TRANSACTION-BASED INTRUSION DETECTION
First Claim
1. An intrusion detection system comprising one or more processors, and a memory with instructions which when executed by the one or more processors cause the one or more processors to perform a plurality of operations comprising:
- receiving transaction information related to one or more current transactions between a client entity and a resource server;
accessing a database storing a plurality of transaction groups, wherein the transaction groups are formed based on a plurality of past transactions between a plurality of client entities and the resource server;
analyzing the received transaction information with respect to information related to at least one of the plurality of transaction groups; and
based on said analyzing, determining a possibility of an occurrence of an intrusion act at the resource server.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are provided for intrusion detection. The systems and methods may include receiving transaction information related to one or more current transactions between a client entity and a resource server, accessing a database storing a plurality of transaction groups, analyzing the received transaction information with respect to information related to at least one of the plurality of transaction groups, and based on said analyzing, determining a possibility of an occurrence of an intrusion act at the resource server. The transaction groups may be formed based on a plurality of past transactions between a plurality of client entities and the resource server. Identity information of a user associated with the one or more current transactions may also be received along with the transaction information. The user may be associated with at least one of the plurality of transaction groups.
27 Citations
31 Claims
-
1. An intrusion detection system comprising one or more processors, and a memory with instructions which when executed by the one or more processors cause the one or more processors to perform a plurality of operations comprising:
-
receiving transaction information related to one or more current transactions between a client entity and a resource server; accessing a database storing a plurality of transaction groups, wherein the transaction groups are formed based on a plurality of past transactions between a plurality of client entities and the resource server; analyzing the received transaction information with respect to information related to at least one of the plurality of transaction groups; and based on said analyzing, determining a possibility of an occurrence of an intrusion act at the resource server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-implemented method for intrusion detection, the method executed by one or more processors configured to perform a plurality of operations, the operations comprising:
-
receiving transaction information related to one or more current transactions between a client entity and a resource server; accessing a database storing a plurality of transaction groups, wherein the transaction groups are formed based on a plurality of past transactions between a plurality of client entities and the resource server; analyzing the received transaction information with respect to information related to at least one of the plurality of transaction groups; and based on said analyzing, determining a possibility of an occurrence of an intrusion act at the resource server. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A non-transitory computer-readable medium comprising computer-readable instructions, the computer-readable instructions when executed by one or more processors, causes the one or more processors to carry out a plurality of operations comprising:
-
receiving transaction information related to one or more current transactions between a client entity and a resource server; accessing a database storing a plurality of transaction groups, wherein the transaction groups are formed based on a plurality of past transactions between a plurality of client entities and the resource server; analyzing the received transaction information with respect to information related to at least one of the plurality of transaction groups; and based on said analyzing, determining a possibility of an occurrence of an intrusion act at the resource server. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31)
-
Specification