Patent · US Expired

Hierarchical correlation of intrusion detection events

US7039953B2 · kind B2 · utility

57Cited by

9References

27Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Steven Charles Black · Round Rock, US
Herve Debar · Louvigny, FR
John Michael Garrison · Austin, US
Andreas Wespi · Niederhasli, CH

Key dates

Filing date	Aug 30, 2001
Grant date	May 2, 2006
Priority date	—
Expiry date	Dec 17, 2023

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/55
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A method, computer program product, and apparatus for presenting data about security-related events that puts the data into a concise form is disclosed. Events are abstracted into a set data-type. Sets with common elements are grouped together, and summaries of the groups—“situations” are established from groups whose severity exceeds a threshold value. These groups and situations are then propagated up a hierarchical arrangement of systems and further aggregated so as to provide summary information over a larger group of systems. This hierarchical scheme allows for scalability of the event correlation process across larger networks of systems.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.