Secure initialization of intrusion detection system
First Claim
1. A method in a computer system for detecting intrusions, the method comprising:
- receiving a behavior profile associated with an application;
reading the behavior profile associated with the application;
monitoring execution of the application, according to the behavior profile;
if the behavior of the application does not conform to the behavior profile, issuing a message indicating that the application is not conforming to the behavior profile.
2 Assignments
0 Petitions
Accused Products
Abstract
A system, method and computer readable medium for detecting intrusions is disclosed. The method on a computer includes receiving a behavior profile associated with an application and reading the behavior profile associated with the application. The method further includes monitoring execution of the application, according to the behavior profile. If the behavior of the application does not conform to the behavior profile, a message is issued indicating that the application is not conforming to the behavior profile. The behavior profile can be generated by a developer of the intrusion detection system, a developer of the application, and/or a third party developer. Additionally, the behavior profile is generated by executing the system on a reference computer system or by heuristic determination.
69 Citations
22 Claims
-
1. A method in a computer system for detecting intrusions, the method comprising:
-
receiving a behavior profile associated with an application;
reading the behavior profile associated with the application;
monitoring execution of the application, according to the behavior profile;
if the behavior of the application does not conform to the behavior profile, issuing a message indicating that the application is not conforming to the behavior profile. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer readable medium including computer instructions for detecting intrusions, the computer instructions including instructions for:
-
receiving a behavior profile associated with an application;
reading the behavior profile associated with the application;
monitoring execution of the application, according to the behavior profile; and
if the behavior of the application does not conform to the behavior profile, issuing a message indicating that the application is not conforming to the behavior profile. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer system for detecting intrusions, comprising:
-
a first memory for storing an application;
a second memory for storing a behavior profile associated with the application;
a monitor, communicatively coupled with the first memory and the second memory, for monitoring execution of the application, according to the behavior profile;
a warning module, communicatively coupled with the monitor, for issuing a message indicating that the application is not conforming to the behavior profile. - View Dependent Claims (22)
-
Specification