Synthesis of anomalous data to create artificial feature sets and use of same in computer network intrusion detection systems
US8527776B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 10, 2004 |
| Grant date | Sep 3, 2013 |
| Priority date | — |
| Expiry date | Feb 16, 2030 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/2101
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Detecting harmful or illegal intrusions into a computer network or into restricted portions of a computer network uses a process of synthesizing anomalous data to be used in training a neural network-based model for use in a computer network intrusion detection system. Anomalous data for artificially creating a set of features reflecting anomalous behavior for a particular activity is performed. This is done in conjunction with the creation of normal-behavior feature values. A distribution of users of normal feature values and an expected distribution of users of anomalous feature values are then defined in the form of histograms. The anomalous-feature histogram is then sampled to produce anomalous-behavior feature values. These values are then used to train a model having a neural network training algorithm where the model is used in the computer network intrusion detection system. The model is trained such that it can efficiently recognize anomalous behavior by users in a dynamic computing environment where user behavior can change frequently.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.