公开(公告)号：WO2004051441A2

公开(公告)日：2004-06-17

申请号：PCT/GB0305219

申请日：2003-11-28

Applicant: IBM ,  IBM UK

Inventor： BAFFES PAUL THOMAS ,  GILFIX MICHAEL ,  GARRISON JOHN MICHAEL ,  HSU ALLAN ,  STADING TYRON JERROD

IPC: G06F1/00 ,  G06F9/30 ,  G06F11/30 ,  G06F11/36 ,  G06F15/00 ,  G06F21/00 ,  H04L12/24 ,  H04L29/06

CPC classification number: H04L63/1408 ,  G06F21/316 ,  G06F21/552 ,  G06F21/554 ,  G06F21/566 ,  G06F2221/2101 ,  H04L63/1458

Abstract: A method and system for managing an intrusion on a computer by graphically representing an intrusion pattern of a known past intrusion, and then comparing the intrusion pattern of the known intrusion with a current intrusion. The intrusion pattern may either be based on intrusion events, which are the effects of the intrusion or activities that provide a signature of the type of intrusion, or the intrusion pattern may be based on hardware topology that is affected by the intrusion. The intrusion pattern is graphically displayed with scripted responses, which in a preferred embodiment are presented in pop-up windows associated with each node in the intrusion pattern. Alternatively, the response to the intrusion may be automatic, based on a pre-determined percentage of common features in the intrusion pattern of the known past intrusion and the current intrusion.

Abstract translation: 用于通过图形地表示已知过去入侵的入侵模式来管理计算机上的入侵的方法和系统，然后将已知入侵的入侵模式与当前入侵进行比较。 入侵模式可以基于入侵事件，这是入侵或提供入侵类型的签名的活动的影响，或者入侵模式可能基于受入侵影响的硬件拓扑。 入侵模式以图形方式显示脚本响应，其在优选实施例中以与入侵模式中的每个节点相关联的弹出窗口中呈现。 或者，基于已知的过去入侵和当前入侵的入侵模式中的共同特征的预定百分比，对入侵的响应可以是自动的。

公开(公告)号：AU2003285563A1

公开(公告)日：2004-06-23

申请号：AU2003285563

申请日：2003-11-28

Applicant: IBM

Inventor： BAFFES PAUL THOMAS ,  GILFIX MICHAEL ,  GARRISON JOHN MICHAEL ,  HSU ALLAN ,  STADING TYRON JERROD

IPC: G06F1/00 ,  G06F9/30 ,  G06F11/30 ,  G06F11/36 ,  G06F15/00 ,  G06F21/00 ,  H04L12/24 ,  H04L29/06

Abstract: A method and system for managing an intrusion on a computer by graphically representing an intrusion pattern of a known past intrusion, and then comparing the intrusion pattern of the known intrusion with a current intrusion. The intrusion pattern may either be based on intrusion events, which are the effects of the intrusion or activities that provide a signature of the type of intrusion, or the intrusion pattern may be based on hardware topology that is affected by the intrusion. The intrusion pattern is graphically displayed with scripted responses, which in a preferred embodiment are presented in pop-up windows associated with each node in the intrusion pattern. Alternatively, the response to the intrusion may be automatic, based on a pre-determined percentage of common features in the intrusion pattern of the known past intrusion and the current intrusion.

公开(公告)号：AT341024T

公开(公告)日：2006-10-15

申请号：AT03778561

申请日：2003-11-28

Applicant: IBM

Inventor： BAFFES PAUL THOMAS ,  GILFIX MICHAEL ,  GARRISON JOHN MICHAEL ,  HSU ALLAN ,  STADING TYRON JERROD

IPC: G06F1/00 ,  G06F9/30 ,  G06F11/30 ,  G06F11/36 ,  G06F15/00 ,  G06F21/00 ,  H04L12/24 ,  H04L29/06

Abstract: A method and system for managing an intrusion on a computer by graphically representing an intrusion pattern of a known past intrusion, and then comparing the intrusion pattern of the known intrusion with a current intrusion. The intrusion pattern may either be based on intrusion events, which are the effects of the intrusion or activities that provide a signature of the type of intrusion, or the intrusion pattern may be based on hardware topology that is affected by the intrusion. The intrusion pattern is graphically displayed with scripted responses, which in a preferred embodiment are presented in pop-up windows associated with each node in the intrusion pattern. Alternatively, the response to the intrusion may be automatic, based on a pre-determined percentage of common features in the intrusion pattern of the known past intrusion and the current intrusion.

公开(公告)号：AU2003285563A8

公开(公告)日：2004-06-23

申请号：AU2003285563

申请日：2003-11-28

Applicant: IBM

Inventor： HSU ALLAN ,  GARRISON JOHN MICHAEL ,  GILFIX MICHAEL ,  STADING TYRON JERROD ,  BAFFES PAUL THOMAS

IPC: G06F1/00 ,  G06F9/30 ,  G06F11/30 ,  G06F11/36 ,  G06F15/00 ,  G06F21/00 ,  H04L12/24 ,  H04L29/06

Abstract: A method and system for managing an intrusion on a computer by graphically representing an intrusion pattern of a known past intrusion, and then comparing the intrusion pattern of the known intrusion with a current intrusion. The intrusion pattern may either be based on intrusion events, which are the effects of the intrusion or activities that provide a signature of the type of intrusion, or the intrusion pattern may be based on hardware topology that is affected by the intrusion. The intrusion pattern is graphically displayed with scripted responses, which in a preferred embodiment are presented in pop-up windows associated with each node in the intrusion pattern. Alternatively, the response to the intrusion may be automatic, based on a pre-determined percentage of common features in the intrusion pattern of the known past intrusion and the current intrusion.