System and method for host and network based intrusion detection and response
First Claim
Patent Images
1. A method of detecting intrusions using a host-based intrusion system, comprising:
- reading kernel records;
reformatting each of the read kernel records into a different format, wherein the different format is a memory mapped file; and
parsing the records and comparing the parsed records against one or more templates.
2 Assignments
0 Petitions
Accused Products
Abstract
The present application is directed to a host-based IDS on an HP-UX intrusion detection system that enhances local host-level security within the network. It should be understood that the present invention is also usable on, for example, Eglinux, solaris, aix windows 2000 operating systems. It does this by automatically monitoring each configured host system within the network for possible signs of unwanted and potentially damaging intrusions. If successful, such intrusions could lead to the loss of availability of key systems or could compromise system integrity.
-
Citations
40 Claims
-
1. A method of detecting intrusions using a host-based intrusion system, comprising:
-
reading kernel records; reformatting each of the read kernel records into a different format, wherein the different format is a memory mapped file; and parsing the records and comparing the parsed records against one or more templates. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A method of detecting changes to critical files/directories, comprising:
-
monitoring a predetermined set of files for modifications; monitoring a predetermined set of directories for modifications; generating an alert for each occurrence of a modification of a monitored file, wherein if a directory is specifically excluded and a file in the specifically excluded directory is specifically included then the file is monitored, and wherein the predetermined set of files includes a system kernel file and system kernel configuration files; and generating an alert for each occurrence of a modification of a monitored directory. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
Specification