Intrusion detection using MDL clustering

Assignee

• Lockheed Martin Corporation · US

Inventors

• Eric Steinbrecher · Windsor, US
• Jeremy Impson · Vestal, US
• Bruce Gordon Barnett · Troy, US
• Scott Charles Evans · Burnt Hills, US
• Bernhard Scholz · Ballston Lake, US
• Weizhong Yan · Clifton Park, US
• Thomas Stephen Markham · Schenectady, US
• Stephen J. Dill · Frederick, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1408
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

An intrusion detection method, system and computer-readable media are disclosed. The system can include a processor programmed to perform computer network intrusion detection. The intrusion detection can include an identification module and a detection module. The identification module can be adapted to perform semi-supervised machine learning to identify key components of a network attack and develop MDL models representing those attack components. The detection module can cluster the MDL models and use the clustered MDL models to classify network activity and detect polymorphic or zero-day attacks.