×

NETWORK INTRUSION DATA ITEM CLUSTERING AND ANALYSIS

  • US 20160366164A1
  • Filed: 09/15/2014
  • Published: 12/15/2016
  • Est. Priority Date: 07/03/2014
  • Status: Active Grant
First Claim
Patent Images

1. A computer system comprising:

  • one or more computer readable storage devices configured to store;

    a plurality of computer executable instructions;

    a data clustering strategy; and

    a plurality of data items including at least;

    intrusion detection system reports, each intrusion detection system report associated with at least a source Internet Protocol address and a destination Internet Protocol address; and

    network-related data items associated with captured communications between an internal network and an external network, the network-related data items including at least one of;

    external Internet Protocol addresses, external domains, external computerized devices, internal Internet Protocol addresses, internal computerized devices, users of particular computerized devices, intrusion detection system information, network firewall data, or WHOIS information; and

    one or more hardware computer processors in communication with the one or more computer readable storage devices and configured to execute the plurality of computer executable instructions in order to cause the computer system to;

    receive an intrusion detection system report including a communication between a source Internet Protocol address and a destination Internet Protocol address;

    initiate an automated lookup to determine which of the source Internet Protocol address and the destination Internet Protocol address is an external Internet Protocol address, the external Internet Protocol address being external to the internal network;

    designate the external Internet Protocol address as a seed; and

    generate a data item cluster based on the data clustering strategy by at least;

    adding the seed to the data item cluster;

    identifying one or more of the network-related data items associated with the seed; and

    adding, to the data item cluster, the one or more identified network-related data items.

View all claims
  • 8 Assignments
Timeline View
Assignment View
    ×
    ×