Method and system for reducing the volume of audit data and normalizing the audit data received from heterogeneous sources
US6134664A · kind A · utility
Assignee
Inventor
Key dates
| Filing date | Jul 6, 1998 |
| Grant date | Oct 17, 2000 |
| Priority date | — |
| Expiry date | Jul 6, 2018 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F11/3476
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method of reducing the volume of native audit data from further analysis by a misuse and intrusion detection engine is disclosed. Typically, more than ninety percent of the volume of audit information received from heterogeneous operating systems does not need to be analyzed by a misuse and intrusion detection engine because this audit information can be filtered out as not posing a security threat. Advantageously, by reducing (eliminating) the volume of audit information, a misuse and intrusion engine can more quickly determine whether a security threat exists because the volume of data that the engine must consider is drastically reduced. Also, advantageously, the audit information that is forwarded to the engine is normalized to a standard format, thereby reducing the computational requirements of the engine. The method of reducing the volume of native audit data includes comparing each of the native audits against at least one template and against at least one native audit. By matching the native audits against templates of native audits that do not pose security threats, the native audits that do not pose security threats can be reduced out from further consideration. The na…
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.