×

Determining threat level associated with network activity

  • US 20040044912A1
  • Filed: 08/26/2003
  • Published: 03/04/2004
  • Est. Priority Date: 08/26/2002
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for determining network security threat level, comprising the steps of:

  • receiving event data in response to identified network event detected by a sensor;

    based upon the event data, perform the following step;

    determining a source threat value, the source threat value based upon a source threat weight for a source IP address and a first range of IP network addresses of which the source IP address is a member;

    determining a destination vulnerability value, the destination vulnerability value based upon the network event in conjunction with a destination IP address, a destination threat weight for the destination IP address, and a threat level value associated with a second range of network IP address of which the destination IP address is a member;

    determining an event validity value based upon the source IP address and an event type determining event severity value based upon the event type;

    calculating an event threat level value based upon the source threat value, the destination vulnerability value, the event validity value, and the event severity value;

    calculating a host threat level value based upon a summation of event threat level values for a host over a first time period associated with a number of correlated events for the host in the first time period; and

    calculating a differential threat level by associating the host threat level value with a second host threat level value based upon a second time period wherein the second time period exceeds the first time period.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×