REGISTER now for FREE 
|
FREE patent keyword monitoring and additional FREE benefits. REGISTER now for FREE
|
|
|
Information Security > Monitoring Or Scanning Of Software Or Data Including Attack Prevention > Intrusion Detection Intrusion DetectionIntrusion Detection patent applications listed are from June 2005 to current and include Date, Patent Application Number, Patent Title, Patent Abstract summary and are linked to the corresponding patent application page.10/18/07 - 20070245420 - Method and system for user network behavioural based anomaly detection A baseline can be defined using specific attributes of the network traffic. Using the established baseline, deviation can then be measured to detect anomaly on the network. The accuracy of the baseline is the most important criterion of any effective network anomaly detection technique. In a local area network (LAN) ... 10/18/07 - 20070245419 - Intrusion detection during program execution in a computer The present invention includes a computer system (20) with a memory (32, 34, 36) and a processing device (24). The processing device (24) includes logic (50) to alter content of one or more instructions of a computer program and store the computer program after instruction content alteration in the memory ... 10/04/07 - 20070234427 - Method for determining identification of an electronic device A utility to determine identity of an electronic device electronically, by running a device attribute collection application that collects key data points of the electronic devices and a device identification application that uses these key data points to link the electronic device to a specific owner or entity. Data points ... 10/04/07 - 20070234426 - Comprehensive security structure platform for network managers A computer system for detecting and monitoring network intrusion events from log data received from network service devices in a computer network, the computer system having discrete modules associated with a function performed on the log data received, the computer system having an event parser in communication with at least ... 09/13/07 - 20070214504 - Method and system for network intrusion detection, related network and computer program product A system for providing intrusion detection in a network wherein data flows are exchanged using associated network ports and application layer protocols. The system includes a monitoring module configured for monitoring data flows in the network, a protocol identification engine configured for detecting information on the application layer protocols involved ... 09/06/07 - 20070209075 - Enabling network intrusion detection by representing network activity in graphical form utilizing distributed data sensors to detect and transmit activity data A method, system, and computer program product for detecting and mapping activity occurring at and between devices on a computer network for utilization within an intrusion detection mechanism. An enhanced graph matching intrusion detection system (eGMIDS) utility executing on a control server provides data collection functions and data fusion techniques. ... 09/06/07 - 20070209074 - Intelligent intrusion detection system utilizing enhanced graph-matching of network activity with context data A method, system, and computer program product for utilizing a mapping of activity occurring at and between devices on a computer network to detect and prevent network intrusions. An enhanced graph matching intrusion detection system (eGMIDS) is provided that provides data collection functions, data fusion techniques, graph matching algorithms, and ... 08/30/07 - 20070204343 - Presentation of correlated events as situation classes A method, computer program product, and apparatus for presenting data about security-related events that puts the data into a concise form is disclosed. Events are abstracted into a set data-type. Sets with common elements are grouped together, and summaries of the groups—“situations”—are presented to a user or administrator. ... 08/23/07 - 20070199070 - Systems and methods for intelligent monitoring and response to network threats A network threat response engine creates order rules based on the real time study of the patterns and the subsequent behavior analysis of the security events in the network. The network threat response engine monitors the flow of communication streams, compiles statistics are compares these with the existing database(s) of ... 08/16/07 - 20070192864 - Software root of trust A software system that transforms an original application into an STPM enabled application and runs the enabled application. At protect time, an anti-tamper tool accepts the original application, uses anti-tamper techniques to create a guarded application, creates a security wrapper according to a policy file, and wraps the guarded application ... 08/16/07 - 20070192863 - Systems and methods for processing data flows A flow processing facility, which uses a set of artificial neurons for pattern recognition, such as a self-organizing map, in order to provide security and protection to a computer or computer system supports unified threat management based at least in part on patterns relevant to a variety of types of ... 08/16/07 - 20070192862 - Automated containment of network intruder The invention in the preferred embodiment features a system (200) and method for automatically segregating harmful traffic from other traffic at a plurality of network nodes including switches and routers. In the preferred embodiment, the system (200) comprises an intrusion detection system (105) to determine the identity of an intruder ... 08/16/07 - 20070192860 - Dynamic network tuner for the automated correlation of networking device functionality and network-related performance A dynamic network tuner establishes fluid, continuous, and automatic correlation between the extent and/or degree of a networking device's functionality, on the one hand, and the network-related performance (i.e., network data traffic and/or network application performance), on the other. The dynamic network tuner can be embodied as a discrete device ... 08/02/07 - 20070180526 - Flow-based detection of network intrusions A flow-based intrusion detection system for detecting intrusions in computer communication networks. Data packets representing communications between hosts in a computer-to-computer communication network are processed and assigned to various client/server flows. Statistics are collected for each flow. Then, the flow statistics are analyzed to determine if the flow appears to ... 08/02/07 - 20070180525 - Security system and method A method and system for providing security to organizations having data and information, involving a vision specific to the organization by gathering information and determining current and future plans and needs, a scenario for protection from invasive activities including cyber-space and physical invasion, and intelligence to assist in determining protection. ... 08/02/07 - 20070180524 - Method for sensing and recovery against buffer overflow attacks and apparatus thereof Methods and apparatuses for detecting and recovering from a buffer overflow attack are provided. A method of recovering an operation state of a processor from a buffer overflow attach includes: detecting whether a buffer overflow attack is made on any write operation while storing write operations that are potential targets ... 07/26/07 - 20070174912 - Methods and apparatus providing recovery from computer and network security attacks A system creates a secondary stack containing execution information of at least one function operating on the computer system, and receives an attack notification of an attack on the computer system. The system determines a point in the secondary stack at which a recovery from the attack is possible. In ... 07/19/07 - 20070169196 - Real time active network compartmentalization Security policy manager devices are leveraged by manager objects to use highly secure user transparent communications to provide detection of questionable activities at every node, automatic collection of information related to any potential attack, isolation of the offending object with arbitrary flexibility of response (e.g. flexibly determining the level of ... 07/19/07 - 20070169195 - System and method of dynamically weighted analysis for intrusion decison-making An intrusion detection mechanism is provided for flexible, automatic, thorough, and consistent security checking and vulnerability resolution in a heterogeneous environment. The mechanism may provide a predefined number of default intrusion analysis approaches, such as signature-based, anomaly-based, scan-based, and danger theory. The intrusion detection mechanism also allows a limitless number ... 07/19/07 - 20070169194 - Threat scoring system and method for intrusion detection security networks Embodiments of the invention provide a security expert system (SES) that automates intrusion detection analysis and threat discovery that can use fuzzy logic and forward-chaining inference engines to approximate human reasoning process. Embodiments of the SES can analyze incoming security events and generate a threat rating that indicates the likelihood ... 07/19/07 - 20070169193 - Data processing system A data processing system is disclosed that includes a read unit configured to read unique information identifying an individual from an individual identification medium, an input unit configured to capture the unique information read by the read unit and convert the unique information into digital unique information, and a database ... 07/05/07 - 20070157315 - System and method for using timestamps to detect attacks A system and method are disclosed for detecting intrusions in a host system on a network. The intrusion detection system comprises an analysis engine configured to use continuations and apply forward- and backward-chaining using rules. Also provided are sensors, which communicate with the analysis engine using a meta-protocol in which ... 06/28/07 - 20070150955 - Event detection system, management terminal and program, and event detection method An analyzing terminal 3 monitors a to-be-monitored characteristic amount. When a change in the characteristic amount is detected, the analyzing terminal 3 notifies the effect that a change in the characteristic amount has been detected to a management terminal 4. The management terminal 4 sums up the number of the ... 06/28/07 - 20070150953 - Method and apparatus for secure credential entry without physical entry A method and apparatus are disclosed wherein a portable memory storage device is provided for interfacing with a communications port of the computer system. During operating system start up of the operating system of the computer, fields relating to security of the operating system are prompted for. The portable memory ... 06/21/07 - 20070143848 - Methods and apparatus providing computer and network security for polymorphic attacks A system detects an attack on the computer system. The system identifies the attack as polymorphic, capable of modifying itself for every instance of execution of the attack. The modification of the attack is utilized to defeat detection of the attack. In one embodiment, the system determines generation of an ... 06/21/07 - 20070143847 - Methods and apparatus providing automatic signature generation and enforcement A system inserts at least one notifying identifier in the computer system. The at least one notifying identifier provides execution information associated with the computer system. The system receives execution information from the at least one notifying identifier, the execution information identifies details associated with a traffic flow on the ... 06/21/07 - 20070143846 - System and method for detecting network-based attacks on electronic devices A system and method for detecting network-based attacks on an electronic device. The system and method operable to detect network-based attacks on the electronic device comprising receiving data packets on the electronic device, tracking disposition of the data packets by the electronic device by recording one or more paths through ... 06/07/07 - 20070130623 - Apparatus for generation of intrusion alert data and method thereof An apparatus for generating intrusion alert data and a method thereof are provided. The apparatus for generating and transmitting alert data in relation to intrusion includes: an input unit receiving inputs of an alert data type in preparation against an intrusion, and a transmission amount per unit time for transmitting ... 05/31/07 - 20070124815 - Method and apparatus for storing intrusion rule A method and apparatus for storing an intrusion rule are provided. The method stores a new intrusion rule in an intrusion detection system having already stored intrusion rules, and includes: generating combinations of divisions capable of dividing the new intrusion rule into a plurality of partial intrusion rules; calculating the ... 05/24/07 - 20070118909 - Method for the detection and visualization of anomalous behaviors in a computer network A method for the detection of anomalous behaviors in a computer network, comprising the steps of: collecting data relating to connections in a plurality of nodes in a network, sending the data from said nodes to an ADS platform, computing from said data at least one value representative of the ... 05/24/07 - 20070118908 - Snoop echo response extractor A mechanism is provided for identifying a snooping device in a network environment. A snoop echo response extractor generates an echo request packet with a bogus MAC address that will only be received by a snooping device. The snoop echo response extractor also uses an IP address that will cause ... 05/24/07 - 20070118907 - Management equipment for mission critical system A management equipment for mission critical system (MCS) is provided wherein the management equipment for MCS is disposed in front of MCS associated with productive facilities and has a same IP address as that of the MCS to thereby prevent malignant codes from flowing into the MCS by limiting TCP/UDP ... 05/24/07 - 20070118906 - System and method for deprioritizing and presenting data A method and system are provided that prioritizes and presents data for review by a sys admin. The system receives a high volume of intrusion event data, the intrusion event data (“event”) selected as matching at least one of a library of signatures. Significance of particular types of signature match ... 05/24/07 - 20070118905 - Method of automatically classifying a set of alarms emitted by sensors for detecting intrusions of an information security system A of automatically classifying alerts issued by intrusion detection sensors (11a, 11b, 11c) of an information security system (1) for producing collated alerts, each alert being defined by a plurality of qualitative attributes (a1, . . . , an) belonging to a plurality of attribute domains (A1, . . . ... 05/17/07 - 20070113285 - Interoperability of vulnerability and intrusion detection systems A system in accordance with an embodiment of the invention includes a vulnerability detection system (VDS) and an intrusion detection system (IDS). The intrusion detection system leverages off of information gathered about a network, such as vulnerabilities, so that it only examines and alerts the user to potential intrusions that ... 05/17/07 - 20070113284 - Techniques for network protection based on subscriber-aware application proxies Techniques for responding to intrusions on a packet switched network include receiving user data at a subscriber-aware gateway server between a network access server and a content server. The user data includes subscriber identifier data that indicates a unique identifier for a particular user, network address data that indicates a ... 05/10/07 - 20070107059 - Trusted communication network A system includes a processing node configured to send authorized inbound messages to registered enterprise networks. An authorized message is a message that includes trusted source indicia. Trusted source indicia indicates that the message was sent by one or more of the processing node or an authenticated message transfer node ... 05/10/07 - 20070107058 - Intrusion detection using dynamic tracing Techniques have been developed whereby dynamic kernel/user-level tracing may be employed to efficiently characterize runtime behavior of production code. Using dynamic tracing techniques, user space or kernel instruction sequences between system calls may be instrumented without access to source code. In some realizations, instrumentation may be interactively specified on a ... 05/03/07 - 20070101429 - Connection-rate filtering using arp requests One embodiment relates to a method of connection-rate filtering by a network device. Address resolution protocol (ARP) request packets received from a sub-network are monitored, and a copy of the received ARP request packets are sent to an agent program. The agent program determines a rate of ARP request packets ... 05/03/07 - 20070101428 - Denial-of-service attack defense system, denial-of-service attack defense method, and denial-of-service attack defense program A monitoring device is provided on a LAN to which a communication device that is a target of a denial-of-service attack is connected, and monitors a packet transmitted to the communication device via an ISP network. A restricting device is provided on the ISP network, and restricts a packet to ... 04/26/07 - 20070094729 - Secure self-organizing and self-provisioning anomalous event detection systems An approach for providing managed security services is disclosed. A database, within a server or a pre-existing anomalous event detection system, stores a rule set specifying a security policy for a network associated with a customer. An anomalous detection event module is deployed within a premise of the customer and ... 04/26/07 - 20070094728 - Attack signature generation The present invention provides a method for generating from requests from a first data network attack signatures for use in a second data network having a plurality of addresses assigned to data processing systems, the method comprising receiving data traffic from the first data network addressed to a number of ... 04/05/07 - 20070079376 - Rogue access point detection in wireless networks Methods to detect rogue access points (APs) and prevent unauthorized wireless access to services provided by a communication network are provided. A mobile station (MS) reports to a serving AP the received signal strength (RSS) for all APs in the area it travels. The serving AP detect a rogue AP ... 03/29/07 - 20070074289 - Client side exploit tracking A system and method for managing pestware is described. In one embodiment the method includes monitoring the receipt of a file at the protected computer, monitoring processes created on the protected computer, identifying at least one of the processes as a process that is generated from the file, monitoring activity ... 03/22/07 - 20070067841 - Scalable monitor of malicious network traffic A monitor of malicious network traffic attaches to unused addresses and monitors communications with an active responder that has constrained-state awareness to be highly scalable. In a preferred embodiment, the active responder provides a response based only on the previous statement from the malicious source, which in most cases is ... 03/15/07 - 20070061884 - Intrusion detection accelerator An accelerator that detects at high speed, information in a document which may indicate a possible intrusion into or attack on a networked computer system or node thereof or other security breach. ... 03/15/07 - 20070061883 - System and method for generating fictitious content for a computer A system and method are disclosed for generating fictitious computer file system content. A template is created. A collection of data items available to be inserted into the template is provided. The template is populated with at least one data item from the collection. ... 03/15/07 - 20070061882 - Instance based learning framework for effective behavior profiling and anomaly intrusion detection Intruders into a computer are detected by capturing historical data input into the computer by a user during a training mode, by profiling the historical data during the training mode to identify normal behavior, by capturing test data input by the user into the computer during an operational mode, by ... 03/08/07 - 20070056038 - Fusion instrusion protection system An intrusion protection system that fuses a network instrumentation classification with a packet payload signature matching system. Each of these kinds of systems is independently capable of being effectively deployed as an anomaly detection system. By employing sensor fusion techniques to combine the instrumentation classification approach with the signature matching ... 03/01/07 - 20070050847 - Secure user action request indicator A mobile communications device is adapted to use applications resident on a remote network server. The display of the mobile device is divided into static and dynamic display zones. Inquiries originating externally from the mobile device are identified and restrictively routed only to the dynamic display. Internally generated inquiries trigger ... 02/22/07 - 20070044151 - System integrity manager A system integrity manager, system, computer program product and method for providing security may include transforming an operational behavior of an instance of a computing system from a general purpose computing system to a special purpose computing system. The operational behavior may be transformed by using at least one of ... 01/11/07 - 20070011743 - Method and apparatus for communicating intrusion-related information between internet service providers Disclosed is a system and method for the sharing of intrusion-related information. The sharing of intrusion-related information occurs via a peering relationship between a first Internet Service Provider (ISP) and a second ISP. A first node associated with a first ISP transmits intrusion-related information to a second node associated with ... 12/28/06 - 20060294588 - System, method and program for identifying and preventing malicious intrusions Computer system, method and program product for identifying a malicious intrusion. A first number of different destination IP addresses, a second number of different destination ports and a third number of different signatures of messages, are identified from a source IP address during a predetermined period. A determination is made ... 12/21/06 - 20060288413 - Intrusion detection and prevention system An intrusion detection and prevention device includes a retaining unit retaining at least one of attack suspicion threshold values of which levels are different from each other in order to detect a denial-of-service attack, and an attack determination threshold value, a detecting unit detecting an attack suspicion state when a ... 12/14/06 - 20060282894 - Adaptive defense against various network attacks An apparatus for optimizing a filter based on detected attacks on a data network includes an estimation means and an optimization means. The estimation means operates when a detector detects an attack and the detector transmits an inaccurate attack severity. The estimation means determines an accurate attack severity. The optimization ... 12/14/06 - 20060282893 - Network information security zone joint defense system A network information security zone joint defense system is provided, which monitors a network connection status through a network defense appliance. Once the network defense appliance detects a user computer in a network system triggering the conditions of a network zone joint defense, the network defense appliance immediately and automatically ... 12/14/06 - 20060282892 - Method and apparatus for preventing dos attacks on trunk interfaces A method of protecting a data network from denial of service (DOS) attacks is described. The method may use various network tools to selectively block or disable portions of a data trunk experiencing a DOS attack, thereby preventing the DOS attack from reaching at least some resources on the network. ... 12/14/06 - 20060282891 - Security perimeters A security system that is associated with a customer network includes first, second, and third security perimeters. The first security perimeter includes a set of content delivery network (CDN) devices configured to provide first protection against a network attack associated with the customer network. The second security perimeter includes a ... 11/30/06 - 20060272020 - Persistent servicing agent A tamper resistant servicing Agent for providing various services (e.g., data delete, firewall protection, data encryption, location tracking, message notification, and updating software) comprises multiple functional modules, including a loader module (CLM) that loads and gains control during POST, independent of the OS, an Adaptive Installer Module (AIM), and a ... 11/30/06 - 20060272019 - Intelligent database selection for intrusion detection & prevention systems A method and software for detecting computer system intrusions. More specifically, a method and software for detecting such intrusions by comparing an electronic signal to a database of know intrusion signatures, where the database is chosen based on various characteristics of the signal. ... 11/30/06 - 20060272018 - Method and apparatus for detecting denial of service attacks An approach is provided for supporting network security. A dataflow destined for an end user network is received. The dataflow is sampled according to a predetermined sampling rate. Flow information is generated from the sampled dataflow. The flow information is forwarded to a collector device for remote behavioral analysis to ... 11/23/06 - 20060265748 - Method for detecting sophisticated cyber attacks A method of analyzing computer intrusion detection information that looks beyond known attacks and abnormal access patterns to the critical information that an intruder may want to access. Unique target identifiers and type of work performed by the networked targets is added to audit log records. Analysis using vector space ... 11/16/06 - 20060259970 - Systems and methods for distributed network protection By distributing various information and monitoring centers that monitor distributed networks and unauthorized access attempts, it is possible to, for example, more quickly defend against an unauthorized access attempts. For example, a Level 1 monitoring center could monitor a predetermined geographical area serving, for example, a wide variety of commercial ... 11/16/06 - 20060259969 - Method of preventing replay attack in mobile ipv6 Disclosed is a method of preventing a replay attack during a handoff in a communication system using a Mobile IPv6 protocol. A mobile node creates a CoA (Care of Address) by handoff and sends the CoA to a correspondent node, thereby creating a binding entry. Upon receipt of a binding ... 11/09/06 - 20060253907 - Geographical intrusion mapping system using telecommunication billing and inventory systems Systems and methods for geographically mapping a threat into a network having one or more network points include receiving threat information identifying a threat to a point of the network, correlating the threat information with location information for the identified network point, and network identification information for the identified network ... 11/09/06 - 20060253906 - Systems and methods for testing and evaluating an intrusion detection system Systems, methods and devices according to this invention include a plurality of defined modification rules for modifying a sequence of packets that form an attack on an intrusion detection system. These modification rules include both rules that expand the number of packets and rules that reduce the number of packets. ... 11/09/06 - 20060253905 - System and method for surveilling a computer network A system for surveilling a computer network comprises a surveillance management system coupled to one or more monitored systems. ... 11/02/06 - 20060248590 - System and method for protecting an information server A system and method are provided for reducing the risk of unauthorized intruder access to a protected information server from an application server. The method may include the operation of maintaining a data source object using the application server. The data source object can contain first information for accessing the ... 10/26/06 - 20060242707 - System and method for protecting a computer system A system and methodology that securely protects data in a computer system. According to the invention, security system is suitable for a computer system having at least one file stored therein. The security system comprises a creating module, a monitoring module, a recording means and a detecting module. The creating ... 10/26/06 - 20060242706 - Methods and systems for evaluating and generating anomaly detectors Methods, systems, and processor readable medium for selecting an anomaly detector for a system, including: generating an anomaly detector (AD) candidate population by characterizing AD candidates by one or more system parameters and system attributes (collectively herein, “system attributes”); training the AD candidate population using non-anomaly data associated with the ... 10/26/06 - 20060242705 - System and method for detection and mitigation of network worms An intrusion detection system for a computer network includes a knowledge database that contains a baseline of normal host behavior, and a correlation engine that monitors network activity with reference to the knowledge database. The correlation engine accumulating information about anomalous events occurring on the network and then periodically correlating ... 10/26/06 - 20060242704 - Method and system for preventing operating system detection A method and system for preventing the detection of an operating system by an intruder, the operating system installed on a host in a network, is provided. The intruder transmits a network probe for operating system detection. The network probe is identified and a response is generated to the network ... 10/26/06 - 20060242703 - Method and system for detecting unauthorized use of a communication network A system for detecting unauthorised use of a network is provided with a pattern matching engine for searching attack signatures into data packets, and with a response analysis engine for detecting response signatures into data packets sent back from an attacked network/computer. When a suspect signature has been detected into ... 10/19/06 - 20060236395 - System and method for conducting surveillance on a distributed network A method is provided for conducting surveillance on a network. Data is captured on a network for a plurality of aggregated channels. The data is from individuals with network access identifiers that permit the individuals to gain access to the network, or applications on the network. The data is used ... 10/19/06 - 20060236394 - Wan defense mitigation service A mitigation service may be used to mitigate a network attack in a network including a group of mitigation devices. Datagrams, intended for a customer that is subject of a network attack, may be received by at least one of the mitigation devices based on an anycast address associated with ... 10/19/06 - 20060236393 - System and method for protecting a limited resource computer from malware The present invention is directed to a system and methods for protecting a limited resource computer from malware. Aspects of the present invention use antivirus software on a general purpose computer to prevent malware from infecting a limited resource computer. Typically, antivirus software on the general purpose computer is kept ... 10/19/06 - 20060236392 - Aggregating the knowledge base of computer systems to proactively protect a computer from malware In accordance with the present invention, a system, method, and computer-readable medium for aggregating the knowledge base of a plurality of security services or other event collection systems to protect a computer from malware is provided. One aspect of the present invention is a method that proactively protects a computer ... 09/28/06 - 20060218638 - System and method for backing up data A method is provided to facilitate the detection of file tampering, such as a computer virus, on a computer. In one example, a digital fingerprint is generated for each file on the computer using a substantially collision-free algorithm. The digital fingerprints of the computer files are compared with digital fingerprints ... 09/28/06 - 20060218637 - System and method of selectively scanning a file on a computing device for malware In accordance with this invention, a system, method, and computer-readable medium that selectively scans files stored on a computing device for malware is provided. One or more files may be sent from a trusted source to a computing device that implements the present invention. The integrity of the files that ... 09/14/06 - 20060206940 - Computer security intrusion detection system for remote, on-demand users An intrusion detection system, and a related method and computer program product, for implementing intrusion detection in a remote, on-demand computing service environment in which one or more data processing hosts are made available to a remote on-demand user that does not have physical custody and control over the host(s). ... 09/07/06 - 20060200862 - Method and apparatus for locating rogue access point switch ports in a wireless network related patent applications Methods and apparatus are disclosed for locating and disabling the switch port of a rogue wireless access point. In one embodiment, a network management device is configured to detect the presence of a rogue access point on a managed wireless network. Once detected, the management device may then instruct a ... 08/31/06 - 20060195903 - Cryptic information and behavior generation for competitive environments An invention was developed to improve the performance and survivability of units in a competitive environment. Cryptic Command, Control, and Planning, and Management increases to apparent randomness of a plan from an opponent's perspective without increasing the randomness that is apparent to friendly parties. Friendly systems each carry a keyed ... 08/24/06 - 20060191010 - System for intrusion detection and vulnerability assessment in a computer network using simulation and machine learning The present invention provides a system and method for predicting and preventing unauthorized intrusion in a computer configuration. Preferably, the invention comprises a communication network to which at least two computing devices connect, wherein at least one of the computing devices is operable to receive data transmitted by the other ... 08/24/06 - 20060191009 - Data encryption/decryption method and monitoring system A monitoring system has a distribution apparatus which encrypts continuous data and distributes the encrypted continuous data via a network, a reproduction apparatus which decrypts the encrypted data distributed via the network to reproduce the continuous data, and a key management apparatus which has a key management database. The distribution ... 08/24/06 - 20060191008 - Apparatus and method for accelerating intrusion detection and prevention systems using pre-filtering An accelerated network intrusion detection and prevention system includes, in part, first, second and third processing stages. The first processing stage receives incoming packets and generates, in response, first and second processed data streams using a first set of rules. The first processing stage optionally detects whether the received packets ... 08/17/06 - 20060185014 - Systems, methods, and devices for defending a network Certain exemplary embodiments comprise a method comprising: within a backbone network: for backbone network traffic addressed to a particular target and comprising attack traffic and non-attack traffic, the attack traffic simultaneously carried by the backbone network with the non-attack traffic: redirecting at least a portion of the attack traffic to ... 08/10/06 - 20060179485 - Intrusion handling system and method for a packet network with dynamic network address utilization An intrusion handling system for a packet network is provided according to an embodiment of the invention. The intrusion handling system includes a communication interface configured to receive or detect a network event that is directed to a network address. The intrusion handling system further includes a processing system coupled ... 08/10/06 - 20060179484 - Remediating effects of an undesired application Remediating effects of an undesired application. A remediation system comprises a script generator and a fix tool builder. The script generator is able to generate a script comprising remediation information corresponding to one or more actions for remediating one or more effects of the undesired application. The fix tool builder ... 08/03/06 - 20060174343 - Apparatus and method for acceleration of security applications through pre-filtering A first security processing stage performs a first multitude of tasks and a second security processing stage performs a second multitude of tasks. The first and second multitude of tasks may include common tasks. The first security processing stage is a prefilter to the second security processing stage. The input ... 08/03/06 - 20060174342 - Network intrusion mitigation Described are methods and apparatus, including computer program products, for mitigating against a cyber attack on a network. An indication is received from an intrusion detection system that an event has occurred representing a threat to the network. Upon receiving the event from the intrusion detection system, automated processes determine ... 07/20/06 - 20060161983 - Inline intrusion detection A method for inline intrusion detection includes receiving a packet at a network gateway, storing the packet, and assigning an identifier to the packet. The method also includes transmitting a copy of the packet and the identifier from the network gateway to an intrusion detection system and analyzing the copy ... 07/20/06 - 20060161982 - Intrusion detection system An intrusion detection system (IDS), method of protecting computers against intrusions and program product therefor. The IDS determines which applications are to run in native environment (NE) and places the remaining applications in a sandbox. Some of the applications in sandboxes may be placed in a personalized virtual environment (PVE) ... 07/13/06 - 20060156404 - Intrusion detection system An intrusion detection system (IDS). An IDS which has been configured in accordance with the present invention can include a traffic sniffer for extracting network packets from passing network traffic; a traffic parser configured to extract individual data from defined packet fields of the network packets; and, a traffic logger ... 07/13/06 - 20060156403 - Integrated firewall, ips, and virus scanner system and method A system, method and computer program product are provided including a router and a security sub-system coupled to the router. Such security sub-system includes a plurality of virtual firewalls, a plurality of virtual intrusion prevention systems (IPSs), and a plurality of virtual virus scanners. Further, each of the virtual firewalls, ... 07/06/06 - 20060150250 - Intrusion detection sensor detecting attacks against wireless network and system and method of detecting wireless network intrusion An intrusion detection system and method of a wireless network providing wireless communication to one or more wireless terminal, and an intrusion detection sensor capable of detecting attacks against wireless network are provided. The intrusion detection system of a wireless network includes: an access point providing wireless communication to a ... 07/06/06 - 20060150249 - Method and apparatus for predictive and actual intrusion detection on a network A method of managing network usage by defining a set of linguistic patterns, where each linguistic pattern is associated with a condition that is to be monitored. Network packets are captured during transmission and analyzed to identify linguistic patterns. Captured network packets are scored based on similarity of at least ... 06/29/06 - 20060143711 - Scit-dns: critical infrastructure protection through secure dns server dynamic updates Disclosed is a self-cleansing intrusion tolerance-domain name systems system comprising at least three DNS servers, at least four storage systems accessible by the DNS servers, a communications link, a message transfer mechanism, and a self-cleansing mechanism. The storage systems include at least three online storage systems and at least one ... 06/29/06 - 20060143710 - Use of application signature to identify trusted traffic Provided are a techniques for monitoring communication packets. A communication packet is received. A communication packet signature of the communication packet is determined. The communication packet signature is compared to one or more site-specific application signatures. In response to determining that the communication packet signature matches at least of the ... 06/29/06 - 20060143709 - Network intrusion prevention According to one embodiment of the invention, a system for preventing a network attack is provided. The system includes a computer having a processor and a computer-readable medium. The system also includes a shield program stored in the computer-readable medium. The shield program is operable, when executed by the processor, ... 06/29/06 - 20060143708 - System and method for detecting keyboard logging A kernel based detection of keyboard logger applications is achieved by configuring a call interface to the kernel to characterize a system call pattern for processes accessing a keyboard. A monitor thread iteratively examines a plurality of threads to test open( ), read( ), write( ), and syscall( ) system ... 06/15/06 - 20060130142 - Propagation protection within a network Described are methods and apparatus, including computer program products, for propagation protection within a network. A transparent network appliance monitors data being transmitted from a first portion of the network to a second portion of the network through the network appliance and analyzes the data to determine whether the data ... 06/15/06 - 20060130141 - System and method of efficiently identifying and removing active malware from a computer The present invention provides a system, method, and computer-readable medium for identifying and removing active malware from a computer. Aspects of the present invention are included in a cleaner tool that may be obtained automatically with an update service or may be downloaded manually from a Web site or similar ... 06/15/06 - 20060130140 - System and method for protecting a server against denial of service attacks A client application server includes a client server, a proxy authentication server, and an authentication server. The proxy authentication server maintains a set of one or more authentication rules and an authentication request table. The client server is responsive to an authentication request from a user including a user identifier ... 06/08/06 - 20060123480 - Real-time network attack pattern detection system for unknown network attack and method thereof The present invention relates to a real-time network attack pattern detection system and a method thereof in which a common pattern is detected in real time from packets, which are suspected to be a network attack such as Worm, to effectively block the attack. The system includes: a suspicious packet ... 06/08/06 - 20060123479 - Network and application attack protection based on application layer message inspection A method is disclosed for protecting a network against a denial-of-service attack by inspecting application layer messages at a network element. According to one aspect, when a network element intercepts data packets that contain an application layer message, the network element constructs the message from the payload portions of the ... 06/01/06 - 20060117386 - Method and apparatus for detecting intrusions on a computer system A method of detecting intrusions on a computer includes the step of identifying an internet protocol field range describing fields within internet protocol packets received by a computer. A connectivity range is also established which describes a distribution of network traffic received by the computer. An internet protocol field threshold ... 05/18/06 - 20060107324 - Method to prevent denial of service attack on persistent tcp connections An improved method, apparatus, and computer instructions for preventing denial of service attacks on persistent connections. A synchronize packet is received. In response to receiving the synchronize packet, a state of the persistent connection is identified. An action on the synchronize packet is deferred until a subsequent communication with a ... 05/18/06 - 20060107323 - System and method for using a dynamic credential to identify a cloned device A system and method for providing secure communications between client communication devices and servers. A server generates a random offset. The server alters a server communication device dynamic credential by applying the random offset to the server communication device dynamic credential. The server stores the server communication device dynamic credential. ... 05/18/06 - 20060107322 - Outgoing connection attempt limiting to slow down spreading of viruses Disclosed is a method for slowing down the spread of viruses by limiting the number of Transmission Control Protocol (“TCP”) connection attempts to arbitrary Internet Protocol (“IP”) addresses that can be in progress at any given time—a common method employed by viruses to spread to other hosts from an infected ... 05/11/06 - 20060101516 - Honeynet farms as an early warning system for production networks The present invention deals with a honeynet based actionable warning system. Automatic decisions to combat attacks learned through a honeynet may be generated by receiving data originating from one or more network analyzers. The data may be classified into a hierarchy of predetermined attributes, as well as sorted using these ... 05/11/06 - 20060101515 - System and method for monitoring network traffic Described is a method of assigning a network address to a trap, the network address being a dark address of a virtual private network. The network traffic destined for the network address is monitored and a classification of the network traffic is determined. After the classification, a predetermined response is ... 05/04/06 - 20060095969 - System for ssl re-encryption after load balance A data center provides secure handling of HTTPS traffic using backend SSL decryption and encryption in combination with a load balancer such as a content switch. The load balancer detects HTTPS traffic and redirects it to an SSL offloading device for decryption and return to the load balancer. The load ... 05/04/06 - 20060095968 - Intrusion detection in a data center environment An intrusion detection system (IDS) is capable of identifying the source of traffic, filtering the traffic to classify it as either safe or suspect and then applying sophisticated detection techniques such as stateful pattern recognition, protocol parsing, heuristic detection or anomaly detection either singularly or in combination based on the ... 05/04/06 - 20060095967 - Platform-based identification of host software circumvention Hardware correlation of software performance statistics. Software may gather data relating to performance of a hardware resource. A hardware component of the system of the hardware resource may obtain data relating to the performance of the hardware resource from a hardware component and the gathered software data, and correlate the ... 04/20/06 - 20060085856 - System and method for detecting invalid access to computer network A method for detecting the invalid access to a computer network is disclosed. The method preferably operates in a computer network having computer servers operating on different operating systems and a plurality of computer devices. Each computer device is managed by a computer server at the operating system level. The ... 04/20/06 - 20060085855 - Network intrusion detection and prevention system and method thereof The present invention relates to a network intrusion detection and prevention system. The system includes: a signature based detecting device; an anomaly behavior based detecting device; and a new signature creating and verifying device disposed between the signature based detecting device and the anomaly behavior based detecting device, wherein if ... 04/20/06 - 20060085854 - Method and system for detecting intrusive anomalous use of a software system using multiple detection algorithms A method of detecting an intrusion into (or an anomaly in a behavior of) a target software system begins by instrumenting the target software system to generate behavior data representing a current observation or observation aggregate. The method then determines whether the current observation or observation aggregate warrants a second ... 04/06/06 - 20060075498 - Differential intrusion detection in networks Automatic differential intrusion detection in a network using an Intrusion Detection System (IDS) as a security device is provided, in order to enhance Quality of Service (QoS) for a packet requiring real-time processing. A delay caused by the IDS is reduced by applying differential IDS pattern matching according to the ... 04/06/06 - 20060075497 - Stateful and cross-protocol intrusion detection for voice over ip A method for detecting intrusions that employ messages of two or more protocols is disclosed. Such intrusions might occur in Voice over Internet Protocol (VoIP) systems, as well as in systems in which two or more protocols support some service other than VoIP. In the illustrative embodiment of the present ... 03/30/06 - 20060070129 - Enhanced client compliancy using database of security sensor data Security sensor data from intrusion detection system (IDS) sensors, vulnerability assessment (VA) sensors, and/or other security sensors is used to enhance the compliancy determination in a client compliancy system. A database is used to store the security sensor data. In one particular embodiment, a list of device compliance statuses indexed ... 03/30/06 - 20060070128 - Intrusion detection report correlator and analyzer A computer/computer network security alert management system aggregates information from multiple intrusion detectors. Utilizing reports from multiple intrusion detectors reduces the high false alarm rate experienced by individual detectors while also improving detection of coordinated attacks involving a series of seemingly harmless operations. An internal representation of a protected enclave ... 03/23/06 - 20060064754 - Distributed network security service A method and apparatus to distribute a network security service is disclosed. The security software may be distributed across nodes on a network and may use a separate security device that has two channels, one to review network traffic and a second to send updates to other security devices. ... 03/16/06 - 20060059558 - Proactive containment of network security attacks One embodiment disclosed relates to a method of proactive containment of network security attacks. Filtering parameters corresponding to a specific system vulnerability are determined. These parameters are distributed to network infrastructure components, and the network infrastructure components examine packets using these parameters to detect occurrence of an attack. Once an ... 03/09/06 - 20060053491 - Process control methods and apparatus for intrusion detection, protection and network hardening The invention provides an improved network and methods of operation thereof for use in or with process control systems, computer-based manufacturing or production control systems, environmental control systems, industrial control system, and the like (collectively, “control systems”). Those networks utilize a unique combination of firewalls, intrusion detection systems, intrusion protection ... 03/09/06 - 20060053490 - System and method for a distributed application and network security system (sdi-scam) This document discloses the architecture and proposed application of a highly distributed network security system. Using a combination of intelligent client-side and server-side agents, redundant memory arrays, duplicate network connections, and a variety of statistical analytics, which are cleverly designed to anticipate, counteract and defeat likely strategic designs, behaviors and ... 02/16/06 - 20060037078 - Intrusion management system and method for providing dynamically scaled confidence level of attack detection An Intrusion Management System detects computer attacks and automatically adjusts confidence that an attack was correctly detected. When the Intrusion Management System detects the attack against a computer system, it does not represent an accuracy of detection as an immutable confidence value. Instead, the Intrusion Management System tabulates information indirectly ... 02/16/06 - 20060037077 - Network intrusion detection system having application inspection and anomaly detection characteristics An intrusion detection system and method for a computer network includes a processor and one or more programs that run on the processor for application inspection of data packets traversing the computer network. The one or more programs also obtaining attribute information from the packets specific to a particular application ... 02/09/06 - 20060031936 - Encryption security in a network system A system and method for enhancing the security of signal exchanges in a network system. The system and method include a process and means for generating one or more replacement encryption key sets based on information and events. The information that may cause the generation of a replacement encryption key ... 02/02/06 - 20060026685 - Malicious-process-determining method, data processing apparatus and recording medium A malicious process method, a data processing apparatus and a recording medium according to the present invention reads data stored in a buffer memory in terms of bytes and sequentially analyzes what kind of instruction code is included in a plurality of instruction sequence having different read positions. It is ... 02/02/06 - 20060026684 - Host intrusion prevention system and method A system and method of host intrusion prevention for preventing intrusion into a computer system is disclosed. Requests to access a resource of the computer system are monitored. It is determined whether the requested access is to be permitted or not in accordance with a policy. The requested access is ... 02/02/06 - 20060026683 - Intrusion protection system and method An intrusion protection system and method protect host computers of a computer network from network intrusions. All inbound and outbound transmissions of individual host computers are monitored to detects any unauthorised events. The Once an unauthorised event is detected the inbound and outbound transmissions of a host computer are locked ... 01/26/06 - 20060021040 - Apparatus, method and program to detect and control deleterious code (virus) in computer network A detection and response system including a set of algorithms for detection within a stream of normal computer traffic a subset of TCP packets with one IP Source Address (SA), one Destination Port (DP), and a number exceeding a threshold of distinct Destination Addresses (DA). There is efficient use of ... 01/19/06 - 20060015941 - Methods, computer program products and data structures for intrusion detection, intrusion response and vulnerability remediation across target computer systems Computer security threat management information is generated by receiving a notification of a security threat and/or a notification of a test that detects intrusion of a computer security threat. A computer-actionable TMV is generated from the notification that was received. The TMV includes a computer-readable field that provides identification of ... 01/12/06 - 20060010494 - Mechanical device for connection and disconnection between a data input and a data output A mechanical connection and disconnection device between an information input in an information processing device and an information output of the information processing device including a body positioned exteriorly of the information processing device and composed of a first network of information-conducting wires at one end portion and a second ... 01/12/06 - 20060010493 - Attack impact prediction system An attack impact prediction system for providing network security for computer networks is disclosed. A computer network includes multiple attack impact prediction (AIP) agents. In response to a detection of an intrusion to a computer network, an AIP agent is notified of the intrusion. In turn, the AIP agent broadcasts ... 01/12/06 - 20060010492 - Method and apparatus for monitoring computer network security enforcement Methods and systems are disclosed for monitoring activity of a user on a network component, such as an end user computer, in a virtual private network for adherence to a security enforcement provision or policy utilized in the virtual private network. A method of determining whether a security provision in ... 01/05/06 - 20060005243 - Methods, systems, and products for intrusion detection Methods, systems, and products are disclosed for detecting an intrusion to a communications network. One embodiment describes a peripheral card having a communications portion and a processor. The communications portion has only a capability for receiving data packets via the communications network. The communications portion lacks capability of transmitting the ... 12/29/05 - 20050289651 - Access method and device for securing access to information system The invention relates to a method and an access device for securing logical access to information and/or computing resources in a group of computer equipment while slowing down logical access as little as possible. The group of computer equipment exchanges data with a computer telecommunication network, via said access device. ... 12/15/05 - 20050278784 - System for dynamic network reconfiguration and quarantine in response to threat conditions A method, apparatus, and computer instructions for responding to a threat condition within the network data processing system. A threat condition within the network data processing system is detected. At least one routing device is dynamically reconfigured within the network data processing system to isolate or segregate one or more ... 12/08/05 - 20050273857 - System and methodology for intrusion detection and prevention System and methodology for intrusion detection and prevention is described. In one embodiment, for example, a method is described for detecting and preventing network intrusion, the method comprises steps of: defining intrusion descriptions specifying exploits that may be attempted by malicious network traffic, the intrusion descriptions indicating specific applications that ... 12/01/05 - 20050268337 - Methods, systems, and products for intrusion detection Methods, systems, and products are disclosed for detecting an intrusion to a communications network. One embodiment describes a system for detecting intrusions. The system has a peripheral card coupled to a host computer system. The peripheral card has a communications portion and a processor managing the communications portion. The communications ... 11/24/05 - 20050262565 - Method and systems for computer security Methods and systems for maintaining computer security are provided. The method for maintaining security of a computer system comprises determining an initial system certainty value for the computer system, providing access to a database of signatures, each signature including a signature certainty value, receiving data, comparing the received data with ... 11/17/05 - 20050257266 - Intrustion protection system utilizing layers and triggers The inventions relate generally to protection of computing systems by isolating intrusive attacks into layers, those layers containing at least file objects and being accessible to applications, those layers further maintaining potentially intrusive file objects separately from regular file system objects such that the regular objects are protected and undisturbed. ... 11/17/05 - 20050257265 - Intrustion protection system utilizing layers The inventions relate generally to protection of computing systems by isolating intrusive attacks into layers, those layers containing at least file objects and being accessible to applications, those layers further maintaining potentially intrusive file objects separately from regular file system objects such that the regular objects are protected and undisturbed. ... 11/17/05 - 20050257264 - Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems are provided. These systems and methods provide an alert correlator and an alert distributor that enable early signs of an attack to be detected and rapidly disseminated to collaborating systems. The alert correlator utilizes data structures ... 11/10/05 - 20050251861 - System and method for preventing delivery of unsolicited and undesired electronic messages by key generation and comparison A sending device prepares a key for each electronic message sent by the device by applying an algorithm to specified data in the message and then incorporates the key in the message. A receiving device, upon receipt of an electronic message, locates the incorporated key and the data from which ... 11/10/05 - 20050251860 - Pattern discovery in a network security system Patterns can be discovered in security events collected by a network security system. In one embodiment, the present invention includes collecting and storing security events from a variety of monitor devices. In one embodiment, a subset of the stored security events is provided to a manager as an event stream. ... 11/03/05 - 20050246776 - Framework for protection level monitoring, reporting, and notification A framework and associated methods for monitoring, reporting, and notifying with respect to security protection levels on a computer. For each security threat, a baseline level of protection is defined. A schema is configured to define fields usable by a security provider to indicate a level of protection provided by ... 10/20/05 - 20050235360 - Method and system for remotely configuring and monitoring a communication device Methods and systems for remotely configuring and monitoring a communication device are provided, especially useful in a computer network environment such as the Internet. A communication device or network appliance compares communications entering the communication device to a list of communication types established as known security risks, for example hacker ... 10/20/05 - 20050235359 - Method for resisting a denial-of-service attack of a private network element Methods and apparatus for resisting a denial-of-service attack of a private network element are disclosed. In one embodiment, a network device is configured to receive a packet destined for a private network element over an IP-compliant network. A proxy is assigned to examine the packet based on the destination port ... 10/20/05 - 20050235358 - Server denial of service shield A method, apparatus, and computer instructions for responding to a denial of service attack. The method comprising from a remote data processing system detects an occurrence of the denial of service attack in which invalid credentials are presented to the data processing system. Connections from the remote data processing system ... 10/13/05 - 20050229255 - System and method for scanning a network Systems and methods to passively scan a network are disclosed herein. The passive scanner sniffs a plurality of packets traveling across the network. The passive scanner analyzes information from the sniffed packets to build a topology of network devices and services that are active on the network. In addition, the ... 10/13/05 - 20050229254 - Detecting public network attacks using signatures and fast content analysis Detecting attacks against computer systems by automatically detecting signatures based on predetermined characteristics of the intrusion. One aspect looks for commonalities among a number of different network messages, and establishes an intrusion signature based on those commonalities. Data reduction techniques, such as a hash function, are used to minimize the ... 10/13/05 - 20050229253 - Method and system for distinguishing relevant network security threats using comparison of refined intrusion detection audits and intelligent security analysis An apparatus, a method, and a computer program are provided for distinguishing relevant security threats. With conventional computer systems, distinguishing security threats from actual security threats is a complex and difficult task because of the general inability to quantify a “threat.” By the use of an intelligent conceptual clustering technique, ... 10/13/05 - 20050229252 - In-place content substitution via code-invoking link Content including links to behaviors (code which can be executed and return supplemental content for insertion, or can modify existing content) is stored, and at run-time, the links to behaviors are followed and the supplemental content or the modifications to existing comment are used to create a final version of ... 10/13/05 - 20050229251 - High performance content alteration architecture and techniques The present invention provides a unique system and method that facilitates obtaining high performance and more secure HIPs. More specifically, the HIPs can be generated in part by caching pre-rendered characters and/or pre-rendered arcs as bitmaps in binary form and then selecting any number of the characters and/or arcs randomly ... 10/13/05 - 20050229250 - Methodology, system, computer readable medium, and product providing a security software suite for handling operating system exploitations Various embodiments are provided relating to security of a computer, namely, a security software product, a computer-readable medium, a computerized method, and a computer security system. Illustrative is one embodiment of a security software product for use on a host computer to monitor for, and respond to, activity corresponding to ... 09/29/05 - 20050216956 - Method and system for authentication event security policy generation Technique for protecting a communications network, such a computer network, from attack such as self-propagating code violations of security policies, in which the network is divided into “compartments” that are separated by access control devices such as firewalls. The access control devices are then used to stop the spread of ... 09/29/05 - 20050216955 - Security attack detection and defense Detecting an attack on an authentication service. A first memory area is configured to store data relating to a plurality of requests communicated to an authentication service from a plurality of user agents. A second memory area is configured to store a predefined pattern of one or more requests. The ... 09/22/05 - 20050210534 - Method and apparatus for providing mobile honeypots A method and apparatus for detecting an originator of traffic of interest is provided. One or more honeypots are established. Mobility is then provided to the one or more honepots. In one embodiment, mobility is provided by communicating information associated with one or more dark prefixes. In another embodiment, mobility ... 09/22/05 - 20050210533 - Packet sampling flow-based detection of network intrusions A flow-based intrusion detection system for detecting intrusions in computer communication networks. Data packets representing communications between hosts in a computer-to-computer communication network are processed and assigned to various client/server flows. Statistics are collected for each flow. Then, the flow statistics are analyzed to determine if the flow appears to ... 09/01/05 - 20050193429 - Integrated data traffic monitoring system The present invention includes an integrated data traffic monitoring system monitoring data traffic received from a communication network and destined for a protected network. The monitoring system includes a security appliance and one or more security and monitoring technologies such as hardware and open source and proprietary software products. The ... 07/28/05 - 20050166267 - Method and system in a communication network for allocaring and changing link-level addresses A communication system comprising: a plurality of communication nodes connected by a data link; a communication controller for allocating link-level addresses to the communication nodes whereby the nodes may be identified for communications over the link; the communication controller being arranged to change from time to time the addresses allocated ... ### FreshPatents.com Support |