Enabling network intrusion detection by representing network activity in graphical form utilizing distributed data sensors to detect and transmit activity data
First Claim
1. A method for generating a network activity graph comprising:
- at a control server, receiving from a sensor at a remote device, a message containing remote device information including an identification of the remote device and activity occurring at the remote device; and
fusing activity data retrieved from multiple ones of said message into an activity graph representative of the devices on the network and the activity and inter-activity occurring at and between the devices on the network.
3 Assignments
0 Petitions
Accused Products
Abstract
A method, system, and computer program product for detecting and mapping activity occurring at and between devices on a computer network for utilization within an intrusion detection mechanism. An enhanced graph matching intrusion detection system (eGMIDS) utility executing on a control server provides data collection functions and data fusion techniques. The eGMIDS comprises multiple sensors and associated unique adaptors that are located at different remote devices of the network and utilized to detect specific types of activity occurring at the respective devices relevant to eGMIDS processing. The sensors convert the data into eGMIDS format and encapsulate the data in a special transmission packet that is transmitted to the control server. The eGMIDS utility converts the activity data within these packets into eGMIDS-usable format and then processes the converted data via a data fusion technique to generate a graphical representation of the network (devices) and the activity occurring at/amongst the various devices.
-
Citations
32 Claims
-
1. A method for generating a network activity graph comprising:
-
at a control server, receiving from a sensor at a remote device, a message containing remote device information including an identification of the remote device and activity occurring at the remote device; and
fusing activity data retrieved from multiple ones of said message into an activity graph representative of the devices on the network and the activity and inter-activity occurring at and between the devices on the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for generating a graph representation of sensed activity data within a network, said system comprising:
a software utility executing at a control server and which comprises functional components for completing the functions of;
at the control server, receiving from a sensor at a remote device, a message containing remote device information including an identification of the remote device and activity occurring at the remote device; and
fusing activity data retrieved from multiple ones of said message into an activity graph representative of the devices on the network and the activity and inter-activity occurring at and between the devices on the network. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
22. A computer program product comprising:
-
a computer readable medium; and
program code on the computer readable medium for generating a graph representation of sensed activity data within a network, said program code comprising a software utility executing at a control server and which comprises functional components for completing the functions of;
at the control server, receiving from a sensor at a remote device, a message containing remote device information including an identification of the remote device and activity occurring at the remote device; and
fusing activity data retrieved from multiple ones of said message into an activity graph representative of the devices on the network and the activity and inter-activity occurring at and between the devices on the network. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
Specification