Method of operating an intrusion detection system according to a set of business rules

US 20020169982A1
Filed: 05/08/2001
Published: 11/14/2002
Est. Priority Date: 05/08/2001
Status: Active Grant

First Claim

Patent Images

1. A method of operating an intrusion detection system according to a business rule, comprising the steps of:

awaiting an update time of the intrusion detection system;

responsive to occurrence of an update time, checking a validity condition of a business rule to determine whether a provision of the business rule is a newly operative provision;

if the provision of the business rule is a newly operative provision, altering an intrusion set according to the newly operative provision.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An intrusion detection system checks a list of business rules at predetermined update times, and determines whether any provision of the business rules has become newly operative since the last update time. Provisions of the business rules prescribe alterations to intrusion signatures, thresholds, actions, or weights that are appropriate to broader circumstances evident at the update time. Whenever a new provision is found to be operative, the effected signatures, thresholds, actions, or weights are altered accordingly.

19 Citations

View as Search Results

21 Claims

1. A method of operating an intrusion detection system according to a business rule, comprising the steps of:
- awaiting an update time of the intrusion detection system;
  
  responsive to occurrence of an update time, checking a validity condition of a business rule to determine whether a provision of the business rule is a newly operative provision;
  
  if the provision of the business rule is a newly operative provision, altering an intrusion set according to the newly operative provision.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the validity condition is a temporal validity condition.
  - 3. The method of claim 1, wherein the validity condition is a network validity condition.
  - 4. The method of claim 1, wherein the validity condition is a compound validity condition.

5. A method of operating an intrusion detection system according to a set of business rules, comprising the steps of:
- awaiting an update time of the intrusion detection system;
  
  responsive to occurrence of an update time, checking validity conditions of a plurality of business rules to determine whether a provision of any of the plurality of business rules is a newly operative provision;
  
  for each provision of the plurality of business rules that is a newly operative provision, altering an intrusion set according to the newly operative provision.
- View Dependent Claims (6, 7, 8)
- - 6. The method of claim 5, wherein the validity condition is a temporal validity condition.
  - 7. The method of claim 5, wherein the validity condition is a network validity condition.
  - 8. The method of claim 5, wherein the validity condition is a compound validity condition.

9. A method of operating an intrusion detection system according to a set of business rules, comprising the steps of:
- awaiting an update time of the intrusion detection system;
  
  responsive to occurrence of an update time, checking validity conditions of the set of business rules to determine whether a provision of any of the set of business rules is a newly operative provision;
  
  for each newly operative provision, checking an intrusion set to determine whether the newly operative provision applies to the intrusion set; and
  
  if the new provision applies to the intrusion set, altering the intrusion set according to the newly operative provision.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 10. The method of claim 9, wherein the validity condition is a temporal validity condition.
  - 11. The method of claim 9, wherein the validity condition is a network validity condition.
  - 12. The method of claim 9, wherein the validity condition is a compound validity condition.
  - 13. The method of claim 9, wherein the step of altering the intrusion set includes the step of altering a signature of the intrusion set.
  - 14. The method of claim 9, wherein the step of altering the intrusion set includes the step of altering a threshold of the intrusion set.
  - 15. The method of claim 9, wherein the step of altering the intrusion set includes the step of altering an action of the intrusion set.
  - 16. The method of claim 9, wherein the step of altering the intrusion set includes the step of altering a weight of the intrusion set.
  - 17. The method of claim 9, wherein the update time is a scheduled time.
  - 18. The method of claim 9, wherein the update time is one of a plurality of update times that occur substantially periodically.
  - 19. The method of claim 9, wherein the update time is a computed update time.
  - 20. The method of claim 9, wherein the set of business rules includes exactly one individual rule.
  - 21. The method of claim 9, wherein the set of business rules includes more than one individual rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
International Business Machines Corporation
Inventors
Lingafelt, Charles Steven, Kim, Nathaniel Wook, Brock, Ashley Anderson

Granted Patent

US 7,036,148 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

G06F 21/55 Detecting local intrusion o...

H04L 63/1408 by monitoring network traff...

Method of operating an intrusion detection system according to a set of business rules

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method of operating an intrusion detection system according to a set of business rules

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links