Adaptive security network, sensor node and method for detecting anomalous events in a security network
First Claim
1. A sensor node configured for detecting anomalous events in a security network, the sensor node comprising:
- at least one sensor coupled for acquiring sensor data pertaining to the security network;
a storage medium coupled for storing;
a plurality of event signatures corresponding to previously identified anomalous events, wherein the previously identified anomalous events comprise threat-events and non-threat events;
a set of event property filters specified for each of the stored event signatures, wherein each set of event property filters defines a plurality of parameters that the sensor data must meet in order to detect an anomalous event in the sensor data, and wherein the set of event property filters comprise a minimum threshold value filter, a minimum time filter, and an event count filter; and
a set of program instructions, which uses the plurality of event signatures and the sets of event property filters for detecting an anomalous event within the sensor data and, once the anomalous event is detected, the set of program instructions are configured for classifying the detected event as a threat-event, a non-threat event, or an unidentified event; and
a processor coupled for executing the set of program instructions to detect and classify the anomalous event.
3 Assignments
0 Petitions
Accused Products
Abstract
An adaptive security network, sensor node and methods for detecting and responding to anomalous events in a security network are provided herein. In general, the adaptive security network comprises a plurality of sensor nodes interconnected to form a communication network, wherein each sensor node is configured for detecting an anomalous event occurring within a vicinity of the sensor node and for identifying the detected anomalous event as a specific threat-event, a specific non-threat event or an unidentified event. In addition, the adaptive security network comprises a central processing and control system coupled to the plurality of sensor nodes for receiving an event notification message from at least one of the sensor nodes indicating an identity of an anomalous event detected by the at least one sensor node. Upon receiving the event notification message, the central processing and control system is configured for confirming the identity of the anomalous event provided by the at least one sensor node and for responding to the anomalous event once the identity is confirmed.
150 Citations
27 Claims
-
1. A sensor node configured for detecting anomalous events in a security network, the sensor node comprising:
-
at least one sensor coupled for acquiring sensor data pertaining to the security network; a storage medium coupled for storing; a plurality of event signatures corresponding to previously identified anomalous events, wherein the previously identified anomalous events comprise threat-events and non-threat events; a set of event property filters specified for each of the stored event signatures, wherein each set of event property filters defines a plurality of parameters that the sensor data must meet in order to detect an anomalous event in the sensor data, and wherein the set of event property filters comprise a minimum threshold value filter, a minimum time filter, and an event count filter; and a set of program instructions, which uses the plurality of event signatures and the sets of event property filters for detecting an anomalous event within the sensor data and, once the anomalous event is detected, the set of program instructions are configured for classifying the detected event as a threat-event, a non-threat event, or an unidentified event; and a processor coupled for executing the set of program instructions to detect and classify the anomalous event. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for detecting anomalous events at a sensor node arranged within a security network comprising a plurality of sensor nodes controlled by a central processing and control system, the method performed at the sensor node comprising:
-
acquiring sensor data pertaining to the security network; detecting an anomalous event within the sensor data by; comparing the sensor data to event signatures stored within the sensor node, wherein the event signatures correspond to previously identified anomalous events, including threat events and non-threat events, and wherein if the sensor data substantially matches one or more of the stored event signatures, the method further comprises; applying a set of event property filters corresponding to the one or more matching event signatures to the sensor data, wherein the set of event property filters specify parameters that must be met in order to detect an anomalous event within the sensor data, and wherein the set of event property filters comprise a minimum threshold value filter, a minimum time filter, and an event count filter; and detecting an anomalous event only if the sensor data satisfies the parameters within the set of event property filters; and classifying the detected anomalous event as a threat-event or a non-threat event, wherein the classifying step identifies the threat-event or the non-threat event corresponding to the one or more matching event signatures. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A security network, comprising:
-
a plurality of sensor nodes interconnected to form a communication network, wherein each sensor node is configured for detecting an anomalous event occurring within a vicinity of the sensor node and for identifying the detected anomalous event as a specific threat-event, a specific non-threat event or an unidentified event; and a central processing and control system coupled to the plurality of sensor nodes for receiving an event notification message from at least one of the sensor nodes indicating an identity of an anomalous event detected by the at least one sensor node, wherein upon receiving the event notification message, the central processing and control system is configured for confirming the identity of the anomalous event provided by the at least one sensor node by applying a set of event property filters to the event notification message and for responding to the anomalous event once confirmation is made, wherein the set of event property filters comprise a minimum threshold value filter, a minimum time filter, and an event count filter. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27)
-
Specification