Method for detecting sophisticated cyber attacks
First Claim
Patent Images
1. A method of detecting cyber attacks upon networked targets by potential intruders comprising the steps of:
- a) organizing audit log data into event records;
b) adding unique target identifiers to said event records;
c) adding the type of work performed by the networked targets to said event records;
d) sorting said event records by the IP addresses of potential intruders;
e) generating intruder records of the potential intruders of target IP addresses that were accessed;
f) generating a vector space model of said event records;
g) generating a dissimilarity matrix of the data and IP addresses in said event records; and
h) clustering event records from said dissimilarity matrix that contain a selected event.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of analyzing computer intrusion detection information that looks beyond known attacks and abnormal access patterns to the critical information that an intruder may want to access. Unique target identifiers and type of work performed by the networked targets is added to audit log records. Analysis using vector space modeling, dissimilarity matrix comparison, and clustering of the event records is then performed.
68 Citations
4 Claims
-
1. A method of detecting cyber attacks upon networked targets by potential intruders comprising the steps of:
-
a) organizing audit log data into event records;
b) adding unique target identifiers to said event records;
c) adding the type of work performed by the networked targets to said event records;
d) sorting said event records by the IP addresses of potential intruders;
e) generating intruder records of the potential intruders of target IP addresses that were accessed;
f) generating a vector space model of said event records;
g) generating a dissimilarity matrix of the data and IP addresses in said event records; and
h) clustering event records from said dissimilarity matrix that contain a selected event. - View Dependent Claims (2, 3, 4)
-
Specification