Home | Links | Contact Us | More About Intellectual Property | Bookmark

Search patents:

Home

Processing Data

Computer-network-intrusion-detection

System for transferring data specified in a transaction request as a plurality of move transactions responsive to receipt of a target availability signal

The present invention is a system and method for efficiently transporting blocks of data through a ...

Method and apparatus for synchronization of data retrieval and presentation

The present invention includes a method and an apparatus for synchronization of data retrieval; ...

Method and system for message transfer session management

In accordance with the invention, there is provided a method and system for managing transfer of ...

APPARATUS FOR DISTRIBUTING INFORMATION OVER A NETWORK-BASED ENVIRONMENT, METHOD OF DISTRIBUTING INFORMATION TO USERS, AND METHOD FOR ASSOCIATING CONTENT OBJECTS WITH A DATABASE WHEREIN THE CONTENT OBJECTS ARE ACCESSIBLE OVER A NETWORK COMMUNICATION MEDIUM

A system and method are provided to document and quantify demand for particular information that is ...

Service providing system and service providing device that provides a specific service in response to user authority determination based on positional relationships of virtual objects

However, according to the related art method, since everyone can operate a projector and cause any ...

Method, system, and program for returning a file requested through a network connection

OF THE PREFERRED EMBODIMENTS In the following description, reference is made to the accompanying ...

Systems, methods and computer program products for validating web content tailored for display within pervasive computing devices

In view of the above discussion, it is an object of the present invention to provide systems, ...

Control system with customizable menu structure for personal mobility vehicle

Referring now to the drawings, there is illustrated in FIG. 1 a diagrammatic representation of an ...

Intelligent network security device and method

I claim: 1. In a computer system connected to an external communications medium, a security device ...

Method for automatic intrusion detection and deflection in a network

OF THE INVENTION The present invention is of a method and a system for providing security to a ...

Computer network intrusion detection

Details

Inventors: Diep, Thanh A.;
Assignee: Visa International Service Association (Foster City, CA)
Primary Examiner: Wright; Norman M.
Assistant Examiner:
Attorney, Agent or Firm: Beyer Weaver & Thomas, LLP

Detecting harmful or illegal intrusions into a computer network or into restricted portions of a computer network uses statistical analysis to match user commands and program names with a template sequence. Discrete correlation matching and permutation matching are used to match sequences. The result of the match is input to a feature builder and then a modeler to produce a score. The score indicates possible intrusion. A sequence of user commands and program names and a template sequence of known harmful commands and program names from a set of such templates are retrieved. A closeness factor indicative of the similarity between the user command sequence and a template sequence is derived from comparing the two sequences. The user command sequence is compared to each template sequence in the set of templates thereby creating multiple closeness or similarity measurements. These measurements are examined to determine which sequence template is most similar to the user command sequence. A frequency feature associated with the user command sequence and the most similar template sequence is calculated. It is determined whether the user command sequence is a potential intrusion into restricted portions of the computer network by examining output from a modeler using the frequency feature as one input.

DETAILED DESCRIPTION To achieve the foregoing, methods, apparatus, and computer-readable medium are disclosed which provide computer network intrusion detection.
In one aspect of the invention, a method of detecting an intrusion in a computer network is disclosed.
A sequence of user commands and program names and a template sequence of known harmful commands and program names from a set of such templates are retrieved.
A closeness factor indicative of the similarity between the user command sequence and the template sequence is derived from comparing the two sequences.
The user command sequence is compared to each template sequence in the set of templates thereby creating multiple closeness factors.
The closeness factors are examined to determine which sequence template is most similar to the user command sequence.
A frequency feature associated with the user command sequence and the most similar template sequence is calculated.
It is then determined whether the user command sequence is a potential intrusion into restricted portions of the computer network by examining output from a modeler using the frequency feature as one input.
Advantageously, network intrusions can be detected using matching metrics that are efficient and simple to maintain and understand.
In one embodiment, the user command sequence is obtained by chronologically logging commands and program names entered in the computer network thereby creating a command log, and then arranging the command log according to individual users on the computer network.
The user command sequence is identified from the command log using a predetermined time period.
In another embodiment, the frequency of the user command sequence occurring in a command stream created by a network user from a general population of network users is determined.
Another frequency value of how often the most similar sequence template occurs in a command stream created by all network users in the general population of network users is determined.
The two frequency values are used to calculate a frequency feature

Related patents

	Print system for executing printing operations based on macros selectively designated on document set basis It is an objective of the present invention to provide a print system in which a user can set different printing processes for each one of a plurality of document sets ...
	Method for intercepting network packets in a computing device OF THE INVENTION The concept of hooking is generally known in the art of computer programming. It means that a call to a default system service (like a function, ...
	System and method for partitioned distributed scanning of a large dataset for viruses and other malware The present invention provides a system and method for concurrently scanning a large dataset for computer viruses and other forms of malware. The dataset is organized ...
	Method and device for innoculating email infected with a virus The present invention provides for a method and network device for detecting and inoculating emails infected with viruses. The method identifies traffic flows, or ...
	Sliding scale adaptive self-synchronized dynamic address translation In view of the above, it is an object of the present invention to provide a method of translating packets in a manner that would entice a would-be adversary to try to ...
	Methods and systems for managing virtual addresses for virtual networks Reference will now be made in detail to the exemplary embodiments of the invention, examples of which are illustrated in the accompanying drawings. Wherever possible, ...
	Data carrier for the storage of data and circuit arrangement for such a data carrier The invention claimed is: 1. A data carrier for the storage of data, which data carrier has a first interface for communication with a first communication device and ...
	Exhaust valve for diesel engine and production thereof OF THE INVENTION Embodiments of the invention will be explained in referrence to the attached drawings. FIG. 1 shows the exhaust valve according to the invention for D...
	Computer system having a plurality of stored system capability states from which to resume According to the present invention a computer system is provided that has a plurality of suspend files allowing multiple system states to be selectively saved and ...
	Barrier synchronization method wherein members dynamic voting controls the number of synchronization phases of protocols and progression to each new phase The shortcomings of the prior art are overcome and additional advantages are provided through the provision of a barrier synchronization mechanism. A group cf members, ...

0.014
Archive: All patents - Links Copyright (c)2006 Eipa-patents.org - All rights reserved