METHOD OF OPERATING AN INTRUSION DETECTION SYSTEM

发明申请

US20080077989A1 METHOD OF OPERATING AN INTRUSION DETECTION SYSTEM 有权

标题翻译：操作入侵检测系统的方法

请登陆查看更多内容

专利标题： METHOD OF OPERATING AN INTRUSION DETECTION SYSTEM
专利标题（中）： 操作入侵检测系统的方法
申请号： US11841214

申请日： 2007-08-20
公开(公告)号： US20080077989A1

公开(公告)日： 2008-03-27
发明人: Jeffrey Bardsley , Ashley Brock , Nathaniel Kim , Charles Lingafelt
申请人： Jeffrey Bardsley , Ashley Brock , Nathaniel Kim , Charles Lingafelt
主分类号： G06F21/00
IPC分类号： G06F21/00

摘要：

A method of operating an intrusion detection system. The system determines occurrence of a signature event indicative of a denial of service intrusion on a protected device. A value of a signature event counter is increased. The value of the signature event counter is adjusted to not include a count of signature events past a sliding window. The value of the signature event counter is determined to exceed a signature threshold quantity, followed by generation of an alert at a time subsequently recorded in a log. The log is cleared of entries past a permissible age. A present alert generation rate is determined as a ratio of the total number of timestamps in the log to the permissible age. The present alert generation rate is ascertained to exceed an alert generation rate threshold. A selected element of the signature set is altered to decrease the alert generation rate.

摘要（中）：

一种操作入侵检测系统的方法。该系统确定在被保护设备上指示拒绝服务入侵的签名事件的发生。签名事件计数器的值增加。签名事件计数器的值被调整为不包括通过滑动窗口的签名事件的计数。签名事件计数器的值被确定为超过签名阈值量，随后在随后记录在日志中的时间生成警报。日志清除超过许可年龄的条目。当前的警报生成速率被确定为日志中的时间戳的总数与允许的年龄之间的比率。确定当前警报生成速率超过警报生成速率阈值。更改签名集的选定元素以降低警报生成速率。

公开/授权文献

US07730537B2 Method of operating an intrusion detection system 公开/授权日：2010-06-01

信息查询

Global Dossier Espacenet

IPC分类:

G	物理
G06	计算；推算或计数
G06F	电数字数据处理（基于特定计算模型的计算机系统入G06N）
G06F21/00	防止未授权行为的保护计算机、其部件、程序或数据的安全装置