Hierarchy-based method and apparatus for detecting attacks on a computer system

US 7,234,168 B2
Filed: 06/13/2002
Issued: 06/19/2007
Est. Priority Date: 06/13/2001
Status: Active Grant

First Claim

Patent Images

1. A method of provisioning a computer against computer attacks, comprising:

categorizing different computer attacks and counter measures into a plurality of categories each associated with at least one of a plurality of different target platforms;

constructing a hierarchy characterizing the different computer attacks and counter measures;

traversing said hierarchy to identify the computer attacks and counter measures relevant to a particular one of the different target platforms utilizing the catezorization by identifying the different computer attacks and counter measures categorized into one of the categories associated with the particular one of the different target platforms;

collecting detection and protection measures in response to said traversing; and

downloading said detection and protection measures to a security sensor associated with said target platform;

wherein the target platform is categorized to facilitate provisioning the computer against computer attacks.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of provisioning a computer against computer attacks includes constructing a hierarchy characterizing different computer attacks and counter measures, and traversing this hierarchy to identify computer attacks and countermeasures relevant to a target platform. Detection and protection measures are collected in response to this traversing. These detection and protection measures are then downloaded to a security sensor associated with the target platform.

214 Citations

23 Claims

1. A method of provisioning a computer against computer attacks, comprising:
- categorizing different computer attacks and counter measures into a plurality of categories each associated with at least one of a plurality of different target platforms;
  
  constructing a hierarchy characterizing the different computer attacks and counter measures;
  
  traversing said hierarchy to identify the computer attacks and counter measures relevant to a particular one of the different target platforms utilizing the catezorization by identifying the different computer attacks and counter measures categorized into one of the categories associated with the particular one of the different target platforms;
  
  collecting detection and protection measures in response to said traversing; and
  
  downloading said detection and protection measures to a security sensor associated with said target platform;
  
  wherein the target platform is categorized to facilitate provisioning the computer against computer attacks.

2. A method of provisioning a computer against computer attacks, comprising:
- categorizing different computer attacks or counter measures into a plurality of categories each associated with at least one of a plurality of different target platforms;
  
  identifying computer attacks or counter measures relevant to a particular one of the different target platforms utilizing the categorization, by identifying the different computer attacks or counter measures categorized into one of the categories associated with the particular one of the different target platforms;
  
  collecting detection and protection measures in response to the identification; and
  
  downloading the detection and protection measures to a security sensor associated with the target platform.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 20, 21, 22, 23)
- - 3. The method of claim 2, wherein the computer attacks or countermeasures are categorized to facilitate provisioning the computer against the computer attacks.
  - 4. The method of claim 3, wherein the computer attacks or countermeasures are categorized in accordance with a compromise of confidentiality.
  - 5. The method of claim 3, wherein the computer attacks or countermeasures are categorized in accordance with a compromise of authentication.
  - 6. The method of claim 3, wherein the computer attacks or countermeasures are categorized in accordance with a compromise of data integrity.
  - 7. The method of claim 3, wherein the computer attacks or countermeasures are categorized in accordance with a denial of services.
  - 8. The method of claim 3, wherein the computer attacks or countermeasures are categorized in accordance with a violation of security policies.
  - 9. The method of claim 3, wherein the computer attacks or countermeasures are categorized in accordance with probes and port scans.
  - 10. The method of claim 2, wherein target services are further categorized to facilitate provisioning the computer against the computer attacks.
  - 11. The method of claim 10, wherein the target services are categorized in accordance with HTTP services.
  - 12. The method of claim 10, wherein the target services are categorized in accordance with DNS services.
  - 13. The method of claim 10, wherein the target services are categorized in accordance with SMTP services.
  - 14. The method of claim 10, wherein the target services are categorized in accordance with FTP services.
  - 15. The method of claim 10, wherein the target services are categorized in accordance with telnet services.
  - 16. The method of claim 10, wherein the target services are categorized in accordance with NFS services.
  - 17. The method of claim 2, wherein monitoring points are categorized to facilitate provisioning the computer against the computer attacks.
  - 20. The method of claim 2, wherein the identified computer attacks are assigned serial numbers.
  - 21. The method of claim 20, wherein further included is a coverage map including an attack categorization tree with the serial numbers attached to nodes of the attack categorization tree.
  - 22. The method of claim 21, wherein the attack categorization tree includes a plurality of levels including a top level including the computers attacks mapped according to an attack impact, and a lower level including the computer attacks categorized based on the associated target platform.
  - 23. The method of claim 21, wherein each computer attack is attached to only one node of the attack categorization tree.

18. A computer program product for provisioning a computer against computer attacks, comprising:
- computer code for categorizing different computer attacks or counter measures into a plurality of catagories each associated with at least one of a plurality of different target platforms;
  
  computer code for identifying computer attacks or counter measures relevant to a particular one of the different target platforms utilizing the categorization, by identifying the different computer attacks or counter measures categorized into one of the categories associated with the particular one of the different target platforms;
  
  computer code for collecting detection or protection measures in response to the identification; and
  
  computer code for downloading the detection or protection measures to a security sensor associated with the target platform.

19. A system for provisioning a computer against computer attacks, comprising:
- logic for categorizing different computer attacks or counter measures into a plurality of categories each associated with at least one of a plurality of different target platforms;
  
  logic for identifying computer attacks or counter measures relevant to a particular one of the different target platforms utilizing the categorization, by identifying the different computer attacks or counter measures categorized into one of the categories associated with the particular one of the different target platforms;
  
  logic for collecting detection and protection measures in response to the identification; and
  
  logic for downloading the detection and protection measures to a security sensor associated with the target platform.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Gong, Fengmin, Gupta, Ramesh M., Raman, Ananth, Vissamsetti, Srikant, Jain, Parveen K., Amidon, Keith E., Haeffele, Steve M.
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Tolentino; Roderick

Application Number

US10/172,764
Publication Number

US 20030004689A1
Time in Patent Office

1,832 Days
Field of Search

726/22, 726/23, 726/24, 726/25
US Class Current

726/25
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04L 63/1458   Denial of Service

Hierarchy-based method and apparatus for detecting attacks on a computer system

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

214 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

Hierarchy-based method and apparatus for detecting attacks on a computer system

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

214 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others