Abstract: The present invention provides a computer-implemented method and system for associating presence information with a digital image. Aspects of the preferred embodiment include allowing an identifier associated with at least one object depicted in the image to be stored as image metadata; using the identifier to associate presence information with the at least one object; and performing an action related to the object using the associated presence information.

Abstract: Methods, systems, and computer program products for determining availability of presentable content via a subscription service are disclosed. According to one aspect, a method includes receiving a selection of first presentable content associated with a first subscription service. Metadata associated with the selected first presentable content is received. Based on the received metadata, it is determined whether second presentable content corresponding to the first presentable content is available from a second subscription service. Further, it is indicated whether the second presentable content is available for presentation via the second subscription service.

Abstract: The subject matter described herein includes methods, systems, and computer program products for automatically identifying and validating the source of a malware infection of a computer system. According to one method, an indication of detection of malware on a computer system is received. At least one data transfer operation performed prior to a time associated with the indication is repeated. Results of the at least one data transfer operation are monitored for identifying a data transfer operation associated with the malware detection. In response to identifying a data transfer operation associate with the malware detection, an action is taken based on the identified data transfer operation.

Abstract: An intrusion detection system is improved by altering its signatures and thresholds during a denial of service attack, in order to decrease the rate at which an intrusion detection sensor sends alerts to an intrusion detection server. A governor within the sensor is associated with each signature. The governor may include an alert log, a timer, an alert-generation-rate threshold, and rules that prescribe actions to be taken when the alert-generation-rate threshold is exceeded. The governor records the generation time of each alert by the sensor, and determines the rate at which the sensor is presently generating alerts. When the present alert-generation rate exceeds the alert-generation-rate threshold, the governor alters the associated signature threshold to decrease the alert generation rate of the intrusion detection sensor.

Abstract: An intrusion detection system is improved by altering its signatures and thresholds during a denial of service attack, in order to decrease the rate at which an intrusion detection sensor sends alerts to an intrusion detection server. A governor within the sensor is associated with each signature. The governor may include an alert log, a timer, an alert-generation-rate threshold, and rules that prescribe actions to be taken when the alert-generation-rate threshold is exceeded. The governor records the generation time of each alert by the sensor, and determines the rate at which the sensor is presently generating alerts. When the present alert-generation rate exceeds the alert-generation-rate threshold, the governor alters the associated signature threshold to decrease the alert generation rate of the intrusion detection sensor.

Abstract: A method for determining the entry point of an attack by a vandal such as a hacker upon a device such as a computer or a server such as a web server that operates under the protection of an intrusion detection system. Intrusion detection information regarding the attack and network information regarding the attack are correlated, and the entry point of the attack thereby deduced. In one embodiment, a source address of a message representative of the attack is found in a router table of a router that provides a connection supporting the attack. Logical ports of the connection are determined, and the corresponding physical ports found, thereby identifying the attack's entry point into the protected device.