Patent · US Active

Monitoring operational activities in networks and detecting potential network intrusions and misuses

US9401924B2 · kind B2 · utility

10Cited by

2References

18Claims

0Family size

Assignee

AT&T Intellectual Property I, L.P. · US

Inventors

Zihui Ge · Madison, US
Jie Chu · Los Altos, US
Richard Huber · Weehawken, US
Ping Ji · Nanjing, CN
Jennifer Yates · Madison, US
Yung-Chao Yu · Manalapan, US

Key dates

Filing date	Dec 20, 2012
Grant date	Jul 26, 2016
Priority date	—
Expiry date	Aug 2, 2033

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1425
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Concepts and technologies disclosed herein are for monitoring operational activities in networks and detecting potential network intrusions and misuses. According to one aspect disclosed herein, an intrusion detection system can collect logs from an authentication, authorization, and accounting system. The intrusion detection system can extract information from the logs, update intrusion detection information utilized by an intrusion detection rule based upon the information extracted from the logs, update a profile utilized by the intrusion detection rule, compare the profile and the intrusion detection rule against a running state of an on-going session, tag corresponding log entries with a threat score, calculate the threat scores from the corresponding log entries to create an aggregated threat score, and present the aggregated threat score. The intrusion detection system can also present an alarm if the aggregated threat score triggers an alarm condition.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.