System, method, and program product for managing an intrusion detection system
First Claim
1. A method of managing an intrusion event log on an intrusion event detection system of a computer system comprising:
- a. providing a list of known benign intrusion events by;
b. performing a vulnerability test on an element of said computer system for said known benign intrusion event at a predetermined time interval from a previous test or previous intrusion event of said known benign intrusion event; and
c. increasing the predetermined time interval to said next text.
3 Assignments
0 Petitions
Accused Products
Abstract
An intrusion event detection system, method, and program product with an enumeration of specific known benign intrusion events, and performing a vulnerability test on specific elements of the computer system for the particular known benign intrusion event. These vulnerability tests are performed at predetermined time intervals measured from a previous test or previous intrusion event of the known benign intrusion event. The predetermined time interval is increased based on various attributes, passage of time since the last intrusion event of either the specific known benign intrusion event or another known benign intrusion event, or even a an undetermined or harmful intrusion event, or the present detection of an intrusion even; or the vulnerability of a specific element in the computer system to a specific intrusion event.
-
Citations
14 Claims
-
1. A method of managing an intrusion event log on an intrusion event detection system of a computer system comprising:
-
a. providing a list of known benign intrusion events by; b. performing a vulnerability test on an element of said computer system for said known benign intrusion event at a predetermined time interval from a previous test or previous intrusion event of said known benign intrusion event; and c. increasing the predetermined time interval to said next text. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A program product to control a computer to:
-
a. detect an intrusion event; b. compare the detected intrusion event to a list of known benign intrusion events; c. issue an intrusion event notification if the detected intrusion event is not on the list of known benign intrusion events; d. else make an entry on the list of known benign intrusion events if the intrusion event is on said list of known benign intrusion events; and further adapted to manage the list of known benign intrusion events by; a. performing a vulnerability test on an element of said computer system for said known benign intrusion event at a predetermined time interval from a previous test or previous intrusion event of said known benign intrusion event; and b. increasing the predetermined time interval to said next event. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification