Preventing attacks in a data processing system

A method and apparatus for facilitating reduction in successful attacks on a monitored data processing system, such as a host computer. An intrusion detection system comprises a host or application based sensor for detecting code based intrusions with a relatively low false-positive rate. Malicious...

Full description

Saved in:
Bibliographic Details
Main Authors SWIMMER MORTON D, WESPI ANDREAS, ZAMBONI DIEGO M
Format Patent
LanguageEnglish
Published 30.06.2009
Subjects
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online AccessGet full text

Cover

More Information
Summary:A method and apparatus for facilitating reduction in successful attacks on a monitored data processing system, such as a host computer. An intrusion detection system comprises a host or application based sensor for detecting code based intrusions with a relatively low false-positive rate. Malicious code strings related to a detected intrusion are identified, extracted and forwarded to a pattern filter located in the monitored data processing system to prevent further intrusions using said malicious code strings. The malicious code strings may be forwarded to a response server for assembling sets of similar malicious code strings for which signatures are generated to permit identification of all malicious code strings contained in a set. The generated signatures are then distributed to monitored and/or monitoring systems of a protected network to prevent further intrusions using the malicious code strings and variations thereof.
Bibliography:Application Number: US20040756744