Abstract: A system and method for utilizing data mining to generate a policy document or to revise theory within a policy document. A data base of unknown events is mined for application to the development of a system management policy document. The results of the data mining of the database of unknown events are automatically incorporated into a policy document, subject to user approval, to produce a new policy document or an updated version of an existing policy document.

Abstract: A method simplified drag and drop operations of display icons. This method calculates a projected path for an icon based on the past movement of the icon. The method highlights the “best fit” target icon as the mouse pointer moves across the screen. As the mouse pointer moves, or changes direction, the “best fit” target icon can change, with the current best-fit icon being highlighted. In addition to highlighting the target icon, a line or arrow from the mouse pointer to the target icon is maintained. The line presents the predicted path in a very noticeable, visual way. As the best-fit target icon changes, the line is re-drawn to point to the current best-fit icon. Regardless of how the target icon is visually indicated, releasing the mouse button will cause the drop operation to be completed “into” target. Completion of the drop could be instantaneous, or could be rendered with animation of some sort to indicate moving from the source to the target.

Abstract: A method and system for managing an intrusion on a computer by graphically representing an intrusion pattern of a known past intrusion, and then comparing the intrusion pattern of the known intrusion with a current intrusion. The intrusion pattern may either be based on intrusion events, which are the effects of the intrusion or activities that provide a signature of the type of intrusion, or the intrusion pattern may be based on hardware topology that is affected by the intrusion. The intrusion pattern is graphically displayed with scripted responses, which in a preferred embodiment are presented in pop-up windows associated with each node in the intrusion pattern. Alternatively, the response to the intrusion may be automatic, based on a pre-determined percentage of common features in the intrusion pattern of the known past intrusion and the current intrusion.

Abstract: A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.

Abstract: An apparatus and method for authenticating users on a data processing system is implemented. The present invention provides for aggregating authenticated identities and related authorization information. A security context created in response to a first user logon is saved in response to a second logon. A composite or aggregate security context is created based on the identity passed in the second logon. Access may then be granted (or denied) based on the current, aggregated security context. Upon logout of the user based on the second identity, the aggregate security context is destroyed, and the security context reverts to the context previously saved.

Abstract: A method, system, apparatus, or computer program product is presented for morphing a honeypot system on a dynamic and configurable basis. The morphing honeypot emulates a variety of services while falsely presenting information about potential vulnerabilities within the system that supports the honeypot. The morphing honeypot has the ability to dynamically change its personality or displayed characteristics using a variety of algorithms and a database of known operating system and service vulnerabilities. The morphing honeypot's personality can be changed on a timed or scheduled basis, on the basis of activity that is generated by the presented honeypot personality, or on some other basis. The morphing honeypot can also be integrated with intrusion detection systems and other types of computer security incident recognition systems to correlate its personality with detected nefarious activities.

Abstract: A method, system, apparatus, or computer program product is presented for morphing a honeypot system on a dynamic and configurable basis. The morphing honeypot emulates a variety of services while falsely presenting information about potential vulnerabilities within the system that supports the honeypot. The morphing honeypot has the ability to dynamically change its personality or displayed characteristics using a variety of algorithms and a database of known operating system and service vulnerabilities. The morphing honeypot's personality can be changed on a timed or scheduled basis, on the basis of activity that is generated by the presented honeypot personality, or on some other basis.

Abstract: A method, computer program product, and apparatus for presenting data about security-related events that puts the data into a concise form is disclosed. Events are abstracted into a set data-type. Sets with common elements are grouped together, and summaries of the groups—“situations”—are presented to a user or administrator.

Abstract: A system and method for developing network policy document and assuring up-to-date monitoring and automated refinement and classification of the network policy. The system administrator defines an initial policy document that is provided as the initial symbolic classifier. The classification rules remain in human readable form throughout the process. Network system data is fed through the classifier, which labels the data according to whether a policy constraint is violated. The labels are tagged to the data. The user then reviews the labels to determine whether the classification is satisfactory. If the classification of the data is satisfactory, the label is unaltered; However, if the classification is not satisfactory, the data is re-labeled. The re-labeled data is then introduced into a refinement algorithm, which determines what policy must be modified to correct classification of network events in accordance with the re-labeling.

Abstract: A method and system for handling a malicious intrusion to a machine in a networked group of computers. The malicious intrusion is an unauthorized access to the machine, such as a server in a server farm. When the intrusion is detected, the machine is isolated from the rest of the server farm, and the machine is reprovisioned as a decoy system having access to only data that is ersatz or at least non-sensitive. If the intrusion is determined to be non-malicious, then the machine is functionally reconnected to the server farm, and the machine is reprovisioned to a state held before the reprovisioning of the machine as a decoy machine.

Abstract: A method simplified drag and drop operations of display icons. This method calculates a projected path for an icon based on the past movement of the icon. The method highlights the “best fit” target icon as the mouse pointer moves across the screen. As the mouse pointer moves, or changes direction, the “best fit” target icon can change, with the current best-fit icon being highlighted. In addition to highlighting the target icon, a line or arrow from the mouse pointer to the target icon is maintained. The line presents the predicted path in a very noticeable, visual way. As the best-fit target icon changes, the line is re-drawn to point to the current best-fit icon. Regardless of how the target icon is visually indicated, releasing the mouse button will cause the drop operation to be completed “into” target. Completion of the drop could be instantaneous, or could be rendered with animation of some sort to indicate moving from the source to the target.

Abstract: Illustrative embodiments provide a computer implemented method, apparatus, and computer program product for more effectively managing multiple call situations using voice over internet protocol. In one illustrative embodiment, the computer implemented method comprising, responsive to receiving a request to monitor a call from among multiple simultaneous calls using voice over internet protocol, creating a set of trigger criteria for the call and monitoring the call for the set of trigger criteria. Responsive to one of the set of trigger criteria having been met, identifying a triggered criteria and selectively invoking a rule with respect to the triggered criteria to produce a result, and notifying a requester of the result.

Abstract: A computer implemented method, apparatus, and computer usable program product for implementing wildcard patterns for a spellchecking operation. The process parses a set of words of a document using a dictionary of wildcard patterns to identify a set of wildcard strings in response to receiving a request to perform a spellchecking operation on the document. Thereafter, the process generates a visual cue identifying a subset of words as potentially misspelled, wherein the subset of words comprises words from the set of words that are absent from the set of wildcard strings.

Abstract: A computer implemented method, data processing system, and a computer program product are provided for resolving uniform resource locator addresses. A first uniform resource locator address is input from a user. The first uniform resource locator address is identified within a database list of uniform resource locator addresses. Each of the list of uniform resource locator addresses corresponds to a second uniform resource locator address contained in the database. Responsive to identifying the first uniform resource locator address with the list of uniform resource locator addresses, information for the corresponding second uniform resource locator address is displayed.

Abstract: A computer implemented method, apparatus, and computer program product for transferring a file item. The process selects a file item in response to receiving a first input command. The process selects a file item in response to receiving a first input command. The process then identifies a file path name from a hierarchical file path to form a selected file path name. The file path name is identified by detecting a pointer passing over the file path name. In response to receiving a second input command, the process transfers the file item to a storage location associated with the selected file path name.

Abstract: A method, system, apparatus, or computer program product is presented for morphing a honeypot system on a dynamic and configurable basis. The morphing honeypot emulates a variety of services while falsely presenting information about potential vulnerabilities within the system that supports the honeypot. The morphing honeypot has the ability to dynamically change its personality or displayed characteristics using a variety of algorithms and a database of known operating system and service vulnerabilities. The morphing honeypot's personality can be changed on a timed or scheduled basis, on the basis of activity that is generated by the presented honeypot personality, or on some other basis. The morphing honeypot can also be integrated with intrusion detection systems and other types of computer security incident recognition systems to correlate its personality with detected nefarious activities.

Abstract: A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.

Abstract: A method, system, apparatus, or computer program product is presented for morphing a honeypot system on a dynamic and configurable basis. The morphing honeypot emulates a variety of services while falsely presenting information about potential vulnerabilities within the system that supports the honeypot. The morphing honeypot has the ability to dynamically change its personality or displayed characteristics using a variety of algorithms and a database of known operating system and service vulnerabilities. The morphing honeypot's personality can be changed on a timed or scheduled basis, on the basis of activity that is generated by the presented honeypot personality, or on some other basis. The morphing honeypot can also be integrated with intrusion detection systems and other types of computer security incident recognition systems to correlate its personality with detected nefarious activities.

Abstract: A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.

Abstract: A method, system, apparatus, or computer program product is presented for morphing a honeypot system on a dynamic and configurable basis. The morphing honeypot emulates a variety of services while falsely presenting information about potential vulnerabilities within the system that supports the honeypot. The morphing honeypot has the ability to dynamically change its personality or displayed characteristics using a variety of algorithms and a database of known operating system and service vulnerabilities. The morphing honeypot's personality can be changed on a timed or scheduled basis, on the basis of activity that is generated by the presented honeypot personality, or on some other basis.