Patents by Inventor Andreas Wespi
Andreas Wespi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 7953677Abstract: A computer implemented method and system for analysing a first set of data records where each data record comprises attribute values for one or more attributes, by expanding the first set of data records into a second set of data records by creating for at least one of the attributes of the first set of data records at least two redundant attributes with corresponding redundant attribute values, assigning different generalization rules to the at least two redundant attributes, and performing a generalization of the second set of data records by means of an attribute-oriented induction (AOI)-algorithm.Type: GrantFiled: December 19, 2007Date of Patent: May 31, 2011Assignee: International Business Machines CorporationInventors: Birgit Baum-Waidner, Klaus Julisch, Andreas Wespi
-
Patent number: 7568228Abstract: Described is apparatus for testing an intrusion detection system in a data processing system. The apparatus comprises an attack generator for generating attack traffic on a communications path in the data processing system. A collector receives responses generated by the intrusion detection system on receipt of the attack traffic. A controller coupled to the attack generator and the collector varies the attack traffic generated by the attack generator in dependence on the response received from the intrusion detection system by the collector.Type: GrantFiled: May 17, 2002Date of Patent: July 28, 2009Assignee: International Business Machines CorporationInventors: Alessandri Dominique, James F. Riordan, Andreas Wespi
-
Patent number: 7555777Abstract: A method and apparatus for facilitating reduction in successful attacks on a monitored data processing system, such as a host computer. An intrusion detection system comprises a host or application based sensor for detecting code based intrusions with a relatively low false-positive rate. Malicious code strings related to a detected intrusion are identified, extracted and forwarded to a pattern filter located in the monitored data processing system to prevent further intrusions using said malicious code strings. The malicious code strings may be forwarded to a response server for assembling sets of similar malicious code strings for which signatures are generated to permit identification of all malicious code strings contained in a set. The generated signatures are then distributed to monitored and/or monitoring systems of a protected network to prevent further intrusions using the malicious code strings and variations thereof.Type: GrantFiled: January 13, 2004Date of Patent: June 30, 2009Assignee: International Business Machines CorporationInventors: Morton D. Swimmer, Andreas Wespi, Diego M. Zamboni
-
Publication number: 20080222059Abstract: A computer implemented method and system for analysing a first set of data records where each data record comprises attribute values for one or more attributes, by expanding the first set of data records into a second set of data records by creating for at least one of the attributes of the first set of data records at least two redundant attributes with corresponding redundant attribute values, assigning different generalization rules to the at least two redundant attributes, and performing a generalization of the second set of data records by means of an attribute-oriented induction (AOI)-algorithm.Type: ApplicationFiled: December 19, 2007Publication date: September 11, 2008Applicant: International Business Machines CorporationInventors: Birgit Baum-Waidner, Klaus Julisch, Andreas Wespi
-
Patent number: 7308689Abstract: An event handler is provided that associates events from heterogeneous data sources. In a first phase, incoming events are translated to vectors of event attributes. Based on the data source, implicit information about the event and its attributes may be available. This information is used to normalize the information provided by the event. Normalization actions may include renaming the attributes, deriving new attributes from given attributes, and transforming attribute value ranges. In a second phase, a determination is made as to whether two or more events are considered to be associated based on the vectors. Different vectors of core attributes may be created in order to create associations with different semantics.Type: GrantFiled: December 18, 2002Date of Patent: December 11, 2007Assignee: International Business Machines CorporationInventors: Steven Black, Herve Debar, John Michael Garrison, Andreas Wespi
-
Patent number: 7039953Abstract: A method, computer program product, and apparatus for presenting data about security-related events that puts the data into a concise form is disclosed. Events are abstracted into a set data-type. Sets with common elements are grouped together, and summaries of the groups—“situations” are established from groups whose severity exceeds a threshold value. These groups and situations are then propagated up a hierarchical arrangement of systems and further aggregated so as to provide summary information over a larger group of systems. This hierarchical scheme allows for scalability of the event correlation process across larger networks of systems.Type: GrantFiled: August 30, 2001Date of Patent: May 2, 2006Assignee: International Business Machines CorporationInventors: Steven Black, Herve Debar, John Michael Garrison, Andreas Wespi
-
Publication number: 20040255163Abstract: A method and apparatus for facilitating reduction in successful attacks on a monitored data processing system, such as a host computer. An intrusion detection system comprises a host or application based sensor for detecting code based intrusions with a relatively low false-positive rate. Malicious code strings related to a detected intrusion are identified, extracted and forwarded to a pattern filter located in the monitored data processing system to prevent further intrusions using said malicious code strings. The malicious code strings may be forwarded to a response server for assembling sets of similar malicious code strings for which signatures are generated to permit identification of all malicious code strings contained in a set. The generated signatures are then distributed to monitored and/or monitoring systems of a protected network to prevent further intrusions using the malicious code strings and variations thereof.Type: ApplicationFiled: January 13, 2004Publication date: December 16, 2004Applicant: International Business Machines CorporationInventors: Morton D Swimmer, Andreas Wespi, Diego M. Zamboni
-
Publication number: 20040236747Abstract: Methods, apparatus and systems for controlling access to an object in a data processing system comprises: receiving a request to access the object from a task; classifying the access request into one of critical and non-critical classes in dependence on stored access control data associated with the object and the task; granting the task access to the object and storing data indicative of the access in an access log if the access is classified into the non-critical class; and in the event that the access is classified into the critical class, granting or denying the task access to the object in dependence on the contents of the access log and the stored access control data.Type: ApplicationFiled: March 3, 2004Publication date: November 25, 2004Inventors: Morton G. Swimmer, Michael Waidner, Andreas Wespi
-
Publication number: 20040123304Abstract: An event handler is provided that associates events from heterogeneous data sources. In a first phase, incoming events are translated to vectors of event attributes. Based on the data source, implicit information about the event and its attributes may be available. This information is used to normalize the information provided by the event. Normalization actions may include renaming the attributes, deriving new attributes from given attributes, and transforming attribute value ranges. In a second phase, a determination is made as to whether two or more events are considered to be associated based on the vectors. Different vectors of core attributes may be created in order to create associations with different semantics.Type: ApplicationFiled: December 18, 2002Publication date: June 24, 2004Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Steven Black, Herve Debar, John Michael Garrison, Andreas Wespi
-
Publication number: 20030046582Abstract: A method, computer program product, and apparatus for presenting data about security-related events that puts the data into a concise form is disclosed. Events are abstracted into a set data-type. Sets with common elements are grouped together, and summaries of the groups—“situations” are established from groups whose severity exceeds a threshold value. These groups and situations are then propagated up a hierarchical arrangement of systems and further aggregated so as to provide summary information over a larger group of systems. This hierarchical scheme allows for scalability of the event correlation process across larger networks of systems.Type: ApplicationFiled: August 30, 2001Publication date: March 6, 2003Applicant: International Business Machines CorporationInventors: Steven Black, Herve Debar, John Michael Garrison, Andreas Wespi
-
Publication number: 20020194469Abstract: Described is apparatus for testing an intrusion detection system in a data processing system. The apparatus comprises an attack generator for generating attack traffic on a communications path in the data processing system. A collector receives responses generated by the intrusion detection system on receipt of the attack traffic. A controller coupled to the attack generator and the collector varies the attack traffic generated by the attack generator in dependence on the response received from the intrusion detection system by the collector.Type: ApplicationFiled: May 17, 2002Publication date: December 19, 2002Applicant: International Business Machines CorporationInventors: Alessandri Dominique, James F. Riordan, Andreas Wespi