SECURITY EVENT MANAGEMENT APPARATUS, SYSTEMS, AND METHODS

US 20130055385A1
Filed: 08/29/2011
Published: 02/28/2013
Est. Priority Date: 08/29/2011
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

an interface to receive multiple security event data streams from a plurality of hardware processing nodes, the multiple security event data streams comprising multiple security events; and

at least one processor to generate a hierarchy of statistical data streams from domain-specific, categorized data streams derived from the multiple security events.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus, systems, and methods may operate to receive multiple security event data streams from a plurality of hardware processing nodes, the multiple security event data streams comprising multiple security events. Additional operations may include extracting multiple security events from multiple security event data streams, and classifying the extracted multiple security events to form domain-specific, categorized data streams. A hierarchy of statistical data streams may then be generated from the domain-specific, categorized data streams. Additional apparatus, systems, and methods are disclosed.

31 Citations

View as Search Results

20 Claims

1. A system, comprising:
- an interface to receive multiple security event data streams from a plurality of hardware processing nodes, the multiple security event data streams comprising multiple security events; and
  
  at least one processor to generate a hierarchy of statistical data streams from domain-specific, categorized data streams derived from the multiple security events.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, further comprising:
    - a graphical user interface (GUI) executed by a client node to receive the statistical data streams.
  - 3. The system of claim 1, wherein the hardware processing nodes comprise at least one of server nodes, client nodes, or storage nodes.
  - 4. The system of claim 1, wherein the at least one processor is housed together with at least one of the hardware processing nodes.
  - 5. The system of claim 1, further comprising:
    - a hierarchical classifier module coupled to a memory to store classification algorithms to operate on the multiple security events, to provide the domain-specific categorized data streams.
  - 6. The system of claim 1, wherein the hierarchical classifier module further comprises:
    - a contextual asset risk classifier having an output coupled to an input of an activity classifier.

7. A processor-implemented method to execute on one or more processors that perform the method, comprising:
- receiving multiple security event data streams from a plurality of hardware processing nodes, the multiple security event data streams comprising multiple security events; and
  
  generating a hierarchy of statistical data streams from domain-specific, categorized data streams derived from the multiple security events.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, wherein the receiving further comprises:
    - receiving at least one of the security event data streams in response to accessing a log file stored on one of the hardware processing nodes.
  - 9. The method of claim 7, further comprising:
    - classifying the multiple security events to form the domain-specific, categorized data streams.
  - 10. The method of claim 9, wherein the classifying further comprises:
    - classifying the multiple security events according to vulnerability categories associated with sources of the security event data streams.
  - 11. The method of claim 9, wherein the classifying further comprises:
    - classifying the multiple security events using a sequential hierarchy of classifier functions, wherein output from a first level of the classifier functions in the hierarchy provides input to a second level of the classifier functions in the hierarchy.
  - 12. The method of claim 9, further comprising:
    - receiving some of the multiple security event data streams while generating the hierarchy of the statistical data streams as part of a continuous reception and generation process.
  - 13. The method of claim 9, wherein the statistical data streams comprise multiple dimensions.

14. A processor-implemented method to execute on one or more processors that perform the method, comprising:
- extracting multiple security events from multiple security event data streams;
  
  classifying the extracted multiple security events to form domain-specific, categorized data streams; and
  
  generating a hierarchy of statistical data streams from the domain-specific, categorized data streams.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, further comprising:
    - transmitting at least some of the statistical data streams to a network interface in a client node coupled to a display.
  - 16. The method of claim 14, wherein the classifying comprises:
    - accessing a database stored on a non-transitory storage medium; and
      
      receiving information as external knowledge from the database to provide context-aware classification of the extracted multiple security events.
  - 17. The method of claim 14, wherein the classifying uses a combination of classifier functions comprising a tree of multilevel, hierarchical classifiers.
  - 18. The method of claim 14, wherein the generating comprises:
    - generating the statistical data streams to include at least one of a volume-based stream or a frequency-based stream.
  - 19. The method of claim 14, wherein categories associated with the categorized data streams define at least some levels in the hierarchy.
  - 20. The method of claim 14, wherein at least one of the extracting, the classifying, or the generating are accomplished using input/output aggregation pipelines.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Antony, John Melvin, Apostolescu, Paul, Srinivasan, Pattabiraman, Adusumilli, Prathap

Granted Patent

US 8,595,837 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/552 involving long-term monitor...

G06F 21/577 Assessing vulnerabilities a...

SECURITY EVENT MANAGEMENT APPARATUS, SYSTEMS, AND METHODS

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY EVENT MANAGEMENT APPARATUS, SYSTEMS, AND METHODS

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links