System, method, and program product for managing an intrusion detection system

US 7,084,760 B2
Filed: 05/04/2004
Issued: 08/01/2006
Est. Priority Date: 05/04/2004
Status: Active Grant

First Claim

Patent Images

1. A method of managing an intrusion event log on an intrusion event detection system of a computer system comprising:

a. providing a list of known benign intrusion events by;

b. performing a vulnerability test on an element of said computer system for said known benign intrusion event at a predetermined time interval from a previous test or previous intrusion event of said known benign intrusion event; and

c. increasing the predetermined time interval to said next text.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An intrusion event detection system, method, and program product with an enumeration of specific known benign intrusion events, and performing a vulnerability test on specific elements of the computer system for the particular known benign intrusion event. These vulnerability tests are performed at predetermined time intervals measured from a previous test or previous intrusion event of the known benign intrusion event. The predetermined time interval is increased based on various attributes, passage of time since the last intrusion event of either the specific known benign intrusion event or another known benign intrusion event, or even a an undetermined or harmful intrusion event, or the present detection of an intrusion even; or the vulnerability of a specific element in the computer system to a specific intrusion event.

Citations

14 Claims

1. A method of managing an intrusion event log on an intrusion event detection system of a computer system comprising:
- a. providing a list of known benign intrusion events by;
  
  b. performing a vulnerability test on an element of said computer system for said known benign intrusion event at a predetermined time interval from a previous test or previous intrusion event of said known benign intrusion event; and
  
  c. increasing the predetermined time interval to said next text.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 comprising managing the list of known benign intrusion events by performing a vulnerability test on an element of said computer system for said known benign intrusion event at a predetermined time interval from a previous test or previous intrusion event of said known benign intrusion event;
    - and increasing the predetermined time interval to said next event up to a preset limit.
  - 3. The method of claim 1 comprising increasing the predetermined time interval from a previous test or intrusion event until a next scheduled vulnerability test based upon at least one of:
    - a. passage of time since the last intrusion event;
      
      b. detection of an intrusion even;
      
      c. the vulnerability of a specific element in the computer system to a specific intrusion event; and
      
      d. a preset limit.
  - 4. The method of claim 1 comprising periodically purging the known benign event list.
  - 5. The method of claim 1 comprising periodic age based purging of the known benign event list.
  - 6. The method of claim 1 comprising alteration based purging of the known benign event list.
  - 7. The method of claim 1 comprising testing the computer system for vulnerability to an intrusion event, including the steps of:
    - a. if vulnerability is detected, incrementing the time to the next vulnerability test;
      
      b. else, storing the present value of the time interval to the next vulnerability test.

8. A program product to control a computer to:
- a. detect an intrusion event;
  
  b. compare the detected intrusion event to a list of known benign intrusion events;
  
  c. issue an intrusion event notification if the detected intrusion event is not on the list of known benign intrusion events;
  
  d. else make an entry on the list of known benign intrusion events ifthe intrusion event is on said list of known benign intrusion events; and
  
  further adapted to manage the list of known benign intrusion events by;
  
  a. performing a vulnerability test on an element of said computer system for said known benign intrusion event at a predetermined time interval from a previous test or previous intrusion event of said known benign intrusion event; and
  
  b. increasing the predetermined time interval to said next event.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The program product of claim 8 wherein the program product manages the list of known benign intrusion events by performing a vulnerability test on an element of said computer system for said known benign intrusion event at a predetermined time interval from a previous test or previous intrusion event of said known benign intrusion event;
    - and increasing the predetermined time interval to said next event to a preset limit.
  - 10. The program product of claim 8 further adapted to increase the predetermined time interval from a previous test or intrusion event until a next scheduled vulnerability test based upon at least one of:
    - a. passage of time since the last intrusion event;
      
      b. detection of an intrusion even;
      
      c. the vulnerability of a specific element in the computer system to a specific intrusion event; and
      
      d. a preset limit.
  - 11. The program product of claim 8 further adapted to periodically purge the known benign event list.
  - 12. The program product of claim 8 adapted to conduct periodic age based purging of the known benign event list.
  - 13. The program product of claim 8 adapted to conduct computer system alteration based purging of the known benign event list.
  - 14. The program product of claim 8 adapted to test the computer system for vulnerability to an intrusion event, including the steps of:
    - a. if vulnerability is detected, incrementing the time to the next vulnerability test;
      
      b. else, storing the present value of the time interval to the next vulnerability test.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Finjan Blue, Inc. (FIG LLC (d/b/a Fortress Investment Group LLC))
Original Assignee
International Business Machines Corporation
Inventors
Himberger, Kevin D., Jeffries, Clark Debs, McMillen, David M., Ziraldo, John Allan
Primary Examiner(s)
NGUYEN, HUNG T

Application Number

US10/838,711
Publication Number

US 20050248457A1
Time in Patent Office

819 Days
Field of Search

340/540, 340/541, 340/825.22, 340/539.13, 340/539.19, 340/5.1, 340/5.2, 340/5.22, 340/5.23, 713/200, 713/201, 709/223, 709/224, 705/1
US Class Current

340/540
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

System, method, and program product for managing an intrusion detection system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

System, method, and program product for managing an intrusion detection system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links