Computer security intrusion detection system for remote, on-demand users
First Claim
1. In a remote, on-demand computing service environment in which one or more data processing hosts are made available to a remote on-demand user that does not have physical custody and control over said host(s), an intrusion detection system, comprising:
- means for monitoring resources defined by said on-demand user for intrusion events defined by said on-demand user;
said monitoring being performed by one or more intrusion detection agents that are run by said one or more data processing hosts, each intrusion detection agent being associated with a single one of said data processing hosts, and each of said data processing hosts that is being monitored running at least one of said intrusion detection agents;
said user-defined resources including hardware resources, non-network system software resources, non-network, local login system access resources and network access resources;
said user-defined intrusion events including hardware events, non-network system software events, non-network, local login system access events and network access events;
means for implementing responses to said intrusion events according to event-action rules defined by said on-demand user;
said user-defined event-action rules including notifying said on-demand user of said user-defined intrusion events; and
said intrusion detection system being operable to receive a specification of said resources, said intrusion events and said event-action rules from said on-demand user as security criteria to an on-demand service provider implementing said on-demand computing environment.
0 Assignments
0 Petitions
Accused Products
Abstract
An intrusion detection system, and a related method and computer program product, for implementing intrusion detection in a remote, on-demand computing service environment in which one or more data processing hosts are made available to a remote on-demand user that does not have physical custody and control over the host(s). Intrusion detection entails monitoring resources defined by the on-demand user (or a third party security provider) for intrusion events that are also defined by the on-demand user (or security provider), and implementing responses according to event-action rules that are further defined by the on-demand user (or security provider). An intrusion detection system agent is associated with each of the data processing hosts, and is adapted to monitor the intrusion events and report intrusion activity. If there are plural intrusion detection system agents, they can be individually programmed to monitor and report on agent-specific sets of the intrusion events. An intrusion detection system controller is associated with one of the data processing hosts. It is adapted to manage and monitor the intrusion detection system agent(s), process agent reports of intrusion activity, and communicate intrusion-related information to the on-demand user (or security provider). The responses to intrusion events can be implemented by the intrusion detection system controller in combination with the intrusion detection system agents, or by any such entity alone.
-
Citations
20 Claims
-
1. In a remote, on-demand computing service environment in which one or more data processing hosts are made available to a remote on-demand user that does not have physical custody and control over said host(s), an intrusion detection system, comprising:
-
means for monitoring resources defined by said on-demand user for intrusion events defined by said on-demand user; said monitoring being performed by one or more intrusion detection agents that are run by said one or more data processing hosts, each intrusion detection agent being associated with a single one of said data processing hosts, and each of said data processing hosts that is being monitored running at least one of said intrusion detection agents; said user-defined resources including hardware resources, non-network system software resources, non-network, local login system access resources and network access resources; said user-defined intrusion events including hardware events, non-network system software events, non-network, local login system access events and network access events; means for implementing responses to said intrusion events according to event-action rules defined by said on-demand user; said user-defined event-action rules including notifying said on-demand user of said user-defined intrusion events; and said intrusion detection system being operable to receive a specification of said resources, said intrusion events and said event-action rules from said on-demand user as security criteria to an on-demand service provider implementing said on-demand computing environment. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for implementing an intrusion detection system in on-demand computing service environment in which one or more data processing hosts are made available to a remote on-demand user that does not have physical custody and control over said host(s), the method comprising:
-
monitoring resources defined by said on-demand user for intrusion events defined by said on-demand user and implementing responses according to event-action rules defined by said on-demand user; said resources, said intrusion events and said event-action rules being received from said on-demand user as security criteria by an on-demand service provider implementing said on-demand computing environment; said monitoring being performed by one or more intrusion detection agents that are run by said one or more data processing hosts, each intrusion detection agent being associated with a single one of said data processing hosts, and each of said data processing hosts that is being monitored running at least one of said intrusion detection agents; said user-defined resources including hardware resources, non-network system software resources, non-network, local login system access resources and network access resources; said user-defined intrusion events including hardware events, non-network system software events, non-network, local login system access events and network access events; and said user-defined event-action rules including notifying said on-demand user of said user-defined intrusion events. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer program product for implementing an intrusion detection system in on-demand computing service environment in which one or more data processing hosts is made available to a remote on-demand user that does not have physical custody and control over said host(s), comprising:
-
one or more data storage media; means recorded on said data storage media for programming said one or more data processing hosts to operate by; monitoring resources defined by said on-demand user for intrusion events defined by said on-demand user and to implement responses according to event-action rules defined by said on-demand user; said resources, said intrusion events and said event-action rules being received from said on-demand user as security criteria by an on-demand service provider implementing said on-demand computing environment; said monitoring being performed by one or more intrusion detection agents that are run by said one or more data processing hosts, each intrusion detection agent being associated with a single one of said data processing hosts, and each of said data processing hosts that is being monitored running at least one of said intrusion detection agents; said user-defined resources including hardware resources, non-network system software resources, non-network, local login system access resources and network access resources; said user-defined intrusion events including hardware events, non-network system software events, non-network, local login system access events and network access events; and said user-defined event-action rules including notifying said on-demand user of said user-defined intrusion events. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. In a remote, on-demand computing service environment in which one or more data processing hosts is made available to a remote on-demand user that does not have physical custody and control over said host(s), an intrusion detection system adapted to monitor resources defined by said on-demand user for intrusion events defined by said on-demand user and to implement responses according to event-action rules defined by said on-demand user, said resources, said intrusion events and said event-action rules being specified by said on-demand user as security criteria to an on-demand service provider implementing said on-demand computing environment:
-
said intrusion detection system comprising; an intrusion detection system agent associated with each of said data processing hosts, said intrusion detection system agent(s) being individually programmed to monitor agent-specific sets of user-defined intrusion events and report intrusion activity to said intrusion detection system controller; each of said intrusion detection agents being associated with a single one of said data processing hosts, and each of said data processing hosts that is being monitored running at least one of said intrusion detection agents; an intrusion detection system controller associated with one of said data processing hosts, said intrusion detection system controller being adapted to manage and monitor said intrusion detection system agent(s), process reports of intrusion activity provided by said intrusion detection system agent(s), and communicate intrusion-related information to said on-demand user or other authorized entity; one or more of said intrusion detection system agent(s) and said intrusion detection system controller being adapted to perform event-action rule processing and implement said responses according to said event-action rules defined by said on-demand user; said user-defined resources including hardware resources, non-network system software resources, non-network, local login system access resources and network access resources; said user-defined intrusion events including hardware events, non-network system software events, non-network, local login system access events and network access events; and said user-defined event-action rules including notifying said on-demand user of said user-defined intrusion events.
-
-
20. A computer program product for implementing an intrusion detection system in on-demand computing service environment in which one or more data processing hosts is made available to a remote on-demand user that does not have physical custody and control over said host(s), comprising:
-
one or more data storage media; means recorded on said data storage media for programming said one or more data processing hosts to operate by; monitoring resources defined by said on-demand user for intrusion events defined by said on-demand user and to implement responses according to event-action rules defined by said on-demand user; said resources, said intrusion events and said event-action rules being specified by said on-demand user as security criteria to an on-demand service provider implementing said on-demand computing environment; said monitoring of user-defined events being performed by an intrusion detection system agent associated with each of said data processing hosts, said intrusion detection system agent(s) individually monitoring agent-specific sets of user-defined intrusion events and reporting intrusion activity to said intrusion detection system controller; each of said intrusion detection agents being associated with a single one of said data processing hosts, and each of said data processing hosts that is being monitored running at least one of said intrusion detection agents; said agent(s) being managed and monitored by an intrusion detection system controller associated with one of said data processing hosts, and which also processes reports of intrusion activity provided by said intrusion detection system agent(s), and communicates intrusion-related information to said on-demand user or other authorized entity; one or more of said intrusion detection system agent(s) and said intrusion detection system controller performing event-action rule processing and implementing said responses according to said event-action rules defined by said on-demand user; said user-defined resources including hardware resources, non-network system software resources, non-network, local login system access resources and network access resources; said user-defined intrusion events including hardware events, non-network system software events, non-network, local login system access events and network access events; and said user-defined event-action rules including notifying said on-demand user of said user-defined intrusion events.
-
Specification