Method and apparatus for providing a policy-driven intrusion detection system
US6789202B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Oct 15, 1999 |
| Grant date | Sep 7, 2004 |
| Priority date | — |
| Expiry date | Oct 15, 2019 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/0227
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
One embodiment of the present invention provides a providing policy-driven intrusion detection system for a networked computer system. This system operates by receiving a global policy for intrusion detection for the networked computer system. This global policy specifies rules in the form of a global security condition for the networked computer system and a global response to be performed in response to the global security condition. The system compiles the global policy into local policies for local regions of the networked computer system. Each local policy specifies at least one rule in the form of a local security condition for an associated local region of the networked computer system and a local response to be performed in response to the local security condition. The system communicates the local policies to local analyzers that control security for the local regions. A local analyzer compiles a local policy into specifiers for local sensors in a local region associated with the local analyzer. These specifiers are communicated to the local computer systems in the local region. This allows local computer systems to implement the local sensors.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.