×

Detection of network security breaches based on analysis of network record logs

  • US 7,325,002 B2
  • Filed: 04/04/2003
  • Issued: 01/29/2008
  • Est. Priority Date: 04/04/2003
  • Status: Active Grant
First Claim
Patent Images

1. A method, implemented in a first network device, of inspecting logs of security records in a computer network, the method comprising:

  • receiving security log records from a plurality of network security devices, at the first network device;

    processing the log records, including deriving keys to a table, wherein individual keys of the table are tagged with a time stamp;

    determining data values from information in the log records and adding a data value including a tag field to a list of data values associated with a key if the data value is not in the list of data values associated with the key, wherein the time stamp and the tag field differ and the tag field indicates that the key has been modified by the addition of the data value since a prior evaluation;

    retrieving entries of the table not having the tag field;

    retrieving entries of the table having the tag field;

    evaluating only those entries of the table having the tag field based on predetermined criteria to detect attempted security breaches; and

    resetting the tag field upon the evaluating to indicate that the key has been evaluated since a prior modification and updating the time stamp.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×