Method of operating an intrusion detection system according to a set of business rules
First Claim
Patent Images
1. A method of operating an intrusion detection system according to a business rule, comprising the steps of:
- awaiting an update time of the intrusion detection system;
responsive to occurrence of an update time, checking a validity condition of a business rule to determine whether a provision of the business rule is a newly operative provision;
if the provision of the business rule is a newly operative provision, altering an intrusion set according to the newly operative provision.
2 Assignments
0 Petitions
Accused Products
Abstract
An intrusion detection system checks a list of business rules at predetermined update times, and determines whether any provision of the business rules has become newly operative since the last update time. Provisions of the business rules prescribe alterations to intrusion signatures, thresholds, actions, or weights that are appropriate to broader circumstances evident at the update time. Whenever a new provision is found to be operative, the effected signatures, thresholds, actions, or weights are altered accordingly.
19 Citations
21 Claims
-
1. A method of operating an intrusion detection system according to a business rule, comprising the steps of:
-
awaiting an update time of the intrusion detection system;
responsive to occurrence of an update time, checking a validity condition of a business rule to determine whether a provision of the business rule is a newly operative provision;
if the provision of the business rule is a newly operative provision, altering an intrusion set according to the newly operative provision. - View Dependent Claims (2, 3, 4)
-
-
5. A method of operating an intrusion detection system according to a set of business rules, comprising the steps of:
-
awaiting an update time of the intrusion detection system;
responsive to occurrence of an update time, checking validity conditions of a plurality of business rules to determine whether a provision of any of the plurality of business rules is a newly operative provision;
for each provision of the plurality of business rules that is a newly operative provision, altering an intrusion set according to the newly operative provision. - View Dependent Claims (6, 7, 8)
-
-
9. A method of operating an intrusion detection system according to a set of business rules, comprising the steps of:
-
awaiting an update time of the intrusion detection system;
responsive to occurrence of an update time, checking validity conditions of the set of business rules to determine whether a provision of any of the set of business rules is a newly operative provision;
for each newly operative provision, checking an intrusion set to determine whether the newly operative provision applies to the intrusion set; and
if the new provision applies to the intrusion set, altering the intrusion set according to the newly operative provision. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
Specification