Electrical computers and digital processing systems: multicomput – Computer network managing – Computer network monitoring
Reexamination Certificate
2008-05-27
2008-05-27
Najjar, Saleh (Department: 2155)
Electrical computers and digital processing systems: multicomput
Computer network managing
Computer network monitoring
Reexamination Certificate
active
07379993
ABSTRACT:
This invention uses Bayesian techniques to prioritize alerts or alert groups generated by intrusion detection systems and other information security devices, such as network analyzers, network monitors, firewalls, antivirus software, authentication services, host and application security services, etc. In a preferred embodiment, alerts are examined for the presence of one or more relevant features, such as the type of an attack, the target of an attack, the outcome of an attack, etc. At least a subset of the features is then provided to a real-time Bayes network, which assigns relevance scores to the received alerts or alert groups. In another embodiment, a network manager (a person) can disagree with the relevance score assigned by the Bayes network, and give an alert or alert group a different relevance score. The Bayes network is then modified so that similar future alerts or alert groups will be assigned a relevance score that more closely matches the score given by the network manager.
REFERENCES:
patent: 5539659 (1996-07-01), McKee et al.
patent: 6119236 (2000-09-01), Shipley
patent: 6370648 (2002-04-01), Diep
patent: 6442694 (2002-08-01), Bergman et al.
patent: 6529954 (2003-03-01), Cookmeyer et al.
patent: 6535227 (2003-03-01), Fox et al.
patent: 6714967 (2004-03-01), Horvitz
patent: 6971028 (2005-11-01), Lyle et al.
patent: 2002/0019870 (2002-02-01), Chirashnya et al.
patent: 2002/0143759 (2002-10-01), Yu
patent: 2003/0065926 (2003-04-01), Schultz et al.
Anderson, Debra et al. “Next-generation Intrusion Detection Expert System (NIDES) Software Users Manual”, Dec. 1994.
DuMouchel, William. “Computer Intrusion Detection Based on Bayes Factors for Comparing Command Transition Probabilities”, Feb. 1999.
Frank, Jeremy. “Artificial Intelligence and Intrusion Detection: Current and Future Directions,” Jun. 1994.
U.S. Appl. No. 60/308,622.
U.S. Appl. No. 60/308,623.
Valdes, et al., “Adaptive, Model-based Monitoring for Cyber Attack Detection,” Proceedings of Recent Advances in Intrusion Detection 2000 (Raid 2000), H. Debar, L. Me, F. Wu (Eds), Toulouse, France, Springer-Verlang LNCS vol. 1907, pp. 80-92, Oct. 2000.
Valdes, A., “Blue Sensors, Sensor Correlation, and Alert Fusion,” http://www.raid-symposium.org/raid2000/Materials/Abstracts/41/avaldes—raidB.pdf, Oct. 4, 2000.
Fong Martin Wayne
Porras Phillip Andrew
Valdes Alfonso De Jesus
Bruckart Benjamin R.
Najjar Saleh
SRI - International
LandOfFree
Prioritizing Bayes network alerts does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Prioritizing Bayes network alerts, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Prioritizing Bayes network alerts will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2764867