Automatic selection of malicious activity detection rules using crowd-sourcing techniques

Assignee

• EMC IP Holding Company LLC · US

Inventors

• Zohar Duchin · Herzliya, IL
• Alon Kaufman · Herut, IL
• Oleg Freylafert · Hod HaSharon, IL
• Lior Asher · Nes Ziona, IL
• Alex Zaslavsky · Brookline, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1441
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Techniques of operating intrusion detection systems provide a recommendation of an intrusion detection rule to an administrator of an intrusion detection system based on the experience of another administrator that has used the rule in another intrusion detection system. For example, suppose that electronic circuitry receives a numerical rating from a first intrusion detection system that indicates whether an intrusion detection rule was effective in identifying malicious activity when used in the first intrusion detection system. Based on the received rating and attributes of the first intrusion detection system, the electronic circuitry generates a predicted numerical rating that indicates whether the intrusion detection rule is likely to be effective in identifying malicious communications when used in a second intrusion detection system. If the predicted numerical rating is sufficiently high, then the electronic circuitry transmits a message to the second intrusion detection system recommending the intrusion detection rule for use in the second intrusion detection system.