Adaptive intrusion detection for autonomic systems
First Claim
1. A method for adaptively identifying unauthorized intrusions in a networked data processing system, said method comprising:
- receiving system event data;
processing the system event data utilizing at least one behavior-based intrusion detection technique to generate an intrusion detection result; and
responsive to the intrusion detection result indicating an unauthorized intrusion, updating at least one knowledge-based intrusion detection corpus utilizing the system event data.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, method, and computer program product for adaptively identifying unauthorized intrusions in a networked data processing system. In accordance with the method of the present invention, an intrusion detection module receives system event data that may be utilized for intrusion detection. The received system event data is processed utilizing multiple intrusion detection techniques including at least one behavior-based intrusion detection technique to generate an intrusion detection result. In response to the intrusion detection result indicating an unauthorized intrusion, at least one knowledge-based intrusion detection corpus is updated utilizing the system event data. In a preferred embodiment, the intrusion detection system/method is implemented in a network data processing environment in which the knowledge-based intrusion detection corpus is communicatively accessible by multiple elements coupled to the networked data processing system. The method preferably includes issuing a network update to update knowledge-based intrusion detection corpora associated with the multiple elements included in the network.
113 Citations
20 Claims
-
1. A method for adaptively identifying unauthorized intrusions in a networked data processing system, said method comprising:
-
receiving system event data;
processing the system event data utilizing at least one behavior-based intrusion detection technique to generate an intrusion detection result; and
responsive to the intrusion detection result indicating an unauthorized intrusion, updating at least one knowledge-based intrusion detection corpus utilizing the system event data. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An intrusion detection system that adaptively identifies unauthorized intrusions in a networked data processing system, said intrusion detection system comprising:
-
computer processing means for receiving system event data;
computer processing means for processing the system event data utilizing at least one behavior-based intrusion detection technique to generate an intrusion detection result; and
computer processing means, responsive to the intrusion detection result indicating an unauthorized intrusion, for updating at least one knowledge-based intrusion detection corpus utilizing the system event data. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer-readable medium having stored thereon computer-executable instructions for adaptively identifying unauthorized intrusions in a networked data processing system, said computer-executable instructions performing a method comprising:
-
receiving system event data;
processing the system event data utilizing at least one behavior-based intrusion detection technique to generate an intrusion detection result; and
responsive to the intrusion detection result indicating an unauthorized intrusion, updating at least one knowledge-based intrusion detection corpus utilizing the system event data. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification