×

System and method for intruder tracking using advanced correlation in a network security system

  • US 7,352,280 B1
  • Filed: 09/01/2005
  • Issued: 04/01/2008
  • Est. Priority Date: 09/01/2005
  • Status: Active Grant
First Claim
Patent Images

1. A method for correlating event information, comprising:

  • receiving event information for a plurality of detected events wherein;

    the event information for a particular detected event comprises a plurality of attributes associated with the particular detected event; and

    the particular detected event is associated with at least one data packet in an enterprise network;

    assigning a plurality of attribute values to each detected event, the attribute values of each detected event defining a point in n-dimensional space;

    storing the event information for each detected event in accordance with the attribute values assigned to that detected event;

    receiving a target event comprising a plurality of attributes wherein;

    the target event is associated with at least one data packet that threatens the enterprise network;

    the attributes of the target event are associated with attribute values; and

    the attribute values of the target event define a target point in n-dimensional space;

    receiving a plurality of proximity limits that define a portion of n-dimensional space surrounding the target point; and

    identifying a plurality of detected events wherein the points defined by the attribute values of the identified detected events are within the portion of n-dimensional space defined by the proximity limits.

View all claims
  • 11 Assignments
Timeline View
Assignment View
    ×
    ×