×

NETWORK INTRUSION DETECTION WITH DISTRIBUTED CORRELATION

  • US 20110173699A1
  • Filed: 01/13/2010
  • Published: 07/14/2011
  • Est. Priority Date: 01/13/2010
  • Status: Active Grant
First Claim
Patent Images

1. A method for detecting an intrusion attempt in a network comprising a plurality of host machines, the method comprising:

  • receiving, at a first host machine of the plurality of host machines, a first security report from a second host machine of the plurality of host machines, wherein the first security report summarizes network activity at the second host machine;

    processing, via at least one processor, at least the first security report from the second host machine and network traffic at the first host machine to determine whether a network intrusion attempt is suspected;

    if it is determined that the network intrusion attempt is suspected, generating a second security report indicating that the network intrusion attempt is suspected by the first host machine; and

    processing a plurality of security reports to determine whether a network intrusion attempt is detected, the plurality of security reports being generated by multiple host machines of the plurality of host machines, the plurality of security reports comprising the second security report.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×