Method and system for dynamic network intrusion monitoring, detection and response

  • US 7,159,237 B2
  • Filed: 01/19/2001
  • Issued: 01/02/2007
  • Est. Priority Date: 03/16/2000
  • Status: Active Grant
First Claim
Patent Images

1. A method of operating a probe as part of a security monitoring system for a computer network, comprising:

  • a) collecting status data from at least one monitored component of said network;

    b) analyzing status data to identify potentially security-related events represented in the status data, wherein the analysis includes filtering followed by an analysis of post-filtering residue, wherein the post-filtering residue is data neither discarded nor selected by filtering;

    c) transmitting information about said identified events to an analyst associated with said security monitoring system;

    d) receiving feedback at the probe based on empirically-derived information reflecting operation of said security monitoring system; and

    e) dynamically modifying an analysis capability of said probe during operation thereof based on said received feedback.

View all claims

    Thank you for your feedback