Abstract: Kernel-based intrusion detection using Bloom filters is disclosed. In one of many possible embodiments for detecting an intrusion attack, a Bloom filter is provided and used to generate a Bloom filter data object. The Bloom filter data object contains data representative of expected system-call behavior associated with a computer program. The Bloom filter data object is embedded in an operating system (“OS”) kernel upon an invocation of the computer program. Actual system-call behavior is compared with the data in the Bloom filter data object.

Abstract: Kernel-based intrusion detection using Bloom filters is disclosed. In one of many possible embodiments for detecting an intrusion attack, a Bloom filter is provided and used to generate a Bloom filter data object. The Bloom filter data object contains data representative of expected system-call behavior associated with a computer program. The Bloom filter data object is embedded in an operating system (“OS”) kernel upon an invocation of the computer program. Actual system-call behavior is compared with the data in the Bloom filter data object.

Abstract: Systems and methods are disclosed for classifying packets with a rule. In one exemplary embodiment, the method includes receiving a packet; determining a key value for the received packet; identifying a rule corresponding to the determined key value by searching a set of rules, the set of rules being decorrelated such that there is no overlap in any key values corresponding to the decorrelated set of rules.

Abstract: Systems and methods are provided for controlling the right to use an item. A user seeking the use of the item may communicate to a server a code identifying a security object and any other information requested by the server. The server may use the code to retrieve a key associated with the security object. The server may execute a cryptographic algorithm on at least the key and a time-dependent input to generate a one-time password, which the server may report to the user. The one-time password may be used to successfully gain access to the security object item only once within a predetermined period of time. The security object, which is disconnected from the server, may receive from the user the one-time password and execute a cryptographic algorithm on a locally-retrieved key and a time-dependent input to generate another one-time password. If the one-time passwords match, the user may be granted access to the item.