×

Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems

  • US 7,784,097 B1
  • Filed: 11/24/2004
  • Issued: 08/24/2010
  • Est. Priority Date: 11/24/2004
  • Status: Active Grant
First Claim
Patent Images

1. A method of responding to a threat to a threatened computer, comprising:

  • detecting a first intrusion attempt;

    storing information related to the first intrusion attempt in a one-way data structure that is used to hide information about the first intrusion attempt, wherein the one-way data structure is a bloom filter, the storing comprising;

    forming a hash of the information relating to the first intrusion attempt using at least one of the SHA-1 and the MD-5 hashing algorithms;

    using the hash as an index to the bloom filter; and

    setting corresponding bits in the bloom filter based on the index;

    detecting a second intrusion attempt;

    determining at the threatened computer whether the first intrusion attempt correlates with the second intrusion attempt, the determining comprising checking the one-way data structure to determine whether stored information related to the first intrusion attempt correlates with the second intrusion attempt;

    automatically initiating at least one safety process at the threatened computer if the first intrusion attempt is determined to correlate with the second intrusion attempt;

    indicating to a collaborating computer via a computer network that a threat is present at the threatened computer if the first intrusion attempt is determined to correlate with the second intrusion attempt; and

    automatically initiating, before the collaborating computer has been subjected to the threat, at least one safety process at the collaborating computer based at least in part on the indication that the threat is present at the threatened computer.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×