×

NETWORK INTRUSION DETECTION WITH DISTRIBUTED CORRELATION

  • US 20130305371A1
  • Filed: 07/12/2013
  • Published: 11/14/2013
  • Est. Priority Date: 01/13/2010
  • Status: Active Grant
First Claim
Patent Images

1. A method for detecting an intrusion attempt in a network comprising a plurality of host machines, the method comprising:

  • receiving, at a first host machine, security reports relating to one or more host machines in the network, each security report summarizes network traffic at a respective host machine indicative of a possible intrusion attempt at a respective host machine and/or context data local to a host machine;

    correlating, at the first host machine, the security reports;

    associating, at the first host machine, a level of security concern when a correlation exceeds a threshold; and

    when the level of security concern indicates a network intrusion attempt, generating a second security report indicating a suspected network intrusion attempt.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×