Distributed threat management

No: 7373666
No. de la demande: 10185008
Date d'archivage: 2002-07-01
Date d'emission: 2008-05-13
Genre: B2
Pretentions: 51
Feuilles de dessin: 11
Resume: A method and system are provided for managing a security threat in a distributed system. A distributed element of the system detects and reports suspicious activity to a threat management agent. The threat management agent determines whether an attack is taking place and deploys a countermeasure to the attack when the attack is determined to be taking place. Another method and system are also provided for managing a security threat in a distributed system. A threat management agent reviews reported suspicious activity including suspicious activity reported from at least one distributed element of the system, determines, based on the reports, whether a pattern characteristic of an attack occurred, and predicts when a next attack is likely to occur. Deployment of a countermeasure to the predicted next attack is directed in a time window based on when the next attack is predicted to occur.
Inventeurs:
	Kaler Christopher G. (15)
	Della-Libera Giovanni Moises (1)
	Shewchuk John P. (13)
Examinateur principal: Sheikh Ayaz
Examinateur adjoint: Chai Longbit
Agents:
	Birch, Stewart, Kolasch & Birch, LLP} (ORG) (8053)
Cessionnaires:
	Microsoft Corporation} (ORG) (5291)
Domaine de recherches:

Autre references:
	Box, Don. “A Brief History of SOAP” (Apr. 4, 2001) xml.com : http://webservices.xml.com/pub/a/ws/2001/04/04/soap.html.
	Barrus et al.; “A Distributed Autonomous-Agent Network-Intrusion Detection and Response System”. (Jun. 1998) NEC Research Index, Proceedings of the 1998 Command and Control Research and Technology Symposium.
	P.A. Porras, P.G. Neumann. “EMERALD: Event Monitoring Enabling Responses to Anomalous Live Distrubances” (1997) Proc. 20th NIST-NCSC National Information Systems Security Conference.
	E.A. Fisch “Intrusion Damage Control and Assessment: A Taxonomy and Implementation fo Automated Responses to Intrusive Behavior” (May 1996) PhD Thesis, Texas A&M University. Chapters I-III.
	The Honeynet Project “Know Your Enemy: Statistics” (Jul. 22, 2001). Avaliable online at http://www.chguy.net/news/jul01/attack-stats.html.
	J. Yuill, S.F. Wu, F. Gong, M. Huang. “Intrusion Detection for an On-Going Attack” (1999) Recent Advances in Intrusion Detection.
References:
	6324656
	6408391

Distributed threat management

No:

No. de la demande:

Date d'archivage:

Date d'emission:

Genre:

Pretentions:

Feuilles de dessin:

Resume:

Inventeurs:

Kaler Christopher G. (15)

Della-Libera Giovanni Moises (1)

Shewchuk John P. (13)

Examinateur principal:

Examinateur adjoint:

Agents:

Birch, Stewart, Kolasch & Birch, LLP} (ORG) (8053)

Cessionnaires:

Microsoft Corporation} (ORG) (5291)

Domaine de recherches:

Autre references:

Box, Don. “A Brief History of SOAP” (Apr. 4, 2001) xml.com : http://webservices.xml.com/pub/a/ws/2001/04/04/soap.html.

Barrus et al.; “A Distributed Autonomous-Agent Network-Intrusion Detection and Response System”. (Jun. 1998) NEC Research Index, Proceedings of the 1998 Command and Control Research and Technology Symposium.

P.A. Porras, P.G. Neumann. “EMERALD: Event Monitoring Enabling Responses to Anomalous Live Distrubances” (1997) Proc. 20th NIST-NCSC National Information Systems Security Conference.

E.A. Fisch “Intrusion Damage Control and Assessment: A Taxonomy and Implementation fo Automated Responses to Intrusive Behavior” (May 1996) PhD Thesis, Texas A&M University. Chapters I-III.

The Honeynet Project “Know Your Enemy: Statistics” (Jul. 22, 2001). Avaliable online at http://www.chguy.net/news/jul01/attack-stats.html.

J. Yuill, S.F. Wu, F. Gong, M. Huang. “Intrusion Detection for an On-Going Attack” (1999) Recent Advances in Intrusion Detection.

References:

6324656

6408391