Method and system for reducing the volume of audit data and norm

Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer

Patent

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

G06F 1300

Patent

active

061346640

ABSTRACT:
A method of reducing the volume of native audit data from further analysis by a misuse and intrusion detection engine is disclosed. Typically, more than ninety percent of the volume of audit information received from heterogeneous operating systems does not need to be analyzed by a misuse and intrusion detection engine because this audit information can be filtered out as not posing a security threat. Advantageously, by reducing (eliminating) the volume of audit information, a misuse and intrusion engine can more quickly determine whether a security threat exists because the volume of data that the engine must consider is drastically reduced. Also, advantageously, the audit information that is forwarded to the engine is normalized to a standard format, thereby reducing the computational requirements of the engine. The method of reducing the volume of native audit data includes comparing each of the native audits against at least one template and against at least one native audit. By matching the native audits against templates of native audits that do not pose security threats, the native audits that do not pose security threats can be reduced out from further consideration. The native audits that are determined to pose potential security threats are transformed into a standardized format for further analysis by a misuse and intrusion detection engine.

REFERENCES:
patent: 5557742 (1996-09-01), Smaha et al.
patent: 5561795 (1996-10-01), Sarkar
patent: 5745753 (1998-04-01), Mosher, Jr.
patent: 5778076 (1998-07-01), Kara et al.
patent: 5987611 (1999-11-01), Freund
"DID (Distribution Intrusion Detection System)--Motivation, Architecture, and An Early Prototoype", S.R. Snapp, et al., Proc. 14th Nat'l Computer Security Conf., Washington, D.C. (Oct. 1991), pp. 167-176.
"An Intrusion-Detection Model", D. Denning, IEEE Transactions on Software Engineering, vol. SE-13, No. 2, Feb. 1987.

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Method and system for reducing the volume of audit data and norm does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Method and system for reducing the volume of audit data and norm, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for reducing the volume of audit data and norm will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-479636

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.