×

Adaptive behavioral intrusion detection systems and methods

  • US 8,448,247 B2
  • Filed: 04/23/2012
  • Issued: 05/21/2013
  • Est. Priority Date: 03/29/2002
  • Status: Expired due to Term
First Claim
Patent Images

1. A method, comprising:

  • performing, using one or more computer systems;

    identifying normal behavior in a network based, at least in part, upon network traffic sampled over a period of time;

    receiving packets transmitted through the network;

    selecting a portion of the received packets that does not display the normal behavior based, at least in part, upon a comparison between the received packets and the normal behavior;

    rating the selected packets, at least in part, according to their deviations from the normal behavior;

    generating an alert in response to one or more of the selected packets having a rating that meets a threshold value, the alert having a strength assigned thereto, the strength associated with the alert'"'"'s abnormality;

    receiving a human-assigned score associated with the alert, the score being reflective of a prediction accuracy;

    combining the strength and the score associated with the alert into a strength-score value; and

    determining whether to escalate the alert as a function of the strength-score value.

View all claims
  • 13 Assignments
Timeline View
Assignment View
    ×
    ×