Prioritizing Bayes network alerts

Electrical computers and digital processing systems: multicomput – Computer network managing – Computer network monitoring

Reexamination Certificate

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

Reexamination Certificate

active

09952080

ABSTRACT:
This invention uses Bayesian techniques to prioritize alerts or alert groups generated by intrusion detection systems and other information security devices, such as network analyzers, network monitors, firewalls, antivirus software, authentication services, host and application security services, etc. In a preferred embodiment, alerts are examined for the presence of one or more relevant features, such as the type of an attack, the target of an attack, the outcome of an attack, etc. At least a subset of the features is then provided to a real-time Bayes network, which assigns relevance scores to the received alerts or alert groups. In another embodiment, a network manager (a person) can disagree with the relevance score assigned by the Bayes network, and give an alert or alert group a different relevance score. The Bayes network is then modified so that similar future alerts or alert groups will be assigned a relevance score that more closely matches the score given by the network manager.

REFERENCES:
patent: 5539659 (1996-07-01), McKee et al.
patent: 6119236 (2000-09-01), Shipley
patent: 6370648 (2002-04-01), Diep
patent: 6442694 (2002-08-01), Bergman et al.
patent: 6529954 (2003-03-01), Cookmeyer et al.
patent: 6535227 (2003-03-01), Fox et al.
patent: 6714967 (2004-03-01), Horvitz
patent: 6971028 (2005-11-01), Lyle et al.
patent: 2002/0019870 (2002-02-01), Chirashnya et al.
patent: 2002/0143759 (2002-10-01), Yu
patent: 2003/0065926 (2003-04-01), Schultz et al.
Anderson, Debra et al. “Next-generation Intrusion Detection Expert System (NIDES) Software Users Manual”, Dec. 1994.
DuMouchel, William. “Computer Intrusion Detection Based on Bayes Factors for Comparing Command Transition Probabilities”, Feb. 1999.
Frank, Jeremy. “Artificial Intelligence and Intrusion Detection: Current and Future Directions,” Jun. 1994.
U.S. Appl. No. 60/308,622.
U.S. Appl. No. 60/308,623.
Valdes, et al., “Adaptive, Model-based Monitoring for Cyber Attack Detection,” Proceedings of Recent Advances in Intrusion Detection 2000 (Raid 2000), H. Debar, L. Me, F. Wu (Eds), Toulouse, France, Springer-Verlang LNCS vol. 1907, pp. 80-92, Oct. 2000.
Valdes, A., “Blue Sensors, Sensor Correlation, and Alert Fusion,” http://www.raid-symposium.org/raid2000/Materials/Abstracts/41/avaldes—raidB.pdf, Oct. 4, 2000.

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Prioritizing Bayes network alerts does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Prioritizing Bayes network alerts, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Prioritizing Bayes network alerts will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-3921288

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.