×

Network security monitoring system

  • US 7,483,972 B2
  • Filed: 05/21/2003
  • Issued: 01/27/2009
  • Est. Priority Date: 01/08/2003
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method of processing event messages, comprising:

  • defining a graph of nodes, including a plurality of leaf nodes, a plurality of non-leaf nodes;

    receiving a stream of event messages, each event message characterized by a plurality of event parameters;

    for each event message, identifying leaf nodes, if any, that correspond to the event message, and for each identified leaf node, storing in association with the identified leaf node a partial solution identifying the event message; and

    at predefined times, invoking each of a plurality of non-leaf nodes, wherein invoking a non-leaf node comprises evaluating an inter-event constraint associated with the non-leaf node utilizing the partial solutions stored for one or more nodes lower in the graph, and storing in association with the non-leaf node partial solutions representing sets of event messages meeting the evaluated constraint of the non-leaf node.

View all claims
  • 4 Assignments
Timeline View
Assignment View
    ×
    ×