-
公开(公告)号:US20080077989A1
公开(公告)日:2008-03-27
申请号:US11841214
申请日:2007-08-20
IPC分类号: G06F21/00
CPC分类号: H04L63/1408 , G06F21/55 , G06F2221/2101 , H04L63/1458
摘要: A method of operating an intrusion detection system. The system determines occurrence of a signature event indicative of a denial of service intrusion on a protected device. A value of a signature event counter is increased. The value of the signature event counter is adjusted to not include a count of signature events past a sliding window. The value of the signature event counter is determined to exceed a signature threshold quantity, followed by generation of an alert at a time subsequently recorded in a log. The log is cleared of entries past a permissible age. A present alert generation rate is determined as a ratio of the total number of timestamps in the log to the permissible age. The present alert generation rate is ascertained to exceed an alert generation rate threshold. A selected element of the signature set is altered to decrease the alert generation rate.
摘要翻译: 一种操作入侵检测系统的方法。 该系统确定在被保护设备上指示拒绝服务入侵的签名事件的发生。 签名事件计数器的值增加。 签名事件计数器的值被调整为不包括通过滑动窗口的签名事件的计数。 签名事件计数器的值被确定为超过签名阈值量,随后在随后记录在日志中的时间生成警报。 日志清除超过许可年龄的条目。 当前的警报生成速率被确定为日志中的时间戳的总数与允许的年龄之间的比率。 确定当前警报生成速率超过警报生成速率阈值。 更改签名集的选定元素以降低警报生成速率。
-
2.发明申请Systems, methods and computer program products for administration of computer security threat countermeasures to a computer system 有权用于管理计算机安全威胁的系统,方法和计算机程序产品对计算机系统的对策公开(公告)号:US20050039046A1
公开(公告)日:2005-02-17
申请号:US10624158
申请日:2003-07-22
申请人: Jeffrey Bardsley , Ashley Brock , Charles Davis , Nathaniel Kim , John McKenna , Carlos Villegas
发明人: Jeffrey Bardsley , Ashley Brock , Charles Davis , Nathaniel Kim , John McKenna , Carlos Villegas
CPC分类号: G06F21/577 , G06F21/552
摘要: A countermeasure for a computer security threat to a computer system is administered by establishing a baseline identification of an operating or application system type and an operating or application system release level for the computer system that is compatible with a Threat Management Vector (TMV). A TMV is then received, including therein a first field that provides identification of at least one operating system type that is affected by a computer security threat, a second field that provides identification of an operating system release level for the operating system type, and a third field that provides identification of a set of possible countermeasures for an operating system type and an operating system release level. Countermeasures that are identified in the TMV are processed if the TMV identifies the operating system type and operating system release level for the computer system as being affected by the computer security threat. The received TMV may be mutated to a format for processing of the countermeasure.
摘要翻译: 通过建立与威胁管理向量(TMV)兼容的计算机系统的操作或应用程序系统类型以及操作或应用程序系统发布级别来管理对计算机系统的计算机安全威胁的对策。 然后接收TMV,其中包括提供受计算机安全威胁影响的至少一个操作系统类型的标识的第一字段,提供操作系统类型的操作系统释放级别的标识的第二字段,以及 第三字段,其提供对操作系统类型和操作系统释放级别的一组可能的对策的标识。 如果TMV将计算机系统的操作系统类型和操作系统发行级别识别为受计算机安全威胁影响,则会处理TMV中识别的对策。 所接收的TMV可以被突变成用于处理对策的格式。
-
3.发明申请Domain controlling systems, methods and computer program products for administration of computer security threat countermeasures to a domain of target computer systems 有权域控制系统,方法和计算机程序产品,用于管理计算机安全威胁对策到目标计算机系统的一个领域公开(公告)号:US20050198520A1
公开(公告)日:2005-09-08
申请号:US10791560
申请日:2004-03-02
申请人: Jeffrey Bardsley , Ashley Brock , Charles Davis , Nathaniel Kim , John McKenna , Carlos Villegas
发明人: Jeffrey Bardsley , Ashley Brock , Charles Davis , Nathaniel Kim , John McKenna , Carlos Villegas
IPC分类号: H04L9/00
CPC分类号: G06F21/577 , G06F2221/2101 , G06F2221/2149 , G06F2221/2151 , H04L63/1433
摘要: A threat management domain controller is responsive to a computer-actionable threat management vector that includes a first computer-readable field that provides identification of at least one system type that is affected by a computer security threat, a second computer-readable field that provides identification of a release level for the system type and a third computer-readable field that provides identification of a set of possible countermeasures for a system type and release level. The threat management domain controller processes a threat management vector that is received for use by a domain of target computer systems, and transmits the threat management vector that has been processed to at least one of the target computer systems in the domain of target computer systems.
摘要翻译: 威胁管理域控制器响应于计算机可执行的威胁管理向量,其包括提供对受计算机安全威胁影响的至少一种系统类型的标识的第一计算机可读字段,提供识别的第二计算机可读域 的系统类型的释放级别和第三计算机可读字段,其提供用于系统类型和释放级别的一组可能的对策的标识。 威胁管理域控制器处理被接收以供目标计算机系统的域使用的威胁管理向量,并将已处理的威胁管理向量传输到目标计算机系统域中的至少一个目标计算机系统。
-
4.发明申请Systems, methods and data structures for generating computer-actionable computer security threat management information 审中-公开用于生成计算机可执行计算机安全威胁管理信息的系统,方法和数据结构公开(公告)号:US20050022021A1
公开(公告)日:2005-01-27
申请号:US10624344
申请日:2003-07-22
申请人: Jeffrey Bardsley , Ashley Brock , Charles Davis , Nathaniel Kim , John McKenna , Carlos Villegas
发明人: Jeffrey Bardsley , Ashley Brock , Charles Davis , Nathaniel Kim , John McKenna , Carlos Villegas
CPC分类号: G06F21/577
摘要: Computer security threat management information is generated upon receiving notification of a computer security threat, by generating a computer-actionable Threat Management Vector (TMV) from the notification that was received. The TMV includes a first computer-readable field that provides identification of at least one system type that is affected by the security threat, a second computer-readable field that provides identification of a release level for the system type, and a third computer-readable field that provides identification of a set of possible countermeasures for a system type and a release level. The TMV that is generated is transmitted to target systems for processing.
摘要翻译: 计算机安全威胁管理信息是在收到计算机安全威胁的通知后生成的,通过从收到的通知生成计算机可执行的威胁管理向量(TMV)。 TMV包括提供对受安全威胁影响的至少一种系统类型的标识的第一计算机可读字段,提供用于系统类型的发布级别的标识的第二计算机可读字段和第三计算机可读字段 字段,其提供用于系统类型和释放级别的一组可能的对策的标识。 生成的TMV被传送到目标系统进行处理。
-
5.发明申请Use of discovery scanning and method of IP only communication to identify owners and administrators of network attached devices 有权使用发现扫描和仅IP通信的方法来识别网络连接设备的所有者和管理员公开(公告)号:US20060206593A1
公开(公告)日:2006-09-14
申请号:US11074517
申请日:2005-03-08
申请人: Charles Lingafelt , Ashley Brock , Scott Creeley , Charles Jolla , Mark Techmeier , Ronald Walter
发明人: Charles Lingafelt , Ashley Brock , Scott Creeley , Charles Jolla , Mark Techmeier , Ronald Walter
IPC分类号: G06F15/177
摘要: Method, system, and product for remotely communicating with and identifying owners of objects on an IP network by providing a database identifying owners of objects on an IP network, discovery scanning the IP network for logical objects, sending a message to an unlisted logical object requesting a registration action of the recipient, receiving the registration action indicating an owner of the logical object, and updating the database with the received indication of the owner of the object. The method, system, or product may be embodied in a software application (such as an operating system element), a dedicated processor, or a dedicated processor with dedicated code.
摘要翻译: 方法,系统和产品,用于通过提供识别IP网络上的对象的所有者的数据库来远程通信和识别IP网络上的对象的所有者,发现扫描用于逻辑对象的IP网络,向未请求的逻辑对象发送消息 接收者的注册动作,接收指示所述逻辑对象的所有者的注册动作,并且使用所接收到的所述对象的指示更新所述数据库。 方法,系统或产品可以体现在具有专用代码的软件应用(例如操作系统元件),专用处理器或专用处理器中。
-
-
-
-
搜索结果
5 条记录 (耗时 0.042 秒)
