Behavior-based host-based intrusion prevention system

Abstract

A method of protecting a system from attack that includes monitoring processes running on a system, identifying behavior of the processes and attributes of the processes, grouping the processes into process sets based on commonality of attributes, and generating behavior control descriptions for each process set.

Description

[0001] 1. Field of the Invention

[0002] The present invention relates to host-based protection, and more particularly, to host-based protection that prevents attacks based on application behavior.

[0003] 2. Related Art

[0004] There is a growing awareness that existing security infrastructure that guards the perimeter (e.g., firewalls) or uses signatures (e.g., anti-virus and intrusion detection) is no longer adequate protection against new and unknown attacks or hostile insiders. With the advent of the Internet and organizational mandates to open internal systems to customers, suppliers and partners, the concept of a perimeter has changed forever. Because of these mandates and the inability of perimeter security to protect applications and servers, critical computing resources are exposed to severe and frequent damage.

[0005] When a new attack appears (and all attacks are new and unknown at first) it slips past existing defenses (firewall, intrusion detection, and anti-virus software) a...

Images