×

Adaptive system and method for responding to computer network security attacks

  • US 6,088,804 A
  • Filed: 01/12/1998
  • Issued: 07/11/2000
  • Est. Priority Date: 01/12/1998
  • Status: Expired due to Term
First Claim
Patent Images

1. A dynamic network security system for responding to a security attack on a computer network, said computer network having a multiplicity of computer nodes, and said system comprising:

  • a plurality of security agents, each security agent being associated with at least one of the computer nodes and located at the associated computer node, each security agent being configured to detect occurrences of security events on the associated ones of said computer nodes, said security events characterizing said attack, said security events comprising at least one the group consisting of performing of an unauthorized action on the associated computer node, performing port scans on the associated node, operating malicious software on the associated computer node, and initiating unauthorized penetration attempts on the associated computer node, wherein each security agent is configured to transfer data about the security events on the associated computer nodes;

    a self-organizing map (SOM) processor in data communication with each of said security agents and configured to process said data about said security events to form an attack signature; and

    a network status display in communication with said processor and configured to display attack status information in response to said attack signature, said attack status information graphically representing a severity of said attack,wherein the SOM processor is configured to compare the attack signature with a plurality of training signatures and respond to the security attack.

View all claims
  • 6 Assignments
Timeline View
Assignment View
    ×
    ×