Methodology and system for real time information system application intrusion detection
First Claim
1. An anomaly based methodology for information system application intrusion detection, the method comprising the steps of:
- a. non-intrusive monitoring of user requests. b. cataloguing of user requests to an application into an application profile database. c. analysis including comparison of user requests to the application profile database to identify potential security threats. d. format for reporting identified security threats.
0 Assignments
0 Petitions
Accused Products
Abstract
A methodology and system for application intrusion detection wherein the methodology constructs an application profile database that compares user requests to computer applications to determine their security threat. The methodology, Application Profiling, defines the characteristics of user interactions that are to be catalogued in the application profile database. In addition, the methodology identifies the process for creating the application profile database and defines the logic used to evaluate user application requests for anomalous behavior. The methodology also provides a format for communication of application security threats. The system implements the methodology in a stand-alone fashion.
29 Citations
2 Claims
-
1. An anomaly based methodology for information system application intrusion detection, the method comprising the steps of:
-
a. non-intrusive monitoring of user requests. b. cataloguing of user requests to an application into an application profile database. c. analysis including comparison of user requests to the application profile database to identify potential security threats. d. format for reporting identified security threats.
-
-
2. A system for Information System application intrusion detection via three components to the system, comprising the following elements:
-
a. a sensor focused on extracting the characteristic elements of application users requests as defined by the Application Profiling methodology. b. an Application Profile database that performs the cataloguing and analysis of user requests. c. a reporter that communicates identified security threats.
-
Specification
-
- Resources
-
Current AssigneeJonathan Brett Forcade
-
Original AssigneeJonathan Brett Forcade
-
InventorsForcade, Jonathan Brett
-
Application NumberUS10/714,999Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current713/201CPC Class CodesG06F 21/55 Detecting local intrusion o...G06F 21/552 involving long-term monitor...H04L 63/102 Entity profilesH04L 63/1416 Event detection, e.g. attac...H04L 63/1425 Traffic logging, e.g. anoma...
