×

Systems and methods for dynamic threat assessment

  • US 20050216764A1
  • Filed: 03/23/2004
  • Published: 09/29/2005
  • Est. Priority Date: 03/23/2004
  • Status: Active Grant
First Claim
Patent Images

1. A method for dynamically assessing threats to computers and computer networks using one or more security devices that generate events, comprising:

  • reading policy configuration information, wherein the policy configuration information comprises a global threat assessment event generation probability and one or more dynamic threat assessment rules comprising event probability information;

    generating one or more abstract data types for each of the one or more dynamic threat assessment rules;

    collecting and storing events from the one or more security devices in an event collection database;

    reading each event in the event collection database;

    determining if the each event is a member of each instance of the one or more abstract data types for each of the one or more dynamic threat assessment rules;

    if the each event is a member of the each instance, adding the each event to the each instance and computing a probability of the each instance;

    determining if the probability is greater than the global threat assessment event generation probability;

    if the probability is greater than the global threat assessment event generation probability, generating a dynamic threat assessment event and placing the dynamic threat assessment event in the event collection database;

    determining if the each event is a starting member of an instance of the one or more abstract data types for each of the one or more dynamic threat assessment rules; and

    if the each event is a starting member of the instance, creating the instance and adding the each event to the instance.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×