×

Intrusion detection using MDL compression

  • US 8,375,446 B2
  • Filed: 03/05/2009
  • Issued: 02/12/2013
  • Est. Priority Date: 10/29/2008
  • Status: Expired due to Fees
First Claim
Patent Images

1. An intrusion masquerade detection method, comprising:

  • a computer applying a compression algorithm to user data to build user grammars associated with a user;

    forming at least one model by storing the user grammars in a database;

    applying the compression algorithm to at least one target block to calculate an estimated algorithmic minimum sufficient statistic;

    searching a string of data from the at least one target block for phrases matching user grammars contained in the at least one model;

    sorting the user grammars so that longest phrases among the user grammars are applied first to an unclassified string;

    converting each matching phrase to a variable-length code value by replacing each matching phrase with a corresponding variable-length code value;

    attributing a cost for phrases that are not found in the at least one model by quantifying a cost of explicitly representing symbols associated with those phrases;

    determining a degree of fit between the at least one target block and the at least one model based on the cost; and

    detecting an intrusion masquerade based on the degree of fit.

View all claims
  • 6 Assignments
Timeline View
Assignment View
    ×
    ×