Intelligent intrusion detection system utilizing enhanced graph-matching of network activity with context data
US7624448B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Mar 4, 2006 |
| Grant date | Nov 24, 2009 |
| Priority date | — |
| Expiry date | Dec 25, 2027 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1416
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method, system, and computer program product for utilizing a mapping of activity occurring at and between devices on a computer network to detect and prevent network intrusions. An enhanced graph matching intrusion detection system (eGMIDS) is provided that provides data collection functions, data fusion techniques, graph matching algorithms, and secondary and other search mechanisms. Threats are modeled as a set of entities and interrelations between the entities and sample threat patterns are stored within a database. The eGMIDS utility initiates a graph matching algorithm by which the threat patterns are compared within the generated activity graph via subgraph isomorphism. A multi-layered approach including a targeted secondary layer search following a match during a primary layer search is provided. Searches are tempered by attributes and constraints and the eGMIDS reduces the number of threat patterns searched by utilizing ontological generalization.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.