×

Rule based alerting in anomaly detection

  • US 10,284,571 B2
  • Filed: 06/28/2004
  • Issued: 05/07/2019
  • Est. Priority Date: 06/28/2004
  • Status: Active Grant
First Claim
Patent Images

1. A method for detecting an intrusion event in a network, the method comprising:

  • receiving a threshold value for a monitored network parameter, wherein the threshold value is received from a user via a user interface (UI) associated with a computer, and wherein the threshold value corresponds to an alert severity level;

    receiving a threshold type for the monitored network parameter, wherein the threshold type is received from the user via the UI, and wherein the threshold type specifies either a lower limit or an upper limit for the threshold value;

    receiving a time duration for the monitored network parameter, wherein the time duration is received from the user via the UI;

    constructing, by the computer, a rule for detecting a network intrusion event based on the threshold value, the threshold type, and the time duration;

    compiling the constructed rule for execution; and

    executing the constructed rule, wherein said executing the constructed rule comprises;

    generating an alert when the monitored network parameter remains above the threshold value during the entire time duration when the threshold type is an upper limit;

    generating the alert when the monitored network parameter remains below the threshold value during the entire time duration when the threshold type is a lower limit; and

    wherein a severity level of the alert is set to the alert severity level corresponding to the threshold value.

View all claims
  • 21 Assignments
Timeline View
Assignment View
    ×
    ×