Method and system for responding to a computer intrusion

Assignee

• International Business Machines Corporation · US

Inventors

• Paul T. Baffes · Austin, US
• John Michael Garrison · Austin, US
• Michael Gilfix · Austin, US
• Allan Hsu · Centerville, US
• Tyron Jerrod Stading · Austin, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2101
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A method and system for managing an intrusion on a computer by graphically representing an intrusion pattern of a known past intrusion, and then comparing the intrusion pattern of the known intrusion with a current intrusion. The intrusion pattern may either be based on intrusion events, which are the effects of the intrusion or activities that provide a signature of the type of intrusion, or the intrusion pattern may be based on hardware topology that is affected by the intrusion. The intrusion pattern is graphically displayed with scripted responses, which in a preferred embodiment are presented in pop-up windows associated with each node in the intrusion pattern. Alternatively, the response to the intrusion may be automatic, based on a pre-determined percentage of common features in the intrusion pattern of the known past intrusion and the current intrusion.