Method and system for reducing the false alarm rate of network intrusion detection systems
US7805762B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Oct 15, 2003 |
| Grant date | Sep 28, 2010 |
| Priority date | — |
| Expiry date | May 8, 2027 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L61/5014
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
According to one embodiment of the invention, a computerized method for reducing the false alarm rate of network intrusion detection systems includes receiving, from a network intrusion detection sensor, one or more data packets associated with an alarm indicative of a potential attack on a target host and identifying characteristics of the alarm from the data packets. The characteristics include at least an attack type and an operating system fingerprint of the target host. The method further includes identifying the operating system type from the operating system fingerprint, comparing the attack type to the operating system type, and indicating whether the target host is vulnerable to the attack based on the comparison.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.