×

Detection of network security breaches based on analysis of network record logs

  • US 9,413,777 B2
  • Filed: 09/14/2012
  • Issued: 08/09/2016
  • Est. Priority Date: 04/04/2003
  • Status: Expired due to Term
First Claim
Patent Images

1. A system comprising:

  • a device, including a memory, to;

    obtain information relating to one or more network events;

    determine, using the information relating to the one or more network events, an evaluation strategy associated with detecting one or more attempted security breaches;

    identify, using the evaluation strategy, a plurality of different tests;

    generate using the evaluation strategy;

    a first value for a first test of the plurality of different tests, anda second value for a second test of the plurality of different tests;

    update, using the first value, a first table that is associated with the first test;

    update, using the second value, a second table that is associated with the second test,the second table being different than the first table;

    perform the first test, based on an evaluation of the updated first table, to determine whether a first security breach has been attempted,when performing the first test, the device is to compare one or more first values, associated with an entry in the updated first table, to first criteria to determine whether the first security breach has been attempted,the entry in the updated first table being associated with the first value,the one or more first values including information identifying one or more first ports associated with the device,each first value, of the one or more first values, being a unique port number and being tagged to expire after a first duration of time,the first criteria relating to a first quantity of ports, andthe first security breach being attempted when a quantity, of the one or more first ports identified by the one or more first values, exceeds the first quantity of ports; and

    perform the second test, based on an evaluation of the updated second table, to determine whether a second security breach has been attempted,when performing the second test, the device is to compare one or more second values, associated with an entry in the updated second table, to second criteria to determine whether the second security breach has been attempted,the entry in the updated second table being associated with the second value,the one or more second values including information identifying one or more second ports associated with the device,each second value, of the one or more second values, being a unique port number and being tagged to expire after a second duration of time,the second criteria relating to a second quantity of ports, andthe second security breach being attempted when a quantity, of the one or more second ports identified by the one or more second values, exceeds the second quantity of ports.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×