A2 (en) | 2005-11-17 |
US7509677B2 (en) | 2009-03-24 |
EP1749386B1 (en) | 2010-04-14 |
CA2565343A1 (en) | 2005-11-17 |
HK1096794A1 (en) | 2007-06-08 |
CA2565343C (en) | 2013-01-15 |
JP5038888B2 (ja) | 2012-10-03 |
ATE464729T1 (de) | 2010-04-15 |
EP1749386A2 (en) | 2007-02-07 |
AU2005240203A1 (en) | 2005-11-17 |
US7984502B2 (en) | 2011-07-19 |
IL178861A (en) | 2011-09-27 |
IL178861A0 (en) | 2007-03-08 |
US20050251860A1 (en) | 2005-11-10 |
AU2005240203B2 (en) | 2011-01-27 |
PL1749386T3 (pl) | 2010-08-31 |
WO2005107424A3 (en) | 2006-03-02 |
NZ550752A (en) | 2009-09-25 |
KR20070050402A (ko) | 2007-05-15 |
KR101007899B1 (ko) | 2011-01-14 |
DE602005020609D1 (de) | 2010-05-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5038888B2 (ja) | ネットワーク・セキュリティ・システムにおけるパターン発見方法及びシステム | |
Porras et al. | A mission-impact-based approach to INFOSEC alarm correlation | |
KR101010302B1 (ko) | Irc 및 http 봇넷 보안 관제를 위한 관리 시스템 및 그 방법 | |
US7624448B2 (en) | Intelligent intrusion detection system utilizing enhanced graph-matching of network activity with context data | |
US20070209075A1 (en) | Enabling network intrusion detection by representing network activity in graphical form utilizing distributed data sensors to detect and transmit activity data | |
US8065732B1 (en) | Object reference in a system | |
US20050021683A1 (en) | Method and apparatus for correlating network activity through visualizing network data | |
US7844999B1 (en) | Message parsing in a network security system | |
EP2856333A1 (en) | Field selection for pattern discovery | |
JP2021530807A (ja) | コンピュータセキュリティインシデントを報告するためのシステムおよび方法 | |
CN113794276A (zh) | 一种基于人工智能的配电网终端安全行为监测系统及方法 | |
WO2005117347A2 (en) | Metric driven holistic network management system | |
CN113259356A (zh) | 大数据环境下的威胁情报与终端检测响应方法及系统 | |
CN113660115A (zh) | 基于告警的网络安全数据处理方法、装置及系统 | |
CN117454376A (zh) | 工业互联网数据安全检测响应与溯源方法及装置 | |
Wasniowski | Multi-sensor agent-based intrusion detection system | |
LaPadula | State of the art in anomaly detection and reaction | |
Kalutarage | Effective monitoring of slow suspicious activites on computer networks. | |
CN116827698B (zh) | 一种网络关口流量安全态势感知系统及方法 | |
US7890584B2 (en) | System for information capture | |
Yadav et al. | Intrusion detection system with FGA and MLP algorithm | |
Reddy | Genetic Algorithm Approach for Intrusion Detection | |
CN115051865A (zh) | 一种用于实现数据维护的安全态势感知系统 | |
Hu | TIAA: A toolkit for intrusion alert analysis | |
Molawade et al. | Big Heterogeneous Data for Intrusion Detection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20070918 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20080502 |
|
A621 | Written request for application examination |
Free format text: JAPANESE INTERMEDIATE CODE: A621 Effective date: 20080502 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20100608 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20100621 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20110531 |
|
A601 | Written request for extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A601 Effective date: 20110829 |
|
A602 | Written permission of extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A602 Effective date: 20110905 |
|
A601 | Written request for extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A601 Effective date: 20110929 |
|
A602 | Written permission of extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A602 Effective date: 20111006 |
|
A601 | Written request for extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A601 Effective date: 20111028 |
|
A602 | Written permission of extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A602 Effective date: 20111107 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20111130 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20120110 |
|
A601 | Written request for extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A601 Effective date: 20120409 |
|
A602 | Written permission of extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A602 Effective date: 20120416 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20120510 |
|
TRDD | Decision of grant or rejection written | ||
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20120605 |
|
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20120706 |
|
FPAY | Renewal fee payment (event date is renewal date of database) |
Free format text: PAYMENT UNTIL: 20150713 Year of fee payment: 3 |
|
R150 | Certificate of patent or registration of utility model |
Ref document number: 5038888 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
S533 | Written request for registration of change of name |
Free format text: JAPANESE INTERMEDIATE CODE: R313533 |
|
R350 | Written notification of registration of transfer |
Free format text: JAPANESE INTERMEDIATE CODE: R350 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
LAPS | Cancellation because of no payment of annual fees |