Method of analyzing network attack situation
First Claim
1. A method for analyzing network attack situations comprising:
- categorizing network intrusion detection alerts into predetermined attack situations;
counting the frequency of same-featured intrusion alert occurrence for each network attack situation using a counting algorithm which is time slot based; and
analyzing network attack situations based on the the frequency of same-featured intrusion detection alert occurrence, the rate of same-featured intrusion detection alert occurrence, or an AND/OR combination of them.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided is a method for analyzing a network attack situation. The method categorizes network intrusion detection alerts into network attack situations, counts the frequency of same-featured intrusion alert occurrence for each network attack situation using a counting algorithm based on time slots, and analyzes the network attack situation based on the frequency of same-featured intrusion detection alert occurrence, the rate of same-featured intrusion detection alert occurrence, or an AND/OR combination of them. The network attack situation can be correctly detected in real time without relatively being influenced by the size of the network or amount of the occurrence of the intrusion detection alerts.
36 Citations
6 Claims
-
1. A method for analyzing network attack situations comprising:
-
categorizing network intrusion detection alerts into predetermined attack situations;
counting the frequency of same-featured intrusion alert occurrence for each network attack situation using a counting algorithm which is time slot based; and
analyzing network attack situations based on the the frequency of same-featured intrusion detection alert occurrence, the rate of same-featured intrusion detection alert occurrence, or an AND/OR combination of them. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer readable recording medium in which a program for operating a method of analyzing network attack situations in a computer is recorded, the method comprising:
-
categorizing network intrusion detection alerts into predetermined network attack situations;
counting a frequency of same-featured intrusion detection alert occurrence for each network attack situation using a counting algorithm based on time slots; and
analyzing network attack situations based on the frequency of same-featured intrusion detection alert occurrence, the rate of same-featured intrusion detection alert occurrence, or an AND/OR combination of them.
-
Specification