×

Intrusion event filtering

  • US 7,222,366 B2
  • Filed: 01/28/2002
  • Issued: 05/22/2007
  • Est. Priority Date: 01/28/2002
  • Status: Active Grant
First Claim
Patent Images

1. A method of improving intrusion detection in a computing network, comprising steps of:

  • defining a plurality of intrusion suspicion levels for use when performing intrusion detection processing on inbound communications destined for a computing device on the computing network;

    for each of a plurality of potential intrusion events, defining a set of at least one condition wherein the set describes occurrence of the potential intrusion event;

    associating one of the defined intrusion suspicion levels with each of the sets, wherein the associated intrusion suspicion level indicates how suspicious is an inbound communication matching each condition in the set;

    defining a plurality of sensitivity levels for filtering the inbound communications as potential intrusion events when performing the intrusion detection processing, each of the defined sensitivity levels usable for a different level of filtering of the inbound communications; and

    performing the intrusion detection processing for a particular inbound communication received for the computing device, further comprising steps of;

    determining whether each condition in any of the sets is matched for the particular inbound communication; and

    if so, filtering the particular inbound communication by using a currently-applicable one of the defined sensitivity levels, in concert with the intrusion suspicion level associated with the set for which each condition is matched, to determine if the particular inbound communication should be treated as an intrusion event.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×