Packet sampling flow-based detection of network intrusions
US7512980B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | May 26, 2005 |
| Grant date | Mar 31, 2009 |
| Priority date | — |
| Expiry date | Jul 10, 2026 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1441
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A flow-based intrusion detection system for detecting intrusions in computer communication networks. Data packets representing communications between hosts in a computer-to-computer communication network are processed and assigned to various client/server flows. Statistics are collected for each flow. Then, the flow statistics are analyzed to determine if the flow appears to be legitimate traffic or possible suspicious activity. A concern index value is assigned to each flow that appears suspicious. By assigning a value to each flow that appears suspicious and adding that value to the total concern index of the responsible host, it is possible to identify hosts that are engaged in intrusion activity. When the concern index value of a host exceeds a preset alarm value, an alert is issued and appropriate action can be taken.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.