Kernel-based intrusion detection using bloom filters

Invention Grant

US07900194B1 Kernel-based intrusion detection using bloom filters 有权

Title translation: 基于内核的入侵检测使用bloom过滤器

Please log in to see more content

Patent Title: Kernel-based intrusion detection using bloom filters
Patent Title (中): 基于内核的入侵检测使用bloom过滤器
Application No.: US11088151

Application Date: 2005-03-23
Publication No.: US07900194B1

Publication Date: 2011-03-01
Inventor: David P. Mankins
Applicant: David P. Mankins
Applicant Address: US NJ Basking Ridge US NJ Basking Ridge
Assignee: Verizon Corporate Services Group Inc.,Raytheon BBN Technologies Corp.
Current Assignee: Verizon Corporate Services Group Inc.,Raytheon BBN Technologies Corp.
Current Assignee Address: US NJ Basking Ridge US NJ Basking Ridge
Main IPC: G06F9/44
IPC: G06F9/44 ; G06F11/00 ; G06F7/04

Abstract:

Kernel-based intrusion detection using Bloom filters is disclosed. In one of many possible embodiments for detecting an intrusion attack, a Bloom filter is provided and used to generate a Bloom filter data object. The Bloom filter data object contains data representative of expected system-call behavior associated with a computer program. The Bloom filter data object is embedded in an operating system (“OS”) kernel upon an invocation of the computer program. Actual system-call behavior is compared with the data in the Bloom filter data object.

Abstract(Chinese):

公开了使用Bloom过滤器的基于内核的入侵检测。在用于检测入侵攻击的许多可能实施例之一中，提供Bloom过滤器并用于生成Bloom过滤器数据对象。 Bloom过滤器数据对象包含代表与计算机程序相关联的预期系统呼叫行为的数据。在调用计算机程序时，Bloom过滤器数据对象嵌入到操作系统（“OS”）内核中。实际系统调用行为与Bloom过滤器数据对象中的数据进行比较。

Information query

Espacenet

IPC分类:

G	物理
G06	计算；推算或计数
G06F	电数字数据处理（基于特定计算模型的计算机系统入G06N）
G06F9/00	程序控制装置，例如，控制单元（用于外部设备的程序控制入G06F13/10）
G06F9/06	.应用存入的程序的，即应用处理设备的内部存储来接收程序并保持程序的
G06F9/44	..用于执行专门程序的装置