×

Methods and apparatus providing computer and network security utilizing probabilistic signature generation

  • US 9,286,469 B2
  • Filed: 08/04/2006
  • Issued: 03/15/2016
  • Est. Priority Date: 12/16/2005
  • Status: Active Grant
First Claim
Patent Images

1. A method of providing computer security in a computer networking environment including at least one computer system, the method comprising:

  • receiving information from at least one security interceptor associated with at least one computer system, the information including identifying details associated with a traffic flow in a computer system of the computer networking environment;

    wherein receiving information from at least one security interceptor associated with at least one computer system comprises receiving information from the at least one security interceptor indicating an occurrence, at a time the traffic flow was intercepted, of at least one of;

    a buffer overflow, a process exception and a system configuration file modification;

    wherein the details identify at least one system event that occurred on the same computer system;

    determining a probability that an attack on the computer system is in progress based on attack information associated with previous attacks;

    establishing a probabilistic link between the at least one system event and the probability that an attack on the computer system is in progress;

    wherein the probabilistic link is a correlation between the at least one system event and one or more system events in a plurality of system events associated with previous attacks;

    wherein the probability is based at least in part on one or more weights associated with the at least one system event; and

    based on the information provided by the at least one security interceptor, generating a signature utilized to prevent a similar attack on the computer system.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×