Patent · US Expired

Methods for cost-sensitive modeling for intrusion detection and response

US7818797B1 · kind B1 · utility

99Cited by

11References

35Claims

0Family size

Assignee

The Trustees of Columbia University in the City of New York · US

Inventors

Wei Fan · Nanhu, CN
Wenke Lee · Atlanta, US
Matthew L. Miller · Houston, US
Salvatore J. Stolfo · Ridgewood, US

Key dates

Filing date	Oct 11, 2002
Grant date	Oct 19, 2010
Priority date	—
Expiry date	Jun 5, 2025

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/55
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A method of detecting an intrusion in the operation of a computer system based on a plurality of events. A rule set is determined for a training set of data comprising a set of features having associated costs. For each of a plurality of events, the set of features is computed and a class is predicted for the features with a rule of the rule set. For each event predicted as an intrusion, a response cost and a damage cost are determined, wherein the damage cost is determined based on such factors as the technique of the intrusion, the criticality of the component of the computer system subject to the intrusion, and a measure of progress of the intrusion. If the damage cost is greater than or equal to the response cost, a response to the event.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.