×

Method of automatically classifying a set of alarms emitted by sensors for detecting intrusions of an information security system

  • US 20070118905A1
  • Filed: 12/16/2004
  • Published: 05/24/2007
  • Est. Priority Date: 12/17/2003
  • Status: Active Grant
First Claim
Patent Images

1. A method of automatically classifying alerts issued by intrusion detection sensors (11a, 11b, 11c) of an information security system (1) for producing collated alerts, each alert being defined by a plurality of qualitative attributes (a1, . . . an) belonging to a plurality of attribute domains (A1, . . . , An) each of which has a partial order relationship, which method comprises the following steps:

  • organizing the attributes belonging to each attribute domain into a hierarchical structure including levels defined in accordance with the partial order relationship of the attribute domain, the attribute domains thus forming hierarchical structures;

    constructing for each alert issued by the intrusion detection sensors (11a, 11b, 11c) a trellis specific to that alert by generalizing each alert in accordance with each of its attributes and at all the levels of the hierarchical structure, the specific trellis including nodes corresponding to alerts linked to each other by arcs so that each node is linked to one or more parent nodes and/or to one or more child or descendant nodes;

    iteratively merging each specific trellis into a general trellis;

    identifying collated alerts in the general trellis by selecting the alerts that are simultaneously the most pertinent and the most general in accordance with statistical criteria and according to their attributes belonging to lower levels of the hierarchical structures; and

    supplying the collated alerts to an output unit (23) of an alert management system (13) in order to provide an overview of all the alerts issued by the intrusion detection sensors (11a, 11b, 11c).

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×