Multi-level and multi-platform intrusion detection and response system
First Claim
1. An intrusion detection and response system comprising a log-based event classification system, the log-based event classification system comprising:
- a log event data collection means for receiving a plurality of data sets from a respective and corresponding plurality of security devices;
an event analysis means for receiving the plurality of data sets and analyzing the data sets with reference to one of a plurality of pre-defined traffic classes, and producing a corresponding plurality of analyzed data sets; and
an event correlation means for receiving the analyzed data sets and correlating events across the plurality of security devices for identifying normal and abnormal data traffic patterns.
1 Assignment
0 Petitions
Accused Products
Abstract
An intrusion detection and response system having an event data collector receiving a plurality of data sets from a respective and corresponding plurality of security devices. An event analysis engine receives the plurality of data sets and analyzes the data sets with reference to one of a plurality of pre-defined traffic classes. The event analysis engine produces a corresponding plurality of analyzed data sets. An event correlation engine receives the analyzed data sets and correlates the events across the plurality of security devices for identifying normal and abnormal data traffic patterns.
339 Citations
31 Claims
-
1. An intrusion detection and response system comprising a log-based event classification system, the log-based event classification system comprising:
-
a log event data collection means for receiving a plurality of data sets from a respective and corresponding plurality of security devices;
an event analysis means for receiving the plurality of data sets and analyzing the data sets with reference to one of a plurality of pre-defined traffic classes, and producing a corresponding plurality of analyzed data sets; and
an event correlation means for receiving the analyzed data sets and correlating events across the plurality of security devices for identifying normal and abnormal data traffic patterns. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 15)
-
-
9. An intrusion detection and response system comprising a knowledge-based event classification system, the knowledge-based event classification system comprising:
-
an event data collection means for receiving a plurality of data sets from a respective and corresponding plurality of security devices;
an event analysis means for receiving the plurality of data sets and analyzing the data sets with reference to one of a plurality of pre-defined traffic classes, and producing a corresponding plurality of analyzed data sets; and
an event correlation means for receiving the analyzed data sets and correlating events across the plurality of security devices for identifying normal and abnormal behavior patterns. - View Dependent Claims (10, 11, 12, 13, 14, 16, 17)
-
-
18. An intrusion detection and response system comprising a combined log-based and knowledge-based event classification system, the event classification system comprising:
-
an event data collection means for receiving a plurality of data sets from a respective and corresponding plurality of security devices;
an event analysis means for receiving the plurality of data sets and analyzing the data sets with reference to one of a plurality of pre-defined traffic classes, and producing a corresponding plurality of analyzed data sets; and
an event correlation means for receiving the analyzed data sets and correlating events across the plurality of security devices, and across the log-based and knowledge-based event classification systems, for identifying normal and abnormal data traffic patterns. - View Dependent Claims (19, 20, 21, 22, 23)
-
-
24. An intrusion detection and response process, comprising:
-
collecting a plurality of data sets from a respective and corresponding plurality of security devices;
analyzing the data sets with reference to one of a plurality of pre-defined traffic classes, and producing a corresponding plurality of analyzed data sets; and
correlating events of the analyzed data sets across the plurality of security devices for identifying normal and abnormal data traffic patterns. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
-
Specification