System and method for detecting network intrusion
First Claim
1. A system for detecting network intrusion, comprising:
- a packet capturer for capturing at least one packet on a network;
a preprocessor for providing feature values dependent on features of each said at least one packet captured by the packet capturer; and
a learning engine for classifying patterns, dependent on the feature values provided by the preprocessor, into two different pattern sets, and for selecting one pattern set having more elements from the pattern sets as a reference set so as to detect network intrusion.
1 Assignment
0 Petitions
Accused Products
Abstract
In a system and method for detecting network intrusion, the system comprises: a packet capturer which captures at least one packet on a network; a preprocessor which provides feature values dependent on features of each packet captured by the packet capturer; and a learning engine for classifying patterns dependent on the feature values provided by the preprocessor into two different pattern sets, and for selecting one pattern set having more elements from the pattern sets as a reference set so as to detect network intrusion. The network intrusion detection system and method do not depend on historical data according to known attack patterns, and thus not only detect a changed attack pattern but also efficiently detect network intrusion.
47 Citations
17 Claims
-
1. A system for detecting network intrusion, comprising:
-
a packet capturer for capturing at least one packet on a network; a preprocessor for providing feature values dependent on features of each said at least one packet captured by the packet capturer; and a learning engine for classifying patterns, dependent on the feature values provided by the preprocessor, into two different pattern sets, and for selecting one pattern set having more elements from the pattern sets as a reference set so as to detect network intrusion. - View Dependent Claims (2, 3)
-
-
4. A system for detecting network intrusion, comprising:
-
a learning unit for classifying patterns dependent on at least one packet feature value on a network into two different pattern sets using a support vector machine (SVM) technique, for adjusting a position of a hyperplane classifying the pattern sets, and for generating a reference profile according to one reference set; and a detection unit for comparing a packet feature value on the network with the reference profile so as to detect network intrusion. - View Dependent Claims (5, 6, 7, 8)
-
-
9. A method for detecting network intrusion, comprising the steps of:
-
capturing at least one packet on a network; deriving feature values dependent on features of each said at least one captured on the network packet; classifying the patterns dependent on the feature values into two different pattern sets; selecting a pattern set having more elements from the two different pattern sets as a reference set so as to generate a reference profile; and comparing a feature value of a packet with the reference profile so as to detect network intrusion. - View Dependent Claims (10, 11, 12)
-
-
13. A method for detecting network intrusion, comprising the steps of:
-
classifying patterns dependent on at least one packet feature value on a network into two different pattern sets using a support vector machine (SVM) technique; adjusting a position of a hyperplane classifying the two different pattern sets so as to select one reference set; generating a reference profile dependent on patterns of said one reference set; and comparing a feature value of a packet with the reference profile so as to detect network intrusion. - View Dependent Claims (14, 15, 16, 17)
-
Specification