Methods and apparatus providing computer and network security utilizing probabilistic signature generation
First Claim
1. A method of providing computer security in a computer networking environment including at least one computer system, the method comprising:
- receiving information from at least one security interceptor associated with at least one computer system, the information identifying details associated with a traffic flow in a computer system of the computer networking environment;
determining a probability that an attack on the computer system is in progress based on a probabilistic link provided by the information, the probabilistic link determined by attack information associated with previous attacks; and
based on the information provided by the at least one security interceptor, generating a signature utilized to prevent a similar attack on the computer system.
1 Assignment
0 Petitions
Accused Products
Abstract
A system receives information from at least one security interceptor associated with at least one computer system. The information identifies details associated with a traffic flow in a computer system of the computer networking environment. The system determines a probability that an attack on the computer system is in progress based on a probabilistic link provided by the information. The probabilistic link is determined by attack information associated with previous attacks. Based on the information provided by the at least one security interceptor, the system generates a signature utilized to prevent a similar attack on the computer system.
-
Citations
20 Claims
-
1. A method of providing computer security in a computer networking environment including at least one computer system, the method comprising:
-
receiving information from at least one security interceptor associated with at least one computer system, the information identifying details associated with a traffic flow in a computer system of the computer networking environment; determining a probability that an attack on the computer system is in progress based on a probabilistic link provided by the information, the probabilistic link determined by attack information associated with previous attacks; and based on the information provided by the at least one security interceptor, generating a signature utilized to prevent a similar attack on the computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer system comprising:
-
a memory; a processor; a communications interface; an interconnection mechanism coupling the memory, the processor and the communications interface; and wherein the memory is encoded with an application providing generating a signature that, when performed on the processor, provides a process for processing information, the process causing the computer apparatus to perform the operations of; providing an event correlation engine in communication with an application file interceptor; and
wherein said event correlation engine receives information from at least one security interceptor associated with at least one computer system, the information identifying details associated with a traffic flow in a computer system of the computer networking environment, and wherein said event correlation engine determines a probability that an attack on the computer system is in progress based on a probabilistic link provided by the information, the probabilistic link determined by attack information associated with previous attacks, and wherein based on the information provided by the at least one security interceptor, said event correlation engine generates a signature utilized to prevent a similar attack on the computer system. - View Dependent Claims (18)
-
-
19. A computer readable medium encoded with computer programming logic that when executed on a process in a computerized device provides computer security, the medium comprising:
-
instructions for receiving information from at least one security interceptor associated with at least one computer system, the information identifying details associated with a traffic flow in a computer system of the computer networking environment; instructions for determining a probability that an attack on the computer system is in progress based on a probabilistic link provided by the information, the probabilistic link determined by attack information associated with previous attacks; and based on the information provided by the at least one security interceptor, instructions for generating a signature utilized to prevent a similar attack on the computer system.
-
-
20. A computer system comprising:
-
a memory; a processor; a communications interface; an interconnection mechanism coupling the memory, the processor and the communications interface; wherein the memory is encoded with a probabilistic signature generation application that when executed on the processor configures the computerized device with a means for generating a signature, the means including; means for receiving information from at least one security interceptor associated with at least one computer system, the information identifying details associated with a traffic flow in a computer system of the computer networking environment; means for determining a probability that an attack on the computer system is in progress based on a probabilistic link provided by the information, the probabilistic link determined by attack information associated with previous attacks; and based on the information provided by the at least one security interceptor, means for generating a signature utilized to prevent a similar attack on the computer system.
-
Specification