Patents by Inventor Andrew Honig

Andrew Honig has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20190215328
    Abstract: A system and methods for detecting intrusions in the operation of a computer system comprises a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record t, and to transmit the data. A database is configured to receive the data record from the sensor and to store the data record. A detection model generator is configured to request training data from data record, generate an intrusion detection model based on said training data, and to transmit the intrusion detection model to the data warehouse according to the predetermined data format. A detector is configured to receive a data record from the sensor and to determine whether said data record corresponds to an attack based on said intrusion detection model.
    Type: Application
    Filed: March 19, 2019
    Publication date: July 11, 2019
    Applicant: THE TRUSTEES OF COLUMBIA UNIVERSITY IN THE CITY OF NEW YORK
    Inventors: Andrew Honig, Andrew Howard, Eleazar Eskin, Salvatore J. Stolfo
  • Publication number: 20170034187
    Abstract: A system and methods for detecting intrusions in the operation of a computer system comprises a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record having a predetermined format, and to transmit the data in the predetermined data format. A data warehouse is configured to receive the data record from the sensor in the predetermined data format and to store the data in a SQL database. A detection model generator is configured to request data records from the data warehouse in the predetermined data format, to generate an intrusion detection model based on said data records, and to transmit the intrusion detection model to the data warehouse according to the predetermined data format. A detector is configured to receive a data record in the predetermined data format from the sensor and to classify the data record in real-time as one of normal operation and an attack based on said intrusion detection model.
    Type: Application
    Filed: October 12, 2016
    Publication date: February 2, 2017
    Inventors: Andrew Honig, Andrew Howard, Eleazar Eskin, Salvatore J. Stolfo
  • Patent number: 9497203
    Abstract: A system and methods for detecting intrusions in the operation of a computer system comprises a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record having a predetermined format, and to transmit the data in the predetermined data format. A data warehouse is configured to receive the data record from the sensor in the predetermined data format and to store the data in a SQL database. A detection model generator is configured to request data records from the data warehouse in the predetermined data format, to generate an intrusion detection model based on said data records, and to transmit the intrusion detection model to the data warehouse according to the predetermined data format. A detector is configured to receive a data record in the predetermined data format from the sensor and to classify the data record in real-time as one of normal operation and an attack based on said intrusion detection model.
    Type: Grant
    Filed: October 8, 2014
    Date of Patent: November 15, 2016
    Assignee: THE TRUSTEES OF COLUMBIA UNIVERSITY IN THE CITY OF NEW YORK
    Inventors: Andrew Honig, Andrew Howard, Eleazar Eskin, Salvatore J. Stolfo
  • Publication number: 20150058994
    Abstract: A system and methods for detecting intrusions in the operation of a computer system comprises a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record having a predetermined format, and to transmit the data in the predetermined data format. A data warehouse is configured to receive the data record from the sensor in the predetermined data format and to store the data in a SQL database. A detection model generator is configured to request data records from the data warehouse in the predetermined data format, to generate an intrusion detection model based on said data records, and to transmit the intrusion detection model to the data warehouse according to the predetermined data format. A detector is configured to receive a data record in the predetermined data format from the sensor and to classify the data record in real-time as one of normal operation and an attack based on said intrusion detection model.
    Type: Application
    Filed: October 8, 2014
    Publication date: February 26, 2015
    Inventors: Andrew Honig, Andrew Howard, Eleazar Eskin, Salvatore J. Stolfo
  • Patent number: 8893273
    Abstract: A system and methods for detecting intrusions in the operation of a computer system comprises a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record having a predetermined format, and to transmit the data in the predetermined data format. A data warehouse is configured to receive the data record from the sensor in the predetermined data format and to store the data in a SQL database. A detection model generator is configured to request data records from the data warehouse in the predetermined data format, to generate an intrusion detection model based on said data records, and to transmit the intrusion detection model to the data warehouse according to the predetermined data format. A detector is configured to receive a data record in the predetermined data format from the sensor and to classify the data record in real-time as one of normal operation and an attack based on said intrusion detection model.
    Type: Grant
    Filed: May 25, 2007
    Date of Patent: November 18, 2014
    Assignee: The Trustees of Columbia University in the City of New York
    Inventors: Andrew Honig, Andrew Howard, Eleazar Eskin, Salvatore J. Stolfo
  • Patent number: 8887281
    Abstract: A system and methods for detecting intrusions in the operation of a computer system comprising a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record, and to transmit the data record. A database is configured to receive the data record from the sensor and to store the data record. A detection model generator is configured to request data records from the database, to generate an intrusion detection model, and to transmit the intrusion detection model to the database. A detector is configured to receive a data record from the sensor and to classify the data record in real-time as one of normal operation and an attack. A data analysis engine is configured to request data records from the database and to perform a data processing function on the data records.
    Type: Grant
    Filed: September 10, 2012
    Date of Patent: November 11, 2014
    Assignee: The Trustees of Columbia University in The City of New York
    Inventors: Andrew Honig, Andrew Howard, Eleazar Eskin, Salvatore J. Stolfo
  • Publication number: 20130031633
    Abstract: A system and methods for detecting intrusions in the operation of a computer system comprises a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record having a predetermined format, and to transmit the data in the predetermined data format. A data warehouse is configured to receive the data record from the sensor in the predetermined data format and to store the data in a SQL database. A detection model generator is configured to request data records from the data warehouse in the predetermined data format, to generate an intrusion detection model based on said data records, and to transmit the intrusion detection model to the data warehouse according to the predetermined data format. A detector is configured to receive a data record in the predetermined data format from the sensor and to classify the data record in real-time as one of normal operation and an attack based on said intrusion detection model.
    Type: Application
    Filed: September 10, 2012
    Publication date: January 31, 2013
    Inventors: Andrew Honig, Andrew Howard, Eleazar Eskin, Salvatore J. Stolfo
  • Patent number: 7913306
    Abstract: A method for detecting intrusions in the operation of a computer system is disclosed which comprises gathering features from records of normal processes that access the files system of the computer, such as the Windows registry, and generating a probabilistic model of normal computer system usage based on occurrences of said features. The features of a record of a process that accesses the Windows registry are analyzed to determine whether said access to the Windows registry is an anomaly. A system is disclosed, comprising a registry auditing module configured to gather records regarding processes that access the Windows registry; a model generator configured to generate a probabilistic model of normal computer system usage based on records of a plurality of processes that access the Windows registry and that are indicative of normal computer system usage; and a model comparator configured to determine whether the access of the Windows registry is an anomaly.
    Type: Grant
    Filed: May 21, 2008
    Date of Patent: March 22, 2011
    Assignee: The Trustees of Columbia University in the City of New York
    Inventors: Frank Apap, Andrew Honig, Hershkop Shlomo, Eleazar Eskin, Salvatore J. Stolfo
  • Publication number: 20090083855
    Abstract: A method for detecting intrusions in the operation of a computer system is disclosed which comprises gathering features from records of normal processes that access the files system of the computer, such as the Windows registry, and generating a probabilistic model of normal computer system usage based on occurrences of said features. The features of a record of a process that accesses the Windows registry are analyzed to determine whether said access to the Windows registry is an anomaly. A system is disclosed, comprising a registry auditing module configured to gather records regarding processes that access the Windows registry; a model generator configured to generate a probabilistic model of normal computer system usage based on records of a plurality of processes that access the Windows registry and that are indicative of normal computer system usage; and a model comparator configured to determine whether the access of the Windows registry is an anomaly.
    Type: Application
    Filed: May 21, 2008
    Publication date: March 26, 2009
    Inventors: Frank Apap, Andrew Honig, Hershkop Shlomo, Eleazar Eskin, Salvatore J. Stolfo
  • Patent number: 7448084
    Abstract: A method for detecting intrusions in the operation of a computer system is disclosed which comprises gathering features from records of normal processes that access the files system of the computer, such as the Windows registry, and generating a probabilistic model of normal computer system usage based on occurrences of said features. The features of a record of a process that accesses the Windows registry are analyzed to determine whether said access to the Windows registry is an anomaly. A system is disclosed, comprising a registry auditing module configured to gather records regarding processes that access the Windows registry; a model generator configured to generate a probabilistic model of normal computer system usage based on records of a plurality of processes that access the Windows registry and that are indicative of normal computer system usage; and a model comparator configured to determine whether the access of the Windows registry is an anomaly.
    Type: Grant
    Filed: January 27, 2003
    Date of Patent: November 4, 2008
    Assignee: The Trustees of Columbia University in the City of New York
    Inventors: Frank Apap, Andrew Honig, Hershkop Shlomo, Eleazar Eskin, Salvatore J. Stolfo
  • Publication number: 20070239999
    Abstract: A system and methods for detecting intrusions in the operation of a computer system comprises a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record having a predetermined format, and to transmit the data in the predetermined data format. A data warehouse is configured to receive the data record from the sensor in the predetermined data format and to store the data in a SQL database. A detection model generator is configured to request data records from the data warehouse in the predetermined data format, to generate an intrusion detection model based on said data records, and to transmit the intrusion detection model to the data warehouse according to the predetermined data format. A detector is configured to receive a data record in the predetermined data format from the sensor and to classify the data record in real-time as one of normal operation and an attack based on said intrusion detection model.
    Type: Application
    Filed: May 25, 2007
    Publication date: October 11, 2007
    Inventors: Andrew Honig, Andrew Howard, Eleazar Eskin, Salvatore Stolfo
  • Patent number: 7225343
    Abstract: A system and methods for detecting intrusions in the operation of a computer system comprises a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record having a predetermined format, and to transmit the data in the predetermined data format. A data warehouse is configured to receive the data record from the sensor in the predetermined data format and to store the data in a database. A detection model generator is configured to request data records from the data warehouse in the predetermined data format, to generate an intrusion detection model based on said data records, and to transmit the intrusion detection model to the data warehouse according to the predetermined data format. A detector is configured to receive a data record in the predetermined data format from the sensor and to classify the data record in real-time as one of normal operation and an attack based on said intrusion detection model.
    Type: Grant
    Filed: January 27, 2003
    Date of Patent: May 29, 2007
    Assignee: The Trustees of Columbia University in the City of New York
    Inventors: Andrew Honig, Andrew Howard, Eleazar Eskin, Salvatore J. Stolfo