Application-layer anomaly and misuse detection
DCFirst Claim
Patent Images
1. A method comprising:
- in a server, hosting an intrusion detection process that provides intrusion detection services;
integrating the intrusion detection process with a server process; and
passing a request for data received by the server process to the intrusion detection process,where the intrusion detection process comprises;
packing a subset of information from the request into an analysis format; and
delivering the subset in a funneling process, via a socket, to an analysis process.
5 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A method includes passing a request for data received by a first server process executing in a first server to a detection process that includes packing a subset of the data into an analysis format and passing the subset to an analysis process.
-
Citations
21 Claims
-
1. A method comprising:
-
in a server, hosting an intrusion detection process that provides intrusion detection services; integrating the intrusion detection process with a server process; and passing a request for data received by the server process to the intrusion detection process, where the intrusion detection process comprises; packing a subset of information from the request into an analysis format; and delivering the subset in a funneling process, via a socket, to an analysis process. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
conveying a request for data received by a web server process executing in a first server to a detection process that includes; packing a subset of information from the request into an analysis format; and passing the subset to an analysis process, where passing comprises; receiving the subset in a piped logs interface of the web server; and delivering the subset to a funneling process via a socket. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
16. A computer program product residing on a computer readable medium having instructions stored thereon which, when executed by a processor, cause the processor to:
-
host, in a server, an intrusion detection process that provides intrusion detection services; integrate the intrusion detection process with a server process; and pass a request for data received by the server process to the intrusion detection process, where the intrusion detection process comprises; packing a subset of information from the request into an analysis format; and delivering the subset in a funneling process, via a socket, to an analysis process.
-
-
17. A computer program product residing on a computer readable medium having instructions stored thereon which, when executed by a processor, cause the processor to:
-
convey a request for data received by a web server process executing in a first server to a detection process that includes; pack a subset of information from the request into an analysis format; and pass the subset to an analysis process, where passing comprises; receiving the subset in a piped logs interface of the web server; and delivering the subset to a funneling process via a socket.
-
-
18. A method for detecting misuse of an application server process that is hosted at a server in a network, the method comprising:
-
receiving, from the application server process, a forwarded request for data; packing a subset of information from the request into an analysis format; and delivering the subset in a funneling process, via a socket, to an analysis process. - View Dependent Claims (19, 20, 21)
-
Specification