System and method for assessing whether a communication contains an attack
First Claim
1. A method for assessing whether a communication contains an attack, the method comprising:
- computing, at an attack detection device, a first probability that the communication contains an attack and a first confidence in the first probability in response to conducting a first counter-measure assessment on the communication;
computing a second probability that the communication contains an attack and a second confidence in the second probability in response to conducting a second countermeasure assessment on the communication; and
producing a third probability that the communication contains an attack and a third confidence in the third probability based on the first probability, the first confidence, the second probability, the second confidence, and hierarchical parameters aggregated from locations remote from the attack detection device, wherein the locations utilize an attack detection system of a common vendor, wherein the producing the third probability comprises computing the third probability from a weighted combination of the first and second probabilities, the weighted combination comprising using weights determined by reference to at least two characteristics of the communication to a database of historical attack characteristics.
11 Assignments
0 Petitions
Accused Products
Abstract
Communications can be processed with multiple countermeasures to identify attacks. Each countermeasure can compute a probability of a communication containing an attack and an accompanying confidence score indicating confidence in the probability. Combining the probabilities can produce a composite probability and associated confidence of the communication containing an attack. The composite probability and confidence scores can be produced from a weighted combination of the individual countermeasure probabilities and confidence scores. Weighting factors can be generated or obtained from a database that stores profiles of confirmed attacks.
30 Citations
15 Claims
-
1. A method for assessing whether a communication contains an attack, the method comprising:
-
computing, at an attack detection device, a first probability that the communication contains an attack and a first confidence in the first probability in response to conducting a first counter-measure assessment on the communication; computing a second probability that the communication contains an attack and a second confidence in the second probability in response to conducting a second countermeasure assessment on the communication; and producing a third probability that the communication contains an attack and a third confidence in the third probability based on the first probability, the first confidence, the second probability, the second confidence, and hierarchical parameters aggregated from locations remote from the attack detection device, wherein the locations utilize an attack detection system of a common vendor, wherein the producing the third probability comprises computing the third probability from a weighted combination of the first and second probabilities, the weighted combination comprising using weights determined by reference to at least two characteristics of the communication to a database of historical attack characteristics. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable medium including code for performing a method, the method comprising:
-
computing a first probability that a communication contains an attack and a first confidence in the first probability in response to conducting a first counter-measure assessment on the communication; computing a second probability that the communication contains an attack and a second confidence in the second probability in response to conducting a second countermeasure assessment on the communication; and producing a third probability that the communication contains an attack and a third confidence in the third probability based on the first probability, the first confidence, the second probability, the second confidence, and hierarchical parameters aggregated from locations remote from the attack detection device, wherein the locations utilize an attack detection system of a common vendor, wherein the producing the third probability comprises computing the third probability from a weighted combination of the first and second probabilities, the weighted combination comprising using weights determined by reference to at least two characteristics of the communication to a database of historical attack characteristics. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. An attack detection device comprising:
-
a memory for storing machine-executable code; and a processor operable to; conduct a first counter-measure assessment on a communication; compute a first probability that the communication contains an attack and a first confidence in the first probability in response to the first counter-measure assessment; conduct a second counter-measure assessment on a communication; compute a second probability that the communication contains an attack and a second confidence in the second probability in response to the second countermeasure assessment; and produce a third probability that the communication contains an attack and a third confidence in the third probability based on the first probability, the first confidence, the second probability, the second confidence, and hierarchical parameters aggregated from locations remote from the attack detection device, wherein the locations utilize an attack detection system of a common vendor, wherein in producing the third probability, the processor is further operable to compute the third probability from a weighted combination of the first and second probabilities, the weighted combination comprising using weights determined by reference to at least two characteristics of the communication to a database of historical attack characteristics. - View Dependent Claims (15)
-
Specification