Jeffrey Scott Bardsley

7308714, Dec 11, 2007

Sep 27, 2001

09/966227

Jeffrey Scott Bardsley - Cary NC, US
Ashley Anderson Brock - Morrisville NC, US
Nathaniel Wook Kim - Raleigh NC, US
Charles Steven Lingafelt - Durham NC, US

International Business Machines Corporation - Armonk NY

G06F 21/00
G06F 7/04
G06F 15/173
G06F 11/00

726 23, 709223, 709224, 713155, 713168, 713188

An intrusion detection system is improved by altering its signatures and thresholds during a denial of service attack, in order to decrease the rate at which an intrusion detection sensor sends alerts to an intrusion detection server. A governor within the sensor is associated with each signature. The governor may include an alert log, a timer, an alert-generation-rate threshold, and rules that prescribe actions to be taken when the alert-generation-rate threshold is exceeded. The governor records the generation time of each alert by the sensor, and determines the rate at which the sensor is presently generating alerts. When the present alert-generation rate exceeds the alert-generation-rate threshold, the governor alters the associated signature threshold to decrease the alert generation rate of the intrusion detection sensor.

7370345, May 6, 2008

Mar 2, 2004

10/791560

Jeffrey S. Bardsley - Morrisville NC, US
Ashley A. Brock - Morrisville NC, US
Nathaniel W. Kim - Raleigh NC, US
John J. McKenna - Cary NC, US
Carlos F. Villegas - Morrisville NC, US

Lenovo Singapore Pte. Ltd - Singapore

G06F 17/30
G06F 17/00

726 3, 726 11, 726 30

A threat management domain controller is responsive to a computer-actionable threat management vector that includes a first computer-readable field that provides identification of at least one system type that is affected by a computer security threat, a second computer-readable field that provides identification of a release level for the system type and a third computer-readable field that provides identification of a set of possible countermeasures for a system type and release level. The threat management domain controller processes a threat management vector that is received for use by a domain of target computer systems, and transmits the threat management vector that has been processed to at least one of the target computer systems in the domain of target computer systems.

7386883, Jun 10, 2008

Jul 22, 2003

10/624158

Jeffrey S. Bardsley - Morrisville NC, US
Ashley A. Brock - Morrisville NC, US
Nathaniel W. Kim - Raleigh NC, US
John J. McKenna - Cary NC, US
Carlos F. Villegas - Morrisville NC, US

International Business Machines Corporation - Armonk NY

G06F 11/00

726 22, 705 51, 705 52, 705 53, 705 54, 713189, 713190, 713191, 717168, 717169, 717170

A countermeasure for a computer security threat to a computer system is administered by establishing a baseline identification of an operating or application system type and an operating or application system release level for the computer system that is compatible with a Threat Management Vector (TMV). A TMV is then received, including therein a first field that provides identification of at least one operating system type that is affected by a computer security threat, a second field that provides identification of an operating system release level for the operating system type, and a third field that provides identification of a set of possible countermeasures for an operating system type and an operating system release level. Countermeasures that are identified in the TMV are processed if the TMV identifies the operating system type and operating system release level for the computer system as being affected by the computer security threat. The received TMV may be mutated to a format for processing of the countermeasure.

7676543, Mar 9, 2010

Jun 27, 2005

11/170709

Richard Mark Horner - Cary NC, US
Jeffrey Scott Bardsley - Durham NC, US

Scenera Technologies, LLC - Portsmouth NH

G06F 15/16

709204, 709202, 715751

The present invention provides a computer-implemented method and system for associating presence information with a digital image. Aspects of the preferred embodiment include allowing an identifier associated with at least one object depicted in the image to be stored as image metadata; using the identifier to associate presence information with the at least one object; and performing an action related to the object using the associated presence information.

7730537, Jun 1, 2010

Aug 20, 2007

11/841214

Jeffrey Scott Bardsley - Cary NC, US
Ashley Anderson Brock - Morrisville NC, US
Nathaniel Wook Kim - Raleigh NC, US
Charles Steven Lingafelt - Durham NC, US

International Business Machines Corporation - Armonk NY

G06F 21/00
G06F 7/04
G06F 15/173
G06F 11/00

726 23, 709223, 709224, 713155, 713168, 713188

A method of operating an intrusion detection system. The system determines occurrence of a signature event indicative of a denial of service intrusion on a protected device. A value of a signature event counter is increased. The value of the signature event counter is adjusted to not include a count of signature events past a sliding window. The value of the signature event counter is determined to exceed a signature threshold quantity, followed by generation of an alert at a time subsequently recorded in a log. The log is cleared of entries past a permissible age. A present alert generation rate is determined as a ratio of the total number of timestamps in the log to the permissible age. The present alert generation rate is ascertained to exceed an alert generation rate threshold. A selected element of the signature set is altered to decrease the alert generation rate.

7818580, Oct 19, 2010

Aug 9, 2005

11/200762

Jeffrey Scott Bardsley - Durham NC, US
Nathaniel Wook Kim - Raleigh NC, US
Charles Steven Lingafelt - Durham NC, US
Allen Leonid Roginsky - Durham NC, US
Norman Clark Strole - Raleigh NC, US

International Business Machines Corporation - Armonk NY

G06F 21/00

713182, 713170, 713169, 713155, 708135, 726 2, 726 13

Method, system, and program product for port based authentication protocols where addresses are dynamically assigned within a network environment, and more particularly to port based authentication in the network environment, where connection information is captured and stored. This facilitates administrator access to information created as a result of protocol exchanges involved in dynamic address assignment, authentication, and connection.

7831707, Nov 9, 2010

Aug 2, 2006

11/497819

Jeffrey S. Bardsley - Durham NC, US

Scenera Technologies, LLC - Portsmouth NH

G06F 15/173
G06F 15/16

709224, 709206

Methods, systems, and computer program products for managing electronic subscriptions are disclosed. According to one aspect, a method includes monitoring, at an electronic subscription client, receipt of one or more subscription messages associated with an electronic subscription. Interaction with the electronic subscription client by a client may be monitored to determine a viewing frequency of the one or more received subscription messages. Further, a prompt with a control configured for unsubscribing the user from receiving a future subscription message associated with the electronic subscription may be presented based on the determined viewing frequency.

7845004, Nov 30, 2010

Jul 27, 2001

09/917368

Jeffrey Scott Bardsley - Cary NC, US
Ashley Anderson Brock - Morrisville NC, US
Nathaniel Wook Kim - Raleigh NC, US
Charles Steven Lingafelt - Durham NC, US

International Business Machines Corporation - Armonk NY

G08B 23/00

726 22

A method for determining the entry point of an attack by a vandal such as a hacker upon a device such as a computer or a server such as a web server that operates under the protection of an intrusion detection system. Intrusion detection information regarding the attack and network information regarding the attack are correlated, and the entry point of the attack thereby deduced. In one embodiment, a source address of a message representative of the attack is found in a router table of a router that provides a connection supporting the attack. Logical ports of the connection are determined, and the corresponding physical ports found, thereby identifying the attack's entry point into the protected device.