US Patent No: 6,681,331

Number of patents in Portfolio can not be more than 2000

Dynamic software system intrusion detection

1 Status Updates

Stats

ATTORNEY / AGENT: (SPONSORED)
 

Importance

Loading Importance Indicators... loading....

Abstract

A real-time approach for detecting aberrant modes of system behavior induced by abnormal and unauthorized system activities that are indicative of an intrusive, undesired access of the system. This detection methodology is based on behavioral information obtained from a suitably instrumented computer program as it is executing. The theoretical foundation for the present invention is founded on a study of the internal behavior of the software system. As a software system is executing, it expresses a set of its many functionalities as sequential events. Each of these functionalities has a characteristic set of modules that is executed to implement the functionality. These module sets execute with clearly defined and measurable execution profiles, which change as the executed functionalities change. Over time, the normal behavior of the system will be defined by the boundary of the profiles. An attempt to violate the security of the system will result in behavior that is outside the normal activity of the system and thus result in a perturbation of the system in a manner outside the scope of the normal profiles. Such violations are detected by an analysis and comparison of the profiles generated from an instrumented software system against a set of known intrusion profiles and a varying criterion level of potential new intrusion events.

Loading the Abstract Image... loading....

First Claim

Related Publications

Loading Related Publications... loading....

Patent Owner(s)

Patent OwnerAddressTotal Patents
REFLEX SECURITY, INC.ATLANTA, GA7
CYLANT TECHNOLOGY, LLCNORTH MIAMI, FL1

International Classification(s)

  • [Classification Symbol]
  • [Patents Count]

Inventor(s)

Inventor Name Address # of filed Patents Total Citations
Elbaum, Sebastian G Moscow, ID 4 156
Munson, John C Moscow, ID 12 194

Cited Art

Patent Info (Count) # Cites Year
 
INTERNATIONAL BUSINESS MACHINES CORPORATION (6)
5,067,073 Embedded tracing method for identifying program executed paths 19 1988
5,278,901 Pattern-oriented intrusion-detection system and method 181 1992
5,355,487 Non-invasive trace-driven system and method for computer system profiling 115 1993
5,499,340 Method and apparatus for computer program usage monitoring 114 1994
5,528,753 System and method for enabling stripped object software monitoring in a computer system 86 1994
6,026,236 System and method for enabling software monitoring in a computer system 33 1997
 
HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. (3)
5,487,131 Method for analyzing the flow of data through a complex information exchange system 15 1991
5,539,907 System for monitoring computer system performance 111 1994
5,732,273 System for monitoring compute system performance 80 1997
 
TREND MICRO INCORPORATED (2)
5,675,711 Adaptive statistical regression and classification of data strings, with application to the generic detection of computer viruses 81 1994
5,907,834 Method and apparatus for detecting a presence of a computer virus 53 1996
 
88OPEN CONSORTIUM, LTD. (1)
5,313,616 Method for analyzing calls of application program by inserting monitoring routines into the executable version and redirecting calls to the monitoring routines 125 1990
 
ALCATEL (1)
5,621,889 Facility for detecting intruders and suspect callers in a computer installation and a security system including such a facility 152 1994
 
CISCO TECHNOLOGY, INC. (1)
6,405,318 Intrusion detection system 213 1999
 
FAIR ISAAC CORPORATION (1)
6,226,408 Unsupervised identification of nonlinear data cluster in multidimensional data 46 1999
 
HARRIS CORPORATION (1)
5,991,881 Network surveillance system 354 1996
 
MCAFEE, INC. (1)
5,557,742 Method and system for detecting intrusion into and misuse of a data processing system 300 1994
 
MICRON TECHNOLOGY, INC. (1)
6,094,530 Remotely monitoring execution of a program 24 1998
 
MICROSOFT CORPORATION (1)
5,790,858 Method and system for selecting instrumentation points in a computer program 77 1994
 
MUTEX SOLUTIONS, LTD. (1)
6,282,701 System and method for monitoring and analyzing the execution of computer programs 278 1998
 
ODS NETWORKS, INC. (1)
6,347,374 Event detection 329 1998
 
SAMSUNG ELECTRONICS CO., LTD. (1)
6,009,514 Computer method and apparatus for analyzing program instructions executing in a computer system 50 1998
 
SHIPLEY/LAWFINANCE GROUP PATENT JUSTICE, LLC (1)
6,119,236 Intelligent network security device and method 137 1998
 
SRI INTERNATIONAL (1)
6,321,338 Network surveillance 348 1998
 
UNISYS CORPORATION (1)
5,581,482 Performance monitor for digital computer system 132 1994
 
VISA INTERNATIONAL SERVICE ASSOCIATION (1)
6,370,648 Computer network intrusion detection 115 1998
 
WICRESOFT CO., LTD. (1)
5,987,250 Transparent instrumentation for computer program behavior analysis 46 1997

Patent Citation Ranking

Forward Cites

Patent Info (Count) # Cites Year
 
INTERNATIONAL BUSINESS MACHINES CORPORATION (29)
7,574,740 Method and system for intrusion detection in a computer network 15 2000
7,162,649 Method and apparatus for network assessment and authentication 34 2000
7,178,166 Vulnerability assessment and authentication of a computer by a local scanner 105 2000
7,130,466 System and method for compiling images from a database and comparing the compiled images with known images 9 2000
7,921,459 System and method for managing security events on a network 6 2001
7,237,264 System and method for preventing network misuse 38 2001
7,146,305 Analytical virtual machine 29 2001
7,370,360 Computer immune system and method for detecting unwanted code in a P-code or partially compiled native-code program executing within a virtual machine 33 2002
7,904,454 Database access security 3 2002
7,941,854 Method and system for responding to a computer intrusion 1 2002
7,673,137 System and method for the managed security control of processes on a computer system 2 2003
7,913,303 Method and system for dynamically protecting a computer system from attack 6 2003
7,506,371 System and methods for adaptive behavior based access control 8 2004
7,657,938 Method and system for protecting computer networks by altering unwanted network data traffic 0 2004
7,970,788 Selective local database access restriction 2 2005
7,933,923 Tracking and reconciling database commands 3 2005
7,634,800 Method and apparatus for network assessment and authentication 21 2006
7,934,254 Method and apparatus for providing network and computer system security 3 2006
7,499,590 System and method for compiling images from a database and comparing the compiled images with known images 4 2006
7,657,419 Analytical virtual machine 11 2006
8,006,243 Method and apparatus for remote installation of network drivers and software 0 2006
8,141,100 Identifying attribute propagation for multi-tier processing 1 2006
7,712,138 Method and system for configuring and scheduling security audits of a computer network 5 2007
7,565,549 System and method for the managed security control of processes on a computer system 1 2007
7,707,429 System and method to proactively detect software tampering 0 2007
7,770,225 Method and apparatus for auditing network security 0 2008
7,845,007 Method and system for intrusion detection in a computer network 0 2008
8,261,326 Network intrusion blocking security overlay 0 2008
7,860,970 Secure initialization of intrusion detection system 0 2008
 
SECURE COMPUTING CORPORATION (23)
7,458,098 Systems and methods for enhancing electronic communication security 12 2002
7,124,438 Systems and methods for anomaly detection in patterns of monitored communications 36 2002
6,941,467 Systems and methods for adaptive message interrogation through multiple queues 45 2002
7,213,260 Systems and methods for upstream threat pushback 32 2003
7,694,128 Systems and methods for secure communication delivery 3 2003
8,132,250 Message profiling systems and methods 1 2005
7,089,590 Systems and methods for adaptive message interrogation through multiple queues 9 2005
7,225,466 Systems and methods for message threat management 16 2006
7,903,549 Content-based policy compliance systems and methods 1 2006
7,870,203 Methods and systems for exposing messaging reputation to an end user 6 2006
7,693,947 Systems and methods for graphically displaying messaging traffic 4 2006
7,779,466 Systems and methods for anomaly detection in patterns of monitored communications 2 2006
7,519,994 Systems and methods for adaptive message interrogation through multiple queues 8 2006
8,069,481 Systems and methods for message threat management 0 2006
8,042,181 Systems and methods for message threat management 2 2006
8,214,497 Multi-dimensional reputation scoring 2007
8,179,798 Reputation based connection throttling 1 2007
7,949,716 Correlation and analysis of entity attributes 1 2007
7,937,480 Aggregation of reputation data 3 2007
7,779,156 Reputation based load balancing 4 2007
8,042,149 Systems and methods for message threat management 1 2007
8,185,930 Adjusting filter or classification control settings 3 2007
8,045,458 Prioritizing network traffic 0 2007
 
SYMANTEC CORPORATION (6)
7,085,936 System and method for using login correlations to detect intrusions 24 2000
7,409,721 Network risk analysis 2 2003
7,854,005 System and method for generating fictitious content for a computer 3 2006
8,171,545 Process profiling for behavioral anomaly detection 0 2007
7,984,504 Network risk analysis 0 2008
7,827,605 System and method for preventing detection of a selected process running on a computer 1 2008
 
CISCO TECHNOLOGY, INC. (4)
7,320,142 Method and system for configurable network intrusion detection 4 2001
7,243,371 Method and system for configurable network intrusion detection 13 2001
7,367,063 Methods and apparatus for providing security to a computerized device 6 2002
7,793,094 HTTP cookie protection by a network security device 0 2006
 
MICROSOFT CORPORATION (4)
8,181,219 Access authorization having embedded policies 0 2004
7,904,956 Access authorization with anomaly detection 5 2004
7,685,632 Access authorization having a centralized policy 4 2004
8,453,200 Access authorization having embedded policies 0 2011
 
SRI INTERNATIONAL (4)
7,694,115 Network-based alert management system 7 2000
7,917,393 Probabilistic alert correlation 4 2001
7,143,444 Application-layer anomaly and misuse detection 13 2001
7,594,260 Network surveillance using long-term and short-term statistical profiles to determine suspicious network activity 10 2003
 
TREND MICRO INCORPORATED (4)
7,150,043 Intrusion detection method and signature table 4 2001
7,340,776 Method and system for configuring and scheduling security audits of a computer network 22 2002
7,305,564 System and method to proactively detect software tampering 7 2002
7,464,158 Secure initialization of intrusion detection system 3 2003
 
FUJITSU LIMITED (3)
7,111,164 Crisis management system, computer, and computer memory product 1 2001
7,103,658 Rendering calculation processing status monitoring program, and storage medium, apparatus, and method therefor 0 2001
8,166,553 Method and apparatus for detecting unauthorized-access, and computer product 0 2004
 
STRAGENT, LLC (3)
8,204,945 Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail 0 2008
8,272,060 Hash-based systems and methods for detecting and preventing transmission of polymorphic network worms and viruses 2010
8,166,549 Hash-based systems and methods for detecting and preventing transmission of polymorphic network worms and viruses 0 2010
 
BT COUNTERPANE INTERNET SECURITY, INC. (2)
7,159,237 Method and system for dynamic network intrusion monitoring, detection and response 47 2001
7,895,641 Method and system for dynamic network intrusion monitoring, detection and response 4 2006
 
LIQUID MACHINES, INC. (2)
7,313,824 Method for protecting digital content from unauthorized use by automatically and dynamically integrating a content-protection agent 41 2002
7,111,285 Method and system for protecting software applications against static and dynamic software piracy techniques 15 2002
 
NAGRAVISION S.A. (2)
8,356,188 Secure system-on-chip 0 2006
8,181,008 Secure system-on-chip 0 2006
 
REFLEX SECURITY, INC. (2)
6,963,983 Method of and system for detecting an anomalous operation of a computer system 43 2004
7,571,478 Method of and system for detecting an anomalous operation of a computer system 3 2005
 
CIGITAL (1)
7,181,768 Computer intrusion detection system and method based on application monitoring 33 2000
 
Cipher Trust, Inc. (1)
7,096,498 Systems and methods for message threat management 35 2003
 
CVIDYA 2010 LTD. (1)
7,841,002 Method for detecting a behavior of interest in telecommunication networks 0 2002
 
EMPIRIX INC. (1)
6,853,963 Analyzing an extended finite state machine system model 6 1999
 
HARRIS CORPORATION (1)
7,327,690 Wireless local or metropolitan area network with intrusion detection features and related methods 2 2002
 
HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. (1)
7,213,146 System and method for establishing security profiles of computers 5 2001
 
HITACHI, LTD. (1)
7,433,493 Abnormal behavior detector 3 2000
 
JUNIPER NETWORKS, INC. (1)
8,312,540 System for slowing password attacks 0 2008
 
MCAFEE, INC. (1)
7,043,756 Method and apparatus for detecting denial-of-service attacks using kernel execution profiles 5 2001
 
NORTHROP GRUMMAN SYSTEMS CORPORATION (1)
8,201,249 Steady state computer intrusion and misuse detection 0 2003
 
RESEARCH TRIANGLE INSTITUTE (1)
7,350,234 Intrusion tolerant communication networks and associated methods 2 2002
 
SAP AG (1)
7,433,960 Systems, methods and computer products for profile based identity verification over the internet 1 2008
 
SEER INSIGHT SECURITY INC. (1)
7,185,366 Security administration server and its host server 2 2002
 
STMICROELECTRONICS S.A. (1)
8,239,833 Statistical control of the integrity of a program 0 2004
 
SYROWIK, DAVID R. (1)
8,079,080 Method, system and computer program product for detecting security threats in a computer network 0 2005
 
VMWARE, INC. (1)
7,343,599 Network-based patching machine 5 2005
 
Other [Check patent profile for assignment information] (1)
7,158,022 Automated diagnoses and prediction in a physical security surveillance system 3 2004

Maintenance Fees

Fee Large entity fee small entity fee micro entity fee due date
11.5 Year Payment $7400.00 $3700.00 $1850.00 Jul 20, 2015
Fee Large entity fee small entity fee micro entity fee
Surcharge - 11.5 year - Late payment within 6 months $160.00 $80.00 $40.00
Surcharge after expiration - Late payment is unavoidable $700.00 $350.00 $175.00
Surcharge after expiration - Late payment is unintentional $1,640.00 $820.00 $410.00