Intrusion detection system
First Claim
Patent Images
1. A method of protecting a computer against attacks, said method comprising the steps of:
- a) monitoring application requests for resources;
b) selectively virtualizing requested said resources; and
c) granting a requesting application access to virtualized said resources.
1 Assignment
0 Petitions
Accused Products
Abstract
An intrusion detection system (IDS), method of protecting computers against intrusions and program product therefor. The IDS determines which applications are to run in native environment (NE) and places the remaining applications in a sandbox. Some of the applications in sandboxes may be placed in a personalized virtual environment (PVE) in the sandbox. Upon detecting an attempted attack, a dynamic honeypot may be started for an application in a sandbox and not in a PVE. A virtualized copy of system resources may be created for each application in a sandbox and provided to the corresponding application in the respective sandbox.
137 Citations
30 Claims
-
1. A method of protecting a computer against attacks, said method comprising the steps of:
-
a) monitoring application requests for resources;
b) selectively virtualizing requested said resources; and
c) granting a requesting application access to virtualized said resources. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer system protected against external attacks, said computer system comprising:
-
processing means for processing applications;
an application interface interfacing said applications with system resources, said applications requesting system resources through said application interface;
an intrusion detector monitoring application requests and identifying ones of said application requests as being potential attacks;
a system resource virtualizer selectively virtualizing requested said system resources responsive to an identified potential attack; and
means for granting access to virtualized said resources to a requesting one of said applications, said requesting one operating on said virtualized resources, said system resources being protected from said identified potential attack. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer program product for protecting a computer system against external attacks, said computer program product comprising a computer usable medium having computer readable program code thereon, said computer readable program code comprising:
-
computer readable program code means for an application interface interfacing running applications with system resources, said running applications requesting system resources through said application interface;
computer readable program code means for monitoring application requests and identifying ones of said application requests as being potential attacks;
computer readable program code means for selectively virtualizing requested said resources responsive to identified potential attacks; and
computer readable program code means for granting access to virtualized said resources to a requesting one of said running applications, said requesting one operating on said virtualized resources, said system resources being protected from said identified potential attacks. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
-
Specification