Patent · US Active

Method and system for reducing the false alarm rate of network intrusion detection systems

US7886357B2 · kind B2 · utility

2Cited by

35References

12Claims

0Family size

Assignee

Cisco Technology, Inc. · US

Inventors

Craig Rowland · Monroe, US
Aaron Rhodes · Clyde, US

Key dates

Filing date	Mar 28, 2003
Grant date	Feb 8, 2011
Priority date	—
Expiry date	Sep 23, 2026

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/20
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

According to one embodiment of the invention, a method for reducing the false alarm rate of network intrusion detection systems includes receiving an alarm indicating a network intrusion may have occurred, identifying characteristics of the alarm, including at least an attack type and a target address, querying a target host associated with the target address for an operating system fingerprint, receiving the operating system fingerprint that includes the operating system type from the target host, comparing the attack type to the operating system type, and indicating whether the target host is vulnerable to the attack based on the comparison.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.