Computer security intrusion detection system for remote, on-demand users

US 20060206940A1
Filed: 03/14/2005
Published: 09/14/2006
Est. Priority Date: 03/14/2005
Status: Active Grant

First Claim

Patent Images

1. In a remote, on-demand computing service environment in which one or more data processing hosts are made available to a remote on-demand user that does not have physical custody and control over said host(s), an intrusion detection system, comprising:

means for monitoring resources defined by said on-demand user for intrusion events defined by said on-demand user; and

means for implementing responses according to event-action rules defined by said on-demand user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An intrusion detection system, and a related method and computer program product, for implementing intrusion detection in a remote, on-demand computing service environment in which one or more data processing hosts are made available to a remote on-demand user that does not have physical custody and control over the host(s). Intrusion detection entails monitoring resources defined by the on-demand user (or a third party security provider) for intrusion events that are also defined by the on-demand user (or security provider), and implementing responses according to event-action rules that are further defined by the on-demand user (or security provider). An intrusion detection system agent is associated with each of the data processing hosts, and is adapted to monitor the intrusion events and report intrusion activity. If there are plural intrusion detection system agents, they can be individually programmed to monitor and report on agent-specific sets of the intrusion events. An intrusion detection system controller is associated with one of the data processing hosts. It is adapted to manage and monitor the intrusion detection system agent(s), process agent reports of intrusion activity, and communicate intrusion-related information to the on-demand user (or security provider). The responses to intrusion events can be implemented by the intrusion detection system controller in combination with the intrusion detection system agents, or by any such entity alone.

52 Citations

View as Search Results

24 Claims

1. In a remote, on-demand computing service environment in which one or more data processing hosts are made available to a remote on-demand user that does not have physical custody and control over said host(s), an intrusion detection system, comprising:
- means for monitoring resources defined by said on-demand user for intrusion events defined by said on-demand user; and
  
  means for implementing responses according to event-action rules defined by said on-demand user.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A system in accordance with claim 1 wherein said intrusion detection system comprises an intrusion detection system agent associated with each of said one or more data processing hosts, said intrusion detection system agent(s) being adapted to monitor and report said user-defined events.
  - 3. A system in accordance with claim 2 wherein there are plural intrusion detection system agents that are individually programmed to monitor agent-specific sets of user-defined intrusion events.
  - 4. A system in accordance with claim 2 wherein said intrusion detection system agent(s) is/are adapted to perform event-action rule processing and implement said responses according to said event-action rules defined by said on-demand user.
  - 5. A system in accordance with claim 2 wherein said intrusion detection system comprises an intrusion detection system controller associated with one of said data processing hosts, said intrusion detection system controller being adapted to manage and monitor said intrusion detection system agent(s), process reports of intrusion activity provided by said intrusion detection system agent(s), and communicate intrusion-related information to said on-demand user or other authorized entity.
  - 6. A system in accordance with claim 5 wherein said intrusion detection system controller is adapted to perform event-action rule processing and implement said responses according to said event-action rules defined by said on-demand user, either directly or using said intrusion detection system agent(s).

7. A method for implementing an intrusion detection system in on-demand computing service environment in which one or more data processing hosts are made available to a remote on-demand user that does not have physical custody and control over said host(s), the method comprising monitoring resources defined by said on-demand user for intrusion events defined by said on-demand user and implementing responses according to event-action rules defined by said on-demand user.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. A method in accordance with claim 7 wherein said monitoring of user-defined events is performed by an intrusion detection agent associated with each of said one or more data processing hosts.
  - 9. A method in accordance with claim 8 wherein plural intrusion detection agents individually monitor agent-specific sets of user-defined intrusion events.
  - 10. A method in accordance with claim 8 wherein said intrusion detection agent(s) perform(s) event-action rule processing and implement(s) said responses according to said event-action rules defined by said on-demand user.
  - 11. A method in accordance with claim 8 wherein said agent(s) is/are managed and monitored by an intrusion detection system controller associated with one of said data processing hosts, and which also processes reports of intrusion activity provided by said intrusion detection system agent(s), and communicates intrusion-related information to said on-demand user or other authorized entity.
  - 12. A method in accordance with claim 11 wherein said intrusion detection controller performs event-action rule processing and implements said responses according to said event-action rules defined by said on-demand user, either directly or using said intrusion detection system agent(s).

13. A computer program product for implementing an intrusion detection system in on-demand computing service environment in which one or more data processing hosts is made available to a remote on-demand user that does not have physical custody and control over said host(s), comprising:
- one or more data storage media;
  
  means recorded on said data storage media for programming said one or more data processing hosts to operate by;
  
  monitoring resources defined by said on-demand user for intrusion events defined by said on-demand user and to implement responses according to event-action rules defined by said on-demand user.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. A product in accordance with claim 13 wherein said monitoring of user-defined events is performed by an intrusion detection agent associated with each of said one or more data processing hosts.
  - 15. A product in accordance with claim 14 wherein plural intrusion detection agents individually monitor agent-specific sets of user-defined intrusion events.
  - 16. A product in accordance with claim 14 wherein said intrusion detection agent(s) perform(s) event-action rule processing and implement(s) said responses according to said event-action rules defined by said on-demand user.
  - 17. A product in accordance with claim 16 wherein said agent(s) is/are managed and monitored by an intrusion detection system controller associated with one of said data processing hosts, and which also processes reports of intrusion activity provided by said intrusion detection system agent(s), and communicates intrusion-related information to said on-demand user or other authorized entity.
  - 18. A product in accordance with claim 16 wherein said intrusion detection controller performs event-action rule processing and implements said responses according to said event-action rules defined by said on-demand user, either directly or using said intrusion detection system agent(s).

19. In a remote, on-demand computing service environment in which one or more data processing hosts is made available to a remote on-demand user that does not have physical custody and control over said host(s), an intrusion detection system adapted to monitor resources defined by said on-demand user for intrusion events defined by said on-demand user and to implement responses according to event-action rules defined by said on-demand user;
- said intrusion detection system comprising;
  
  an intrusion detection system agent associated with each of said data processing hosts, said intrusion detection system agent(s) being individually programmed to monitor agent-specific sets of user-defined intrusion events and report intrusion activity to said intrusion detection system controller;
  
  an intrusion detection system controller associated with one of said data processing hosts, said intrusion detection system controller being adapted to manage and monitor said intrusion detection system agent(s), process reports of intrusion activity provided by said intrusion detection system agent(s), and communicate intrusion-related information to said on-demand user or other authorized entity; and
  
  one or more of said intrusion detection system agent(s) and said intrusion detection system controller being adapted to perform event-action rule processing and implement said responses according to said event-action rules defined by said on-demand user.

20. A computer program product for implementing an intrusion detection system in on-demand computing service environment in which one or more data processing hosts is made available to a remote on-demand user that does not have physical custody and control over said host(s), comprising:
- one or more data storage media;
  
  means recorded on said data storage media for programming said one or more data processing hosts to operate by;
  
  monitoring resources defined by said on-demand user for intrusion events defined by said on-demand user and to implement responses according to event-action rules defined by said on-demand user;
  
  said monitoring of user-defined events being performed by an intrusion detection system agent associated with each of said data processing hosts, said intrusion detection system agent(s) individually monitoring agent-specific sets of user-defined intrusion events and reporting intrusion activity to said intrusion detection system controller;
  
  said agent(s) being managed and monitored by an intrusion detection system controller associated with one of said data processing hosts, and which also processes reports of intrusion activity provided by said intrusion detection system agent(s), and communicates intrusion-related information to said on-demand user or other authorized entity; and
  
  one or more of said intrusion detection system agent(s) and said intrusion detection system controller performing event-action rule processing and implementing said responses according to said event-action rules defined by said on-demand user.

21. A method for implementing an intrusion detection system in an on-demand computing service environment in which one or more data processing hosts are made available to a remote on-demand user that does not have physical custody and control over said host(s), comprising:
- monitoring resources for intrusion events and implementing responses according to event-action rules; and
  
  said resources, said intrusion events and said event-action rules being defined by said on-demand user to a third-party entity authorized by said on-demand user to specify security criteria to an on-demand service provider implementing said on-demand computing service environment.
- View Dependent Claims (22)
- - 22. A method in accordance with claim 21 wherein said third party entity is a security provider authorized by said on-demand user to interact with said one or more data processing hosts.

23. A method for implementing an intrusion detection system in on-demand computing service environment in which one or more data processing hosts is made available to a remote on-demand user that does not have physical custody and control over said host(s), comprising:
- monitoring resources for intrusion events and implementing responses according to event-action rules; and
  
  said resources, said intrusion events and said event-action rules being defined by a third party entity authorized by said on-demand user to specify security criteria to an on-demand service provider implementing said on-demand computing service environment.
- View Dependent Claims (24)
- - 24. A method in accordance with claim 23 wherein said third party entity is a security provider authorized by said on-demand user to interact with said one or more data processing hosts.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Keung, Nam, Chitor, Ramesh V., Jaji, Sebnem, Strauss, Christopher J.

Granted Patent

US 7,657,939 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/55 Detecting local intrusion o...

H04L 63/1408 by monitoring network traff...

Computer security intrusion detection system for remote, on-demand users

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

52 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Computer security intrusion detection system for remote, on-demand users

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links