Intrusion detection system

Assignee

• International Business Machines Corporation · US

Inventors

• Gideon Zenz · Kassel, DE
• Volker Vogeley · Witzenhausen, DE
• Dirk Harz · Kassel, DE
• Mark Usher · Kassel, DE
• Astrid Granacher · Kassel, DE

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L51/18
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method for classification of suspicious activities is provided. In the method, a first intrusion detection system comprising a normal operation mode and which is connected to a second intrusion detection system by a first communications connection is implemented. In response to detecting a malfunction of the first communications connection, the first intrusion detection system is switched from the normal operation mode to a limited operation mode for receiving first data from one or more honeypot systems and second data from the second intrusion detection system. A prediction model for representing malicious attacks is generated by execution of a predefined classification algorithm with respect to the received data, wherein the predefined classification algorithm further determine a model evaluation metric with respect to the prediction model. The prediction model is deployed to detect the malicious attacks if the model evaluation metric meets a predefined validation condition.