Intrusion management system and method for providing dynamically scaled confidence level of attack detection
First Claim
1. A method for dynamically scaling a confidence level of a detected attack on a computer system, the detected attack being detected by an intrusion management system in a communication with the computer system, the method comprising:
- (a) assigning an initial confidence level to the detected attack;
(b) detecting, in the communication, at least one scalar selected from the group consisting of (i) a first scalar indicating packet loss in the communication, (ii) a second scalar indicating whether the intrusion management system has observed the communication from a beginning of the communication, and (iii) a third scalar indicating whether the communication includes any information not understood by the instrusion management system; and
(c) scaling the initial confidence level in accordance with the at least one scalar detected in step (b) to provide a scaled confidence level.
4 Assignments
0 Petitions
Accused Products
Abstract
An Intrusion Management System detects computer attacks and automatically adjusts confidence that an attack was correctly detected. When the Intrusion Management System detects the attack against a computer system, it does not represent an accuracy of detection as an immutable confidence value. Instead, the Intrusion Management System tabulates information indirectly related to the attack and dynamically scales the confidence in the attack detection accordingly.
-
Citations
14 Claims
-
1. A method for dynamically scaling a confidence level of a detected attack on a computer system, the detected attack being detected by an intrusion management system in a communication with the computer system, the method comprising:
-
(a) assigning an initial confidence level to the detected attack;
(b) detecting, in the communication, at least one scalar selected from the group consisting of (i) a first scalar indicating packet loss in the communication, (ii) a second scalar indicating whether the intrusion management system has observed the communication from a beginning of the communication, and (iii) a third scalar indicating whether the communication includes any information not understood by the instrusion management system; and
(c) scaling the initial confidence level in accordance with the at least one scalar detected in step (b) to provide a scaled confidence level. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 13, 14)
-
-
9. An intrusion management system for dynamically scaling a confidence level of a detected attack on a computer system, the detected attack being detected by the intrusion management system in a communication with the computer system, the intrusion management system comprising:
-
a connection to the computer system to monitor the communication; and
a processor for;
(a) assigning an initial confidence level to the detected attack;
(b) detecting, in the communication, at least one scalar selected from the group consisting of (i) a first scalar indicating packet loss in the communication, (ii) a second scalar indicating whether the intrusion management system has observed the communication from a beginning of the communication, and (iii) a third scalar indicating whether the communication includes any information not understood by the instrusion management system; and
(c) scaling the initial confidence level in accordance with the at least one scalar detected in step (b) to provide a scaled confidence level. - View Dependent Claims (10, 11, 12)
-
Specification