Method and system for responding to a computer intrusion
First Claim
1. A method for managing an intrusion on a computer, the method comprising:
- graphically representing an intrusion path of a known intrusion, the graphical representation including a scripted response at a node in the intrusion path;
matching a current intrusion of the computer to the graphical representation of the known intrusion according to at least one common feature in the intrusion path of the known intrusion and the current intrusion; and
responsive to the matching of the known intrusion and the current intrusion, initiating the scripted response, which is capable of responding to the current intrusion.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for managing an intrusion on a computer by graphically representing an intrusion pattern of a known past intrusion, and then comparing the intrusion pattern of the known intrusion with a current intrusion. The intrusion pattern may either be based on intrusion events, which are the effects of the intrusion or activities that provide a signature of the type of intrusion, or the intrusion pattern may be based on hardware topology that is affected by the intrusion. The intrusion pattern is graphically displayed with scripted responses, which in a preferred embodiment are presented in pop-up windows associated with each node in the intrusion pattern. Alternatively, the response to the intrusion maybe automatic, based on a pre-determined percentage of common features in the intrusion pattern of the known past intrusion and the current intrusion.
-
Citations
42 Claims
-
1. A method for managing an intrusion on a computer, the method comprising:
-
graphically representing an intrusion path of a known intrusion, the graphical representation including a scripted response at a node in the intrusion path;
matching a current intrusion of the computer to the graphical representation of the known intrusion according to at least one common feature in the intrusion path of the known intrusion and the current intrusion; and
responsive to the matching of the known intrusion and the current intrusion, initiating the scripted response, which is capable of responding to the current intrusion. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for managing an intrusion on a computer, the system comprising:
-
means for graphically representing an intrusion pattern of a known intrusion, the graphical representation including a scripted response at a node in the intrusion path;
means for matching a current intrusion of the computer to the graphical representation of the known intrusion according to at least one common feature in the intrusion path of the known intrusion and the current intrusion; and
means for initiating a scripted response for the current intrusion according to the matching of the known intrusion and the current intrusion. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A computer usable medium for managing an intrusion on a computer, the computer usable medium comprising:
-
computer program code for graphically representing an intrusion pattern of a known intrusion, the graphical representation including a scripted response at a node in the intrusion path;
computer program code for matching a current intrusion of the computer to the graphical representation of the known intrusion according to at least one common feature in the intrusion path of the known intrusion and the current intrusion; and
computer program code for initiating a scripted response for the current intrusion according to the matching of the known intrusion and the current intrusion. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
Specification