Methodology and system for real time information system application intrusion detection
First Claim
1. An anomaly based methodology for information system application intrusion detection, the method comprising the steps of:
- a. non-intrusive monitoring of user requests. b. cataloguing of user requests to an application into an application profile database. c. analysis including comparison of user requests to the application profile database to identify potential security threats. d. format for reporting identified security threats.
0 Assignments
0 Petitions
Accused Products
Abstract
A methodology and system for application intrusion detection wherein the methodology constructs an application profile database that compares user requests to computer applications to determine their security threat. The methodology, Application Profiling, defines the characteristics of user interactions that are to be catalogued in the application profile database. In addition, the methodology identifies the process for creating the application profile database and defines the logic used to evaluate user application requests for anomalous behavior. The methodology also provides a format for communication of application security threats. The system implements the methodology in a stand-alone fashion.
29 Citations
2 Claims
-
1. An anomaly based methodology for information system application intrusion detection, the method comprising the steps of:
-
a. non-intrusive monitoring of user requests. b. cataloguing of user requests to an application into an application profile database. c. analysis including comparison of user requests to the application profile database to identify potential security threats. d. format for reporting identified security threats.
-
-
2. A system for Information System application intrusion detection via three components to the system, comprising the following elements:
-
a. a sensor focused on extracting the characteristic elements of application users requests as defined by the Application Profiling methodology. b. an Application Profile database that performs the cataloguing and analysis of user requests. c. a reporter that communicates identified security threats.
-
Specification