Computer security intrusion detection system for remote, on-demand users
First Claim
1. A method for implementing an intrusion detection system in an on-demand computing service environment in which one or more data processing hosts are made available to a remote on-demand user that does not have physical custody and control over said host(s), comprising:
- monitoring resources for intrusion events and implementing responses according to event-action rules;
said resources, said intrusion events and said event-action rules being defined by said on-demand user to a third-party entity authorized by said on-demand user to specify security criteria to an on-demand service provider implementing said on-demand computing service environment;
said monitoring being performed by one or more intrusion detection agents that are run by said one or more data processing hosts, each intrusion detection agent being associated with a single one of said data processing hosts, and each of said data processing hosts that is being monitored running at least one of said intrusion detection agents;
said user-defined resources including hardware resources, non-network system software resources, non-network, local login system access resources and network access resources;
said user-defined intrusion events including hardware events, non-network system software events, non-network, local login system access events and network access events; and
said user-defined event-action rules including notifying said on-demand user of said user-defined intrusion events.
1 Assignment
0 Petitions
Accused Products
Abstract
An intrusion detection system, and a related method and computer program product, for implementing intrusion detection in a remote, on-demand computing service environment in which one or more data processing hosts are made available to a remote on-demand user that does not have physical custody and control over the host(s). Intrusion detection entails monitoring resources defined by the on-demand user (or a third party security provider) for intrusion events that are also defined by the on-demand user (or security provider), and implementing responses according to event-action rules that are further defined by the on-demand user (or security provider). An intrusion detection system agent is associated with each of the data processing hosts, and is adapted to monitor the intrusion events and report intrusion activity. If there are plural intrusion detection system agents, they can be individually programmed to monitor and report on agent-specific sets of the intrusion events. An intrusion detection system controller is associated with one of the data processing hosts. It is adapted to manage and monitor the intrusion detection system agent(s), process agent reports of intrusion activity, and communicate intrusion-related information to the on-demand user (or security provider). The responses to intrusion events can be implemented by the intrusion detection system controller in combination with the intrusion detection system agents, or by any such entity alone.
-
Citations
4 Claims
-
1. A method for implementing an intrusion detection system in an on-demand computing service environment in which one or more data processing hosts are made available to a remote on-demand user that does not have physical custody and control over said host(s), comprising:
-
monitoring resources for intrusion events and implementing responses according to event-action rules; said resources, said intrusion events and said event-action rules being defined by said on-demand user to a third-party entity authorized by said on-demand user to specify security criteria to an on-demand service provider implementing said on-demand computing service environment; said monitoring being performed by one or more intrusion detection agents that are run by said one or more data processing hosts, each intrusion detection agent being associated with a single one of said data processing hosts, and each of said data processing hosts that is being monitored running at least one of said intrusion detection agents; said user-defined resources including hardware resources, non-network system software resources, non-network, local login system access resources and network access resources; said user-defined intrusion events including hardware events, non-network system software events, non-network, local login system access events and network access events; and said user-defined event-action rules including notifying said on-demand user of said user-defined intrusion events. - View Dependent Claims (2)
-
-
3. A method for implementing an intrusion detection system in an on-demand computing service environment in which one or more data processing hosts is made available to a remote on-demand user that does not have physical custody and control over said host(s), comprising:
-
monitoring resources for intrusion events and implementing responses according to event-action rules; said resources, said intrusion events and said event-action rules being defined by a third party entity authorized by said on-demand user to specify security criteria to an on-demand service provider implementing said on-demand computing service environment; said monitoring being performed by one or more intrusion detection agents that are run by said one or more data processing hosts, each intrusion detection agent being associated with a single one of said data processing hosts, and each of said data processing hosts that is being monitored running at least one of said intrusion detection agents; said user-defined resources including hardware resources, non-network system software resources, non-network, local login system access resources and network access resources; said user-defined intrusion events including hardware events, non-network system software events, non-network, local login system access events and network access events; and said user-defined event-action rules including notifying said on-demand user of said user-defined intrusion events. - View Dependent Claims (4)
-
Specification
-
- Resources
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsKeung, Nam, Chitor, Ramesh V., Jaji, Sebnem, Strauss, Christopher J.
-
Primary Examiner(s)Moazzami; Nasser G
-
Assistant Examiner(s)McNally; Michael S
-
Application NumberUS11/079,380Publication NumberTime in Patent Office1,786 DaysField of Search726/23US Class Current726/23CPC Class CodesG06F 21/55 Detecting local intrusion o...H04L 63/1408 by monitoring network traff...
