×

Method and system for addressing intrusion attacks on a computer system

  • US 20050097339A1
  • Filed: 11/05/2003
  • Published: 05/05/2005
  • Est. Priority Date: 11/05/2003
  • Status: Active Grant
First Claim
Patent Images

1. A computerized method for addressing intrusion attacks directed at a computer, the method comprising:

  • receiving at least one packet corresponding to a potential attack on the computer;

    calculating a risk rating for the potential attack by;

    determining an attack severity rating indicative of the potential severity of the potential attack by comparing the type of potential attack to stored information having a plurality of attacks with corresponding predetermined numerical attack severity ratings;

    determining a signature fidelity rating indicative of the likelihood the potential attack will affect the computer in the absence of knowledge regarding the computer by comparing the type of potential attack to stored information having a plurality of attacks with corresponding predetermined numerical signature fidelity ratings;

    determining an attack relevance rating indicative of the relevance of the potential attack to the computer based on an operating system of the computer, a service availability of the computer, an application running at a service port of the computer, and the version of the application;

    determining a target value rating indicative of the perceived value of the computer;

    calculating the risk rating as a function of the attack severity rating, the signature fidelity rating, the attack relevance rating, and the target value rating, wherein the function is;


    ERR=floor(((ASR)*(SFR)*(ARR)*(TVR))/1000000,100) where;

    ERR=the risk rating;

    ASR=the attack severity rating;

    SFR=the signature fidelity rating;

    ARR=the attack relevance rating; and

    TVR=the target value rating; and

    responding to the attack based on the risk rating.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×