Intrusion detection system
US6405318B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Mar 12, 1999 |
| Grant date | Jun 11, 2002 |
| Priority date | — |
| Expiry date | Mar 12, 2019 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/552
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A computer-implemented intrusion detection system and method that monitors a computer system in real-time for activity indicative of attempted or actual access by unauthorized persons or computers. The system detects unauthorized users attempting to enter into a computer system by comparing user behavior to a user profile, detects events that indicate an unauthorized entry into the computer system, notifies a control function about the unauthorized users and events that indicate unauthorized entry into the computer system and has a control function that automatically takes action in response to the event. The user profiles are dynamically constructed for each computer user when the computer user first attempts to log into the computer system and upon subsequent logins, the user's profile is dynamically updated. By comparing user behavior to the dynamically built user profile, false alarms are reduced. The system also includes a log auditing function, a port scan detector and a session monitor function.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.