System and method for a distributed application of a network security system (SDI-SCAM)
First Claim
1. A system that detects the state of a computer network, comprising:
- a plurality of processing devices, each of said processing devices having a distributed agent adapted to;
passively collect, monitor, and aggregate data representative of states of respective nodes within said computer network,analyze collected data to develop models representative of states of said computer network in a normal state and said computer network in an abnormal state as a result of intrusions, infections, scams, code emulating code or humans, and/or other suspicious activities in said computer network,compare collected data to said state models to determine whether said computer network is in said normal state or said abnormal state at different times and to dynamically update said state models based on said collected data,perform a pattern analysis on the collected data to identify patterns in the collected data representative of suspicious activities and/or normal activities, andcompare the results of the pattern analysis of data collected by an agent to the results of pattern analysis of data collected by other agents to identify similar patterns of suspicious activity and/or normal activity in different portions of the computer network.
2 Assignments
0 Petitions
Accused Products
Abstract
A widely distributed security system (SDI-SCAM) that protects computers at individual client locations, but which constantly pools and analyzes information gathered from machines across a network in order to quickly detect patterns consistent with intrusion or attack, singular or coordinated. When a novel method of attack has been detected, the system distributes warnings and potential countermeasures to each individual machine on the network. Such a warning may potentially consist of a probability distribution of the likelihood of an intrusion or attack as well as the relative probabilistic likelihood that such potential intrusion possesses certain characteristics or typologies or even strategic objectives in order to best recommend and/or distribute to each machine the most befitting countermeasure(s) given all presently known particular data and associated predicted probabilistic information regarding the prospective intrusion or attack. If any systems are adversely affected, methods for repairing the damage are shared and redistributed throughout the network.
-
Citations
8 Claims
-
1. A system that detects the state of a computer network, comprising:
-
a plurality of processing devices, each of said processing devices having a distributed agent adapted to; passively collect, monitor, and aggregate data representative of states of respective nodes within said computer network, analyze collected data to develop models representative of states of said computer network in a normal state and said computer network in an abnormal state as a result of intrusions, infections, scams, code emulating code or humans, and/or other suspicious activities in said computer network, compare collected data to said state models to determine whether said computer network is in said normal state or said abnormal state at different times and to dynamically update said state models based on said collected data, perform a pattern analysis on the collected data to identify patterns in the collected data representative of suspicious activities and/or normal activities, and compare the results of the pattern analysis of data collected by an agent to the results of pattern analysis of data collected by other agents to identify similar patterns of suspicious activity and/or normal activity in different portions of the computer network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
Specification