Kevin T Mcclain

US Patent:

7039954, May 2, 2006

Filed:

May 4, 2001

Appl. No.:

09/849697

Inventors:

Charles Steven Lingafelt - Durham NC, US
Kevin Thomas McClain - Durham NC, US
Carlos Fernando Villegas - Bullock NC, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 11/30
G06F 12/14
H04L 9/00
H04L 9/32

US Classification:

726 23, 726 14

Abstract:

A defense against spoofing vandals is provided, where the defense enlists the network-addressable device whose identity is used by the vandal. A network-addressable device checks incoming messages for communication protocol violations that indicate that a spoofer is using the identity of the network-addressable device. When such a protocol violation is detected, the network-addressable device records attributes of the incoming message in a spoofing logbook database. Further, the network-addressable device increments a counter associated with the identity of the spoofer's target. The value of the counter is compared with a predetermined threshold, in order to determine if the supposed spoofing is an isolated incident or part of a persistent attack. When the value of the counter exceeds the threshold, the network-addressable device constructs a spoofing alert, and sends the spoofing alert to a network administrator. The network-addressable device then rejects the message associated with the protocol violation.

US Patent:

7150043, Dec 12, 2006

Filed:

Dec 12, 2001

Appl. No.:

10/015377

Inventors:

Ashley Anderson Brock - Morrisville NC, US
Nathaniel Wook Kim - Raleigh NC, US
Kevin Thomas McClain - Durham NC, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 11/00
G06F 11/22
G06F 11/30
G06F 11/32
G06F 11/34
G06F 11/36
G06F 12/14
H04L 9/00
H04L 9/32
G06F 7/04
G06F 7/58
G06F 15/16
G06F 15/167
G06K 19/00

US Classification:

726 23, 726 21, 726 22, 726 25, 726 26, 726 6, 726 7, 713150, 713155, 713164, 713168, 709200, 709220, 709223, 709224, 709225, 709229

Abstract:

Performance of a pattern-matching intrusion detection system (IDS) is improved by ranking signatures in its signature table by likelihood of occurrence, so that the table may be searched efficiently. Occurrence data associated with signatures is kept, and the ranking adaptively revised according to updates of the data. When the IDS detects a system event, the signature table is searched. If the search does not find a signature matching the event, thereby suggesting that the event poses no threat, a null signature is added to the signature table in a strategic location to terminate future searches early. In one embodiment, null signatures may be stored in a cache. When a system event is detected, the cache is searched. If a match is not found, the signature table is searched. If a match is not found in the signature table, a null signature is cached.

US Patent:

7401149, Jul 15, 2008

Filed:

Feb 22, 2002

Appl. No.:

10/081552

Inventors:

Kevin Thomas McClain - Durham NC, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 15/173

US Classification:

709229, 709224

Abstract:

Temporary access is provided to enable a service provider to service a customer's system resource such as data processing or communication equipment. A prearranged but dormant user account for the service provider is automatically activated in response to a trigger event such as the opening of a trouble ticket. The account is automatically deactivated upon detecting a closure event associated with the trigger event, such as the closing of the trouble ticket, expiration of a predetermined time interval following detection of the trigger event, or occurrence of a predetermined time. This provides a timely yet secure way for a customer to allow a service provider access to system resources which requires neither a standing open account nor manual opening and closing of a user account for the service provider.

US Patent:

D341794, Oct 24, 1989

Filed:

Dec 18, 1986

Appl. No.:

6/943964

Inventors:

Larry G. Beaton - Garner NC
Kevin T. McClain - Durham NC
Jonathan J. Vitello - Raleigh NC
Timothy D. Wetzel - Durham NC
Roger C. Williams - Raleigh NC

Assignee:

International Business Machines Corporation - Armonk NY

US Classification:

D14113

US Patent:

20170061544, Mar 2, 2017

Filed:

Aug 28, 2015

Appl. No.:

14/839015

Inventors:

Kevin W. McClain - Central City IL, US

International Classification:

G06Q 40/08

Abstract:

Systems and methods include generating an investigative response to an incident so that investigators are alerted of the incident and information gathering of the incident is initiated with an investigator communications device. Embodiments of the present disclosure relate to generating an alert of an occurrence of an incident by an incident communications device positioned at a location of the incident. An investigator that receives the alert via an investigator communications device responds to the alert and arrives at the location of the incident to conduct an investigation. The investigator communications device records data of the incident and then generates an investigative report based on the recorded data. An investigative response center computing device monitors the investigation as well as searches social media sites for postings related to the incident. The computing device formalizes the report so that the report may be relied upon in a formal analysis of the incident.