Patent · US Expired

Multi-platform sequence-based anomaly detection wrapper

US6735703B1 · kind B1 · utility

111Cited by

3References

12Claims

0Family size

Assignee

Networks Associates Technology, Inc. · US

Inventors

Douglas Kilpatrick · Seattle, US
Mark Lee Badger · Rockville, US
Calvin Ko · San Jose, US

Key dates

Filing date	May 8, 2000
Grant date	May 11, 2004
Priority date	—
Expiry date	May 8, 2020

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/554
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A real-time sequence-based anomaly detection system is disclosed. In a preferred embodiment, the intrusion detection system is incorporated as part of a software wrapper. Event abstraction in the software wrapper enables the intrusion detection system to apply generically across various computing platforms. Real-time anomaly detection is enabled through the definition of a distance matrix that defines allowable separation distances between pairs of system calls. The distance matrix indirectly specifies known sequences of system calls and can be used to determine whether a sequence of system calls in an event window represents an anomaly. Anomalies that are detected are further analyzed through levenshtein distance calculations that also rely on the contents of the distance matrix.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.