公开(公告)号：US20070266435A1

公开(公告)日：2007-11-15

申请号：US11616615

申请日：2006-12-27

Applicant: Paul Williams ,  Eugene Spafford

Inventor： Paul Williams ,  Eugene Spafford

IPC: G06F12/14

CPC classification number: G06F21/54

Abstract: A computer system for intrusion detection includes a production processor and a security processor. The production processor is configured to execute one or more production processes. The security processor is dedicated to security functions and is configured to execute one or more security processes. The security process is configured to monitor the functions of the production processor and determine the occurrence of a security event. The security event may include any action performed by the production process that is considered to be threat to the security of the computer system. In some embodiments, the security process is associated with a particular production process and is configured to utilize information concerning the expected behavior of the production process while monitoring for security events.

Abstract translation: 用于入侵检测的计算机系统包括生产处理器和安全处理器。 生产处理器被配置为执行一个或多个生产过程。 安全处理器专用于安全功能，并被配置为执行一个或多个安全过程。 安全过程被配置为监视生产处理器的功能并确定安全事件的发生。 安全事件可以包括由生产过程执行的被认为对计算机系统的安全性构成威胁的任何动作。 在一些实施例中，安全过程与特定生产过程相关联，并且被配置为利用关于生产过程的预期行为的信息，同时监视安全事件。