TECHNIQUES FOR DETECTING ATTACKS IN A PUBLISH-SUBSCRIBE NETWORK
First Claim
1. A computer-implemented method for detecting a network attack, the method comprising:
- generating a set of indicators that represents a current state of a network;
generating a first probability that the network is subject to attack based on a first indicator included in the set of indicators;
generating a second probability that the network is subject to attack based on a second indicator in the set of indicators;
combining the first probability with the second probability to generate a third probability;
determining that the third probability exceeds a first threshold value; and
in response, dispatching a first handler configured to address the network attack.
1 Assignment
0 Petitions
Accused Products
Abstract
A publish-subscribe network includes a network infrastructure configured to support the exchange of data. An intrusion detection system is coupled to the network infrastructure and configured to process signals received from that infrastructure in order to detect malicious attacks on the network infrastructure. The intrusion detection system includes an evaluator that generates a set of indicators based on the received signals. The evaluator models these indicators as stochastic processes, and then predicts an attack probability for each indicator based on a predicted future state of each such indicator. The evaluator combines the various attack probabilities and determines an overall attack level for the network infrastructure. Based on the attack level, the intrusion detection system dispatches a specific handler to prevent or mitigate attacks.
-
Citations
20 Claims
-
1. A computer-implemented method for detecting a network attack, the method comprising:
-
generating a set of indicators that represents a current state of a network; generating a first probability that the network is subject to attack based on a first indicator included in the set of indicators; generating a second probability that the network is subject to attack based on a second indicator in the set of indicators; combining the first probability with the second probability to generate a third probability; determining that the third probability exceeds a first threshold value; and in response, dispatching a first handler configured to address the network attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer-readable medium including instructions that, when executed by a processor, cause the processor to detect a network attack, by performing the steps of:
-
generating a set of indicators that represents a current state of a network; generating a first probability that the network is subject to attack based on a first indicator included in the set of indicators; generating a second probability that the network is subject to attack based on a second indicator in the set of indicators; combining the first probability with the second probability to generate a third probability; determining that the third probability exceeds a first threshold value; and in response, dispatching a first handler configured to address the network attack. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for detecting network attacks, comprising:
-
a memory that includes an intrusion detection application; and a processor that is coupled to the memory and, when executing the intrusion detection application, is configured to to; generate a set of indicators that represents a current state of a network, generate a first probability that the network is subject to attack based on a first indicator included in the set of indicators, generate a second probability that the network is subject to attack based on a second indicator in the set of indicators, combine the first probability with the second probability to generate a third probability, determine that the third probability exceeds a first threshold value, and in response, dispatch a first handler configured to address the network attack. - View Dependent Claims (20)
-
Specification