Method and system for interfacing an intrusion detection system to a central alarm system

US 6,353,385 B1
Filed: 08/25/2000
Issued: 03/05/2002
Est. Priority Date: 08/25/2000
Status: Expired due to Fees

First Claim

Patent Images

1. An alarm interface system comprising:

a receiver for receiving intrusion alarm messages from an intrusion detection system;

a sequencer for organizing the intrusion alarm messages into a sequential group based on temporal data associated with the intrusion alarm messages;

a priority module for selecting a highest priority alarm message from the sequential group of intrusion alarm messages; and

a translator for translating locale information on a security event or an attack, defined by the selected highest priority alarm message, from raw locale information to refined locale information for incorporation into a central station-compatible data message.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An alarm interface system and method receives intrusion alarm messages from an intrusion detection system. The alarm interface system organizes a group of the intrusion alarm messages into a time sequence. A highest priority alarm message is selected from the group. An analyzer analyzes the highest priority alarm message to extract raw locale information. The raw locale information is translated into refined locale information (e.g., a zone identifier) for inclusion in a central station-compatible data message.

Citations

35 Claims

1. An alarm interface system comprising:
- a receiver for receiving intrusion alarm messages from an intrusion detection system;
  
  a sequencer for organizing the intrusion alarm messages into a sequential group based on temporal data associated with the intrusion alarm messages;
  
  a priority module for selecting a highest priority alarm message from the sequential group of intrusion alarm messages; and
  
  a translator for translating locale information on a security event or an attack, defined by the selected highest priority alarm message, from raw locale information to refined locale information for incorporation into a central station-compatible data message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The alarm interface system according to claim 1 wherein the raw locale information is based on the intrusion alarm messages and the refined locale information comprises a corresponding zone identifier for a central station.
  - 3. The alarm interface system according to claim 2 wherein the translator associates a received destination indicator with the corresponding zone identifier.
  - 4. The alarm interface system according to claim 2 wherein the translator associates a received source indicator with the corresponding zone identifier.
  - 5. The alarm interface system according to claim 2 further comprising a transmitter for transmitting the zone identifier to the alarm system.
  - 6. The alarm interface system according to claim 1 wherein the translator accesses a database containing relationships among zone identifiers, destination indicators of intrusion alarm messages, and source indicators of intrusion alarm messages.
  - 7. The alarm interface system according to claim 1 further comprising an analyzer for assigning a probability indicator for indicating a probability of having a valid source indicator for an attack.
  - 8. The alarm interface system according to claim 1 wherein the highest priority is selected based on at least one of a confidence level in detection of alarm message and a danger level posed by an attack underlying the alarm message.

9. An alarm interface system comprising:
- a receiver for receiving intrusion alarm messages from an intrusion detection system;
  
  a sequencer for organizing the intrusion alarm messages into a sequential group;
  
  a priority module for selecting a highest priority alarm message from the sequential group;
  
  a translator for translating locale information on a security event, defined by the selected highest priority alarm message, from raw locale information to refined locale information for incorporation into a central station-compatible data message; and
  
  an analyzer for assigning a probability indicator to the highest priority alarm message to indicate a false alarm rate.

10. An integrated alarm system comprising:
- a protected computer coupled to a communications network;
  
  an intrusion detection system for detecting a security event or an attack associated with the protected computer and outputting one or more intrusion alarm messages in response to the detection of the security event;
  
  an alarm system for presenting an alarm at a user console based on an input of a detection message; and
  
  an alarm interface system for filtering and converting the intrusion alarm messages into central-station compatible data messages compatible with presentation to a user via the user console.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The integrated alarm system according to claim 10 wherein the alarm interface system includes a translator for translating at least one of a destination indicator and a source indicator of a security event, as indicated by the intrusion alarm messages, into a corresponding zone identifier for incorporation into the central station-compatible data message for the alarm system.
  - 12. The integrated alarm system according to claim 10 wherein the alarm system is burglar alarm system with a fault-tolerant design featuring redundant components.
  - 13. The integrated alarm system according to claim 10 wherein the alarm system is a fire alarm system with a fault tolerant design featuring redundant components.
  - 14. The integrated alarm system according to claim 10 further comprising:

15. A method for interfacing an alarm system, the method comprising the steps of:
- receiving intrusion alarm messages from an intrusion detection system;
  
  organizing a sequential group of the alarm messages based on temporal data associated with the intrusion alarm messages;
  
  selecting a highest priority alarm message from the sequential group; and
  
  translating raw locale information of a security event or an attack, described by the selected highest priority alarm message, into corresponding refined locale information for an alarm system.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
- - 16. The method according to claim 15 wherein the raw locale information comprises information derived from the intrusion alarm messages and wherein the refined locale information comprises a distillation of the derived information.
  - 17. The method according to claim 15 wherein the refined locale information comprises a zone identifier, the zone identifier derived from the corresponding raw locale information.
  - 18. The method according to claim 17 wherein the translating step includes associating a received destination indicator with the corresponding zone identifier.
  - 19. The method according to claim 17 wherein the translating step includes associating a received source indicator with the corresponding zone identifier.
  - 20. The method according to claim 15 wherein the translating step includes formatting the refined locale information for subsequent processing by one of a fire alarm system and a burglar alarm system.
  - 21. The method according to claim 15 wherein the translating step includes accessing a database containing relationships among zone identifiers, destination indicators of security events, and source addresses of security events.
  - 22. The method according to claim 15 further comprising the step of transmitting the zone indicator to the alarm system to indicate the affiliation of an alarm with a zone for a user of a user console.
  - 23. The method according to claim 15 further comprising the step of assigning a probability indicator for indicating a probability of having a valid source indicator for an attack.

24. A method for interfacing an alarm system, the method comprising the steps of:
- receiving intrusion alarm messages from an intrusion detection system;
  
  organizing a sequential group of the alarm messages based on temporal data associated with the intrusion alarm messages;
  
  selecting a highest priority alarm message from the sequential group;
  
  translating raw locale information of a security event or an attack, described by the selected highest priority alarm message, into corresponding refined locale information for an alarm system; and
  
  assigning a probability indicator to the highest priority alarm message to indicate a false alarm rate.

25. An alarm interface system comprising:
- a receiver for receiving intrusion alarm messages from an intrusion detection system;
  
  a sequencer for organizing the intrusion alarm messages into a sequential group based on temporal data associated with the intrusion alarm messages; and
  
  a filter for filtering the intrusion alarm messages in the sequential group based on at least one of a confidence level associated with the intrusion alarm messages and a danger posed by an identified attack described in the intrusion alarm messages.
- View Dependent Claims (26, 27, 28, 29)
- - 26. The alarm interface system according to claim 25 wherein the filter comprises a priority module in communication with the sequencer.
  - 27. The alarm interface system of claim 25 wherein the filter is coupled to a translator for translating raw locale information of a security event, described by the selected highest priority alarm message, into corresponding refined locale information for an alarm system.
  - 28. The alarm interface system of claim 25 wherein the priority module accesses a database for storage and retrieval of criticality levels associated with corresponding network addresses, wherein the criticality levels indicate a significance to a network operator concerning an attack upon a corresponding network address.
  - 29. The alarm interface system of claim 25 further comprising a transmitter and wherein the filter blocks data messages for transmission from the transmitter to a central station.

30. A method for managing alarm messages, the method comprising:
- receiving intrusion alarm messages from an intrusion detection system;
  
  organizing the intrusion alarm messages into a sequential group based on temporal data associated with the intrusion alarm messages;
  
  filtering the intrusion alarm messages in the sequential group based on at least one of a confidence level associated with the intrusion alarm messages and a danger posed by an identified attack described in the intrusion alarm messages.
- View Dependent Claims (31, 32, 33, 34, 35)
- - 31. The method according to claim 30 wherein the filtering step includes eliminating duplicative intrusion alarm messages within the sequential group.
  - 32. The method according to claim 30 wherein the filtering step includes the step of establishing the confidence level based upon at least one of the following factors:
    - past experience with a particular type of the intrusion alarms, a number or percentage of false alarms generated from a particular intrusion alarm, a quantitative assessment of specific evaluative criteria used to generate the particular intrusion alarm, and a qualitative assessment of specific evaluative criteria used to generate the particular intrusion alarm.
  - 33. The method according to claim 30 wherein the filtering step includes the step of establishing the danger level of an attack based on at least one of the following factors:
    - a network address targeted by the attack, judgment of network operators on the attack, and historic occurrences of attacks and their disposition.
  - 34. The method according to claim 30 wherein the filtering step includes the step of estimating a likelihood of success of the present identified attack based on the success of previous attacks with similar characteristics to the present identified attack.
  - 35. The method according to claim 30 wherein the filtering step includes the step of estimating a financial severity of a successful attack on a victim if a likelihood of success of the attack exceeds a minimum threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hyperon Incorporated
Original Assignee
Hyperon Incorporated
Inventors
Molini, James, Seidenman, Nathan L., Moyer, Philip R.
Primary Examiner(s)
TRIEU, VAN THANH

Application Number

US09/648,018
Time in Patent Office

557 Days
Field of Search

340/505, 340/506, 340/531, 340/534, 340/539, 340/541, 340/502, 379/39, 379/45, 379/49, 379/33, 379/37, 713/201
US Class Current

340/506
CPC Class Codes

G08B 25/00   Alarm systems in which the ...

G08B 25/14   Central alarm receiver or a...

H04L 63/1416   Event detection, e.g. attac...

H04W 12/122   Counter-measures against at...

H04W 12/128   Anti-malware arrangements, ...

Method and system for interfacing an intrusion detection system to a central alarm system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for interfacing an intrusion detection system to a central alarm system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links