公开(公告)号：US20060206940A1

公开(公告)日：2006-09-14

申请号：US11079380

申请日：2005-03-14

申请人： Christopher Strauss ,  Sebnem Jaji ,  Ramesh Chitor ,  Nam Keung

发明人： Christopher Strauss ,  Sebnem Jaji ,  Ramesh Chitor ,  Nam Keung

IPC分类号： G06F12/14 ,  G06F15/173 ,  G08B29/00

CPC分类号： H04L63/1408 ,  G06F21/55

摘要： An intrusion detection system, and a related method and computer program product, for implementing intrusion detection in a remote, on-demand computing service environment in which one or more data processing hosts are made available to a remote on-demand user that does not have physical custody and control over the host(s). Intrusion detection entails monitoring resources defined by the on-demand user (or a third party security provider) for intrusion events that are also defined by the on-demand user (or security provider), and implementing responses according to event-action rules that are further defined by the on-demand user (or security provider). An intrusion detection system agent is associated with each of the data processing hosts, and is adapted to monitor the intrusion events and report intrusion activity. If there are plural intrusion detection system agents, they can be individually programmed to monitor and report on agent-specific sets of the intrusion events. An intrusion detection system controller is associated with one of the data processing hosts. It is adapted to manage and monitor the intrusion detection system agent(s), process agent reports of intrusion activity, and communicate intrusion-related information to the on-demand user (or security provider). The responses to intrusion events can be implemented by the intrusion detection system controller in combination with the intrusion detection system agents, or by any such entity alone.

摘要翻译： 入侵检测系统以及相关方法和计算机程序产品，用于在远程点播计算服务环境中实现入侵检测，其中一个或多个数据处理主机可用于不具有的远程点播用户 对主机的实际保管和控制。 入侵检测需要监视由点播用户（或第三方安全提供商）定义的入侵事件的资源，这些入侵事件也由按需用户（或安全提供商）定义，并根据事件动作规则执行响应 由按需用户（或安全提供商）进一步定义。 入侵检测系统代理与每个数据处理主机相关联，并适用于监视入侵事件并报告入侵活动。 如果有多个入侵检测系统代理，则可以对其进行单独编程，以监视和报告特定于入侵事件的特定组。 入侵检测系统控制器与数据处理主机之一相关联。 它适用于管理和监视入侵检测系统代理，入侵活动的进程代理报告，以及将入侵相关信息传达给按需用户（或安全提供者）。 入侵事件的响应可以通过入侵检测系统控制器与入侵检测系统代理或任何这样的实体相结合来实现。