NETWORK ATTACK VISUALIZATION AND RESPONSE THROUGH INTELLIGENT ICONS
First Claim
1. A network intrusion visualization system comprising:
- a computer coupled to a network and adapted to receive data from the network, the computer including a nontransitory computer readable medium having stored thereon software instructions for programming the computer to provide a graphical visualization of monitored network activity, the software instructions, when executed by the computer, cause the computer to perform operations including;
applying a grammar having a plurality of motifs to a network activity data sample to determine a measure of similarity between the data sample and each of a plurality of models representing different network activity behaviors associated with the grammar;
characterizing the data sample based on the measure of similarity, including mapping a normalized difference value for each motif of each grammar to generate a plurality of statistical features;
generating a plurality of intelligent icons, each icon corresponding to one of the models and having a respective plurality of graphical representations each corresponding to a different statistical feature representing the normalized difference value of a respective one of the motifs for that model; and
displaying the intelligent icons and the respective plurality of graphical representations on a display device coupled to the computer.
3 Assignments
0 Petitions
Accused Products
Abstract
A network activity visualization system can include an MDL grammar database adapted to store a plurality of MDL grammars, and a pattern matching module adapted to match a received network activity data set against the MDL grammars by calculating a distance of the network activity data set from each MDL grammar. The system can also include an intelligent icon module adapted to receive the MDL grammars and distances of a network data set from each respective MDL grammar, and adapted to generate intelligent icons based on the MDL grammars and distances. The system can further include a display system adapted to display the intelligent icons so as to provide a visual indication of network security.
49 Citations
28 Claims
-
1. A network intrusion visualization system comprising:
-
a computer coupled to a network and adapted to receive data from the network, the computer including a nontransitory computer readable medium having stored thereon software instructions for programming the computer to provide a graphical visualization of monitored network activity, the software instructions, when executed by the computer, cause the computer to perform operations including; applying a grammar having a plurality of motifs to a network activity data sample to determine a measure of similarity between the data sample and each of a plurality of models representing different network activity behaviors associated with the grammar; characterizing the data sample based on the measure of similarity, including mapping a normalized difference value for each motif of each grammar to generate a plurality of statistical features; generating a plurality of intelligent icons, each icon corresponding to one of the models and having a respective plurality of graphical representations each corresponding to a different statistical feature representing the normalized difference value of a respective one of the motifs for that model; and displaying the intelligent icons and the respective plurality of graphical representations on a display device coupled to the computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 24, 25)
-
-
12. A network activity visualization system comprising:
-
a pattern matching module adapted to match a received network activity data set, containing data representing electronic activity in an electronic communications network, against each of a plurality of mathematical models by calculating a distance of the network activity data set from a respective one of the mathematical models; and an intelligent icon display module adapted to generate intelligent icons based on the mathematical models and corresponding calculated distances so as to provide a visual indication of network security, the generated intelligent icons adapted for display on a display device. - View Dependent Claims (13, 14, 15, 26, 27)
-
-
16. A computer-implemented method of intrusion detection visualization comprising:
-
characterizing network activity data using a computer programmed to perform network intrusion visualization, the characterizing including generating, with the computer, a plurality of statistical features each representing a relationship between the network activity data and a respective model representing a network activity behavior; associating, with the computer, each of a plurality of graphical representations with a corresponding one of the models; altering, with the computer, the visual appearance of each graphical representation based on the statistical feature of the corresponding model to generate altered graphical representations; downgrading quality of service to a network data transfer associated with the network activity data based on an indication in one of the statistical features that the network activity represents an intrusion; and displaying one or more of the altered graphical representations on a display device coupled to the computer, the altered graphical representations providing on the display device a visual indication of the corresponding statistical feature. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 28)
-
Specification