×

Intelligent intrusion detection system utilizing enhanced graph-matching of network activity with context data

  • US 7,624,448 B2
  • Filed: 03/04/2006
  • Issued: 11/24/2009
  • Est. Priority Date: 03/04/2006
  • Status: Active Grant
First Claim
Patent Images

1. In a network computer environment comprising an intrusion detection system (IDS) server communicatively connected to one or more host devices, a method comprising:

  • receiving from at least one of the one or more host devices activity data corresponding to the specific host device and operations and activity occurring on the host device and among two or more host devices;

    converting the received activity data into a specialized format, which supports data fusion;

    generating a graphical representation of the activity within and communication amongst the one or more host devices and the IDS server, said graphical representation being an activity graph comprising a series of interconnected nodes and edges each representing one or more of the host devices and the activities occurring at the host device and communications between host devices;

    comparing one or more pre-determined threat patterns against said activity graph, wherein said threat patterns represent activities of interest;

    providing an alert when at least one of the one or more pre-determined threat patterns matches up to connected nodes and edges within the activity graph;

    generating a pattern library comprising threat patterns representing known activities of interest and newly discovered threat patterns that represent potential threats to the network; and

    dynamically performing subgraph isomorphism utilizing one or more of the threat patterns within the activity graph to identify suspicious activity within the activity graph, wherein distributed and coordinated attacks perpetrated by attackers are detected.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×