US 7,565,690 B2
Intrusion detection
James M. Doherty, Georgetown, Tex. (US); Thomas Lee Adams, Austin, Tex. (US); and Stephen Mark Mueller, Austin, Tex. (US)
Assigned to AT&T Intellectual Property I, L.P., Reno, Nev. (US)
Filed on Oct. 17, 2003, as Appl. No. 10/605,689.
Application 10/605689 is a continuation in part of application No. 10/634117, filed on Aug. 04, 2003.
Prior Publication US 2005/0033984 A1, Feb. 10, 2005
Int. Cl. G06F 7/04 (2006.01); H04L 9/00 (2006.01)
U.S. Cl. 726—22  [713/150] 23 Claims
OG exemplary drawing
 
1. A method of detecting intrusion in a host via a monitoring daemon operating in conjunction with a configuration file defining data entities to be monitored, the method comprising:
monitoring data entities by comparing a locally stored copy of a digital signature associated with each data entity against a corresponding digital signature stored in a first remote database; and
upon identifying a mismatch in compared digital signatures, issuing an instruction to record an entry in a log file located in a second remote database, said entry identifying a possible intrusion in a host, and issuing a command to an operating system of said host to bring said host to a single user state, wherein the command limits access to a single user and the access is physical to an interface of the host.