Method of analyzing network attack situation

US 20050138425A1
Filed: 09/10/2004
Published: 06/23/2005
Est. Priority Date: 12/18/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method for analyzing network attack situations comprising:

categorizing network intrusion detection alerts into predetermined attack situations;

counting the frequency of same-featured intrusion alert occurrence for each network attack situation using a counting algorithm which is time slot based; and

analyzing network attack situations based on the the frequency of same-featured intrusion detection alert occurrence, the rate of same-featured intrusion detection alert occurrence, or an AND/OR combination of them.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a method for analyzing a network attack situation. The method categorizes network intrusion detection alerts into network attack situations, counts the frequency of same-featured intrusion alert occurrence for each network attack situation using a counting algorithm based on time slots, and analyzes the network attack situation based on the frequency of same-featured intrusion detection alert occurrence, the rate of same-featured intrusion detection alert occurrence, or an AND/OR combination of them. The network attack situation can be correctly detected in real time without relatively being influenced by the size of the network or amount of the occurrence of the intrusion detection alerts.

36 Citations

View as Search Results

6 Claims

1. A method for analyzing network attack situations comprising:
- categorizing network intrusion detection alerts into predetermined attack situations;
  
  counting the frequency of same-featured intrusion alert occurrence for each network attack situation using a counting algorithm which is time slot based; and
  
  analyzing network attack situations based on the the frequency of same-featured intrusion detection alert occurrence, the rate of same-featured intrusion detection alert occurrence, or an AND/OR combination of them.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein categorizing includes categorizing the network intrusion detection alerts based on attack name, source IP address, target IP address, and target service information into each network attack situation.
  - 3. The method of claim 1, wherein counting comprises:
    - preparing a number of buckets equal to the dividing the analysis time interval by time slot units;
      
      sequentially recording the frequency of occurrence of the network attack situations occurring at each time slot in the bucket; and
      
      summing the frequency of occurrence recorded in the bucket.
  - 4. The method of claim 3, wherein the recording includes recording the frequency of occurrence from the start of the bucket after recording the frequency of occurrence at the end of the buckets which are arranged consecutively.
  - 5. The method of claim 1, wherein analyzing includes analyzing and categorizing the network attack situations into the three stages of warning, declaration, and confirmation.

6. A computer readable recording medium in which a program for operating a method of analyzing network attack situations in a computer is recorded, the method comprising:
- categorizing network intrusion detection alerts into predetermined network attack situations;
  
  counting a frequency of same-featured intrusion detection alert occurrence for each network attack situation using a counting algorithm based on time slots; and
  
  analyzing network attack situations based on the frequency of same-featured intrusion detection alert occurrence, the rate of same-featured intrusion detection alert occurrence, or an AND/OR combination of them.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Electronics and Telecommunications Research Institute
Original Assignee
Electronics and Telecommunications Research Institute
Inventors
Kim, Jin oh, Chang, Beom Hwan, Sohn, Sung Won, Na, Jung Chan, Lee, Soo Hyung, Kim, Dongyoung, Park, Chee Hang

Application Number

US10/938,113
Publication Number

US 20050138425A1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/1408 by monitoring network traff...

H04L 63/1441 Countermeasures against mal...

Method of analyzing network attack situation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

36 Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

Method of analyzing network attack situation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links