×

Method and system for detecting intrusive anomalous use of a software system using multiple detection algorithms

  • US 20060085854A1
  • Filed: 10/19/2004
  • Published: 04/20/2006
  • Est. Priority Date: 10/19/2004
  • Status: Active Grant
First Claim
Patent Images

1. A method of detecting an intrusion into a target software system, comprising:

  • instrumenting the target software system to generate behavior data representing a current observation or observation aggregate;

    processing the current observation or observation aggregate through a first level detection algorithm that provides a first, provisional indication of a possible intrusion;

    determining whether an intrusion has occurred or whether the current observation or observation aggregate warrants a second level examination; and

    if a result of executing the first level detection algorithm indicates that the current observation or observation aggregate warrants a second level examination, processing the current observation or observation aggregate through at least one or more second level detection algorithms to provide a second, more definite indication of a possible intrusion.

View all claims
  • 5 Assignments
Timeline View
Assignment View
    ×
    ×