(12) United States Patent ao) Patent No.: Us 7,028,338 Bi
Norris et al. (45) Date of Patent: Apr. 11,2006
(54) SYSTEM, COMPUTER PROGRAM, AND
METHOD OF COOPERATIVE RESPONSE TO
THREAT TO DOMAIN SECURITY
(75) Inventors: James W. Norris, Kansas City, MO
(US); John Everson, Kansas City, MO
(US); Daniel LaMastres, Independence,
MO (US)
(73) Assignee: Sprint Spectrum L.P., Overland Park, KS (US)
( * ) Notice: Subject to any disclaimer, the term of this patent is extended or adjusted under 35 U.S.C. 154(b) by 850 days.
(21) Appl. No.: 10/023,558
(22) Filed: Dec. 18, 2001
(51) Int. CI.
G06F11/34 (2006.01)
(52) U.S. CI 726/23; 713/188; 726/3
(58) Field of Classification Search 713/188,
713/200, 201 See application file for complete search history.
(56) References Cited
U.S. PATENT DOCUMENTS 5,991,881 A * 11/1999 Conklin et al 713/201
A system, computer program, and method of providing an automatic cooperative response ability to all members of a domain in light of a detected threat or other suspicious activity, such as, for example, a virus or denial of service attack, directed, at least initially, at less than all members of the domain. The system broadly comprises the domain; a log server; a detection server; and a profile server. The domain comprises a logical grouping of members having similar risk profiles. The detection server monitors and parses log and audit records generated by the members and copied to the log server. When the detection server identifies threatening or other suspicious activity it sets an alert status in a security profile stored on the profile server. The members periodically query the profile server for updates to the alert status and are thereby apprised of the alert.
31 Claims, 4 Drawing Sheets
