×

SDI-SCAM

DC CAFC
  • US 9,438,614 B2
  • Filed: 07/15/2013
  • Issued: 09/06/2016
  • Est. Priority Date: 10/23/2002
  • Status: Expired due to Term
First Claim
Patent Images

1. A distributed network security system that detects the state of a computer network having a plurality of nodes including identifying potential threats to the computer network, said system comprising:

  • at least two agents disposed in said computer network that collect data representative of operations of said computer network including respective nodes in said computer network, said data relating to communication, internal and external accesses, code execution functions, code analysis and/or network resource conditions of respective nodes in said computer network; and

    a server programmed to;

    compare data collected by said at least two agents to determine code analysis and/or activity models characterizing conditions within said computer network including behaviors, events and/or function of respective nodes of said computer network, said behaviors representative of normal states and one or more abnormal states representative of suspicious activity indicative of an attack or threat to said computer network,perform a pattern analysis in the collected data to identify patterns in the collected data representative of suspicious activities indicative of an attack or threat to said computer network and to develop code analysis and/or activity models from the collected data representative of activities of said computer networks in a normal state and activities of said computer networks in an abnormal state based on said identified patterns, wherein said pattern analysis involves comparing data collected by each said agent to the data collected by another agent to identify similar patterns of suspicious activities indicative of an attack or threat to different portions of the computer network, anddetermine during said pattern analysis if a probability threshold for detecting and classifying a threat is breached by said similar patterns of suspicious activities and, if so, send out an alert to other agents, a central server and/or human operator.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×