Patent · US Active

Threat scoring system and method for intrusion detection security networks

US7594270B2 · kind B2 · utility

98Cited by

0References

26Claims

0Family size

Assignee

ALERT LOGIC, INC. · US

Inventors

Christopher A. Church · Houston, US
Mikhail Govshteyn · Houston, US
Christopher D. Baker · Pearland, US
Christopher D. Holm · Houston, US

Key dates

Filing date	Dec 29, 2005
Grant date	Sep 22, 2009
Priority date	—
Expiry date	Nov 14, 2027

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/554
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Embodiments of the invention provide a security expert system (SES) that automates intrusion detection analysis and threat discovery that can use fuzzy logic and forward-chaining inference engines to approximate human reasoning process. Embodiments of the SES can analyze incoming security events and generate a threat rating that indicates the likelihood of an event or a series of events being a threat. In one embodiment, the threat rating is determined based on an attacker rating, a target rating, a valid rating, and, optionally, a negative rating. In one embodiment, the threat rating may be affected by a validation flag. The SES can analyze the criticality of assets and calibrate/recalibrate the severity of an attack accordingly to allow for triage. The asset criticality can have a user-defined value. This ability allows the SES to protect and defend critical network resources in a discriminating and selective manner if necessary (e.g., many attacks).

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.