×

Intrusion detection system

  • US 20040025044A1
  • Filed: 07/30/2002
  • Published: 02/05/2004
  • Est. Priority Date: 07/30/2002
  • Status: Active Grant
First Claim
Patent Images

1. An intrusion detection system (IDS) comprising:

  • a traffic sniffer for extracting network packets from passing network traffic;

    a traffic parser configured to extract individual data from defined packet fields of said network packets;

    a traffic logger configured to store individual packet fields of said network packets in a database;

    a vector builder configured to generate multi-dimensional vectors from selected features of said stored packet fields;

    at least one self-organizing clustering module configured to process said multi-dimensional vectors to produce a self-organized map of clusters;

    an anomaly detector able to detect anomalous correlations between individual ones of said clusters in said self-organized map based upon at least one configurable correlation metric; and

    , a classifier configured to classify detected anomalous correlations as one of an alarm and normal behavior.

View all claims
  • 8 Assignments
Timeline View
Assignment View
    ×
    ×