MULTI-AGENT, DISTRIBUTED, PRIVACY-PRESERVING DATA MANAGEMENT AND DATA MINING TECHNIQUES TO DETECT CROSS-DOMAIN NETWORK ATTACKS
First Claim
Patent Images
1. A multi-agent, privacy-preserving distributed data mining apparatus for combining network-attack patterns detected by multitude of network sensors such as firewalls, virus-scanners, and intrusion detection systems. This apparatus has the following components:
- a. PURSUIT Agent;
This module runs at each participating node of the distributed environment. It connects to the local network sensor and collaboratively computes the global patterns using privacy-preserving, distributed data mining algorithms.b. LIP Agent;
This module interfaces the PURSUIT agent at each participating node with the network monitoring sensor. This offers various plug-in-s for different sensors.c. CAM Agent;
This module is in charge of coordinating the distributed computation of privacy-preserving data mining algorithms performed by the PURSUIT agents. The CAM agent also provides the collectively computed statistics to the PURSUIT web services.d. PURSUIT Web Services;
Results of the privacy-preserving analysis of the data monitored by a multitude of PURSUIT agents are presented through a web-service. Users can use any web browser to login to the PURSUIT web account and access the information generated by distributed privacy-preserving network threat data mining algorithms.
0 Assignments
0 Petitions
Accused Products
Abstract
The present invention is a method and a system that uses privacy-preserving distributed data stream mining algorithms for mining continuously generated data from different network sensors used to monitor data communication in a computer network. The system is designed to compute global network-threat statistics by combining the output of the network sensors using privacy-preserving distributed data stream mining algorithms.
-
Citations
20 Claims
-
1. A multi-agent, privacy-preserving distributed data mining apparatus for combining network-attack patterns detected by multitude of network sensors such as firewalls, virus-scanners, and intrusion detection systems. This apparatus has the following components:
-
a. PURSUIT Agent;
This module runs at each participating node of the distributed environment. It connects to the local network sensor and collaboratively computes the global patterns using privacy-preserving, distributed data mining algorithms.b. LIP Agent;
This module interfaces the PURSUIT agent at each participating node with the network monitoring sensor. This offers various plug-in-s for different sensors.c. CAM Agent;
This module is in charge of coordinating the distributed computation of privacy-preserving data mining algorithms performed by the PURSUIT agents. The CAM agent also provides the collectively computed statistics to the PURSUIT web services.d. PURSUIT Web Services;
Results of the privacy-preserving analysis of the data monitored by a multitude of PURSUIT agents are presented through a web-service. Users can use any web browser to login to the PURSUIT web account and access the information generated by distributed privacy-preserving network threat data mining algorithms. - View Dependent Claims (2, 3, 4, 5, 6, 7, 16, 17, 18, 19, 20)
-
-
8. The scan detection technique of claim 8 compares the attack data using secure, privacy-preserving, multi-party computation-based data mining algorithms.
-
9. A distributed, multi-party, privacy-preserving technique for detecting common worm attacks in multiple networks without sharing the network traffic with each other.
-
10. A distributed, multi-party, privacy-preserving technique for identifying geo-spatial location of network attackers against multiple networks over a time period without sharing the network traffic with each other.
-
11. A distributed, multi-party, privacy-preserving algorithm (DPC1) for performing privacy-preserving clustering from network data in multiple networks without sharing the raw network traffic data with each other.
-
12. A distributed, multi-party, privacy-preserving algorithm (DPC2) for performing privacy-preserving clustering from network data in multiple networks without sharing the raw network traffic data with each other.
-
13. A distributed privacy-preserving network threat data segmentation algorithm based on distributed, privacy-preserving clustering algorithms.
-
14. A distributed, multi-party, privacy-preserving technique for computing a similarity-preserving representation of IP addresses and other network parameters and computing functions from this information collected in multiple networks without sharing the network traffic with each other.
-
15. A framework of privacy-preserving data mining, called k-zone of privacy that constructs a new representation of the data which do not allow others to perform a one-to-one inverse transformation for breaching the privacy of the data.
Specification