发明名称 |
Method and apparatus for intrusion detection in computers and computer networks |
摘要 |
<p>This invention relates to the detection of security problems in a computer network or on any computer within said network. To detect outsiders trying to break into a computer system (e.g. via the net) and/or to detect insiders misusing the privileges they have received (e.g. someone internal reading confidential data that he/she is not entitled to), the invention uses a behavior-based approach for a pattern-oriented intrusion detection system. Employing a novel algorithm, the Teiresias algorithm not used before for intrusion detection, the system represents the normal behavior of a process (103) by a pattern table (135), a pattern being a subsequence of audit events or system calls or the like. During real operation, a pattern match (133) of the event stream generated on behalf of the actual process examined (123) with the entries in the pattern table (135) is tried. Sequences of unmatched events are a deviation from the normal behavior. Such a deviation indicates that an intrusion may be taking place which can thus raise an alarm (136) to single out, stop, or control in any other way the intrusion. <IMAGE></p> |
申请公布号 |
EP0985995(B1) |
申请公布日期 |
2003.08.13 |
申请号 |
EP19980117083 |
申请日期 |
1998.09.09 |
申请人 |
INTERNATIONAL BUSINESS MACHINES CORPORATION |
发明人 |
DACIER, MARC C.;DEBAR, HERVE C.;WESPI, ANDREAS A.;FLORATOS, ARIS;RIGOUTSOS, ISIDORE |
分类号 |
G06F1/00;G06F21/55;(IPC1-7):G06F1/00 |
主分类号 |
G06F1/00 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|