公开(公告)号：US20080229417A1

公开(公告)日：2008-09-18

申请号：US12110846

申请日：2008-04-28

申请人： Denise Marie Genty ,  Shawn Patrick Mullen ,  Bhargavi Bheemreddy Reddy ,  Jacqueline Hegedus Wilson

发明人： Denise Marie Genty ,  Shawn Patrick Mullen ,  Bhargavi Bheemreddy Reddy ,  Jacqueline Hegedus Wilson

IPC分类号： G06F12/14 ,  G06N5/02 ,  G06N5/04

CPC分类号： G06N5/04 ,  G06N3/02

摘要： A computer implemented method, data processing system, and computer program product for monitoring system events and providing real-time response to security threats. System data is collected by monitors in the computing system. The expert system of the present invention compares the data against information in a knowledge base to identify a security threat to a system resource in a form of a system event and an action for mitigating effects of the system event. A determination is made as to whether a threat risk value of the system event is greater than an action risk value of the action for mitigating the system event. If the threat risk value is greater, a determination is made as to whether a trust value set by a user is greater than the action risk value. If the trust value is greater, the expert system executes the action against the security threat.

摘要翻译： 计算机实现的方法，数据处理系统和计算机程序产品，用于监控系统事件并提供对安全威胁的实时响应。 系统数据由计算系统中的监视器收集。 本发明的专家系统将数据与知识库中的信息进行比较，以系统事件的形式识别对系统资源的安全威胁以及减轻系统事件影响的动作。 确定系统事件的威胁风险值是否大于用于减轻系统事件的动作的动作风险值。 如果威胁风险值较大，则确定用户设置的信任值是否大于动作风险值。 如果信任值较大，专家系统将针对安全威胁执行操作。

公开(公告)号：US07577623B2

公开(公告)日：2009-08-18

申请号：US12110846

申请日：2008-04-28

申请人： Denise Marie Genty ,  Shawn Patrick Mullen ,  Bhargavi Bheemreddy Reddy ,  Jacqueline Hegedus Wilson

发明人： Denise Marie Genty ,  Shawn Patrick Mullen ,  Bhargavi Bheemreddy Reddy ,  Jacqueline Hegedus Wilson

IPC分类号： G06N5/02 ,  G06F11/00

CPC分类号： G06N5/04 ,  G06N3/02

摘要： A computer implemented method, data processing system, and computer program product for monitoring system events and providing real-time response to security threats. System data is collected by monitors in the computing system. The expert system of the present invention compares the data against information in a knowledge base to identify a security threat to a system resource in a form of a system event and an action for mitigating effects of the system event. A determination is made as to whether a threat risk value of the system event is greater than an action risk value of the action for mitigating the system event. If the threat risk value is greater, a determination is made as to whether a trust value set by a user is greater than the action risk value. If the trust value is greater, the expert system executes the action against the security threat.

摘要翻译： 计算机实现的方法，数据处理系统和计算机程序产品，用于监控系统事件并提供对安全威胁的实时响应。 系统数据由计算系统中的监视器收集。 本发明的专家系统将数据与知识库中的信息进行比较，以系统事件的形式识别对系统资源的安全威胁以及减轻系统事件影响的动作。 确定系统事件的威胁风险值是否大于用于减轻系统事件的动作的动作风险值。 如果威胁风险值较大，则确定用户设置的信任值是否大于动作风险值。 如果信任值较大，专家系统将针对安全威胁执行操作。

公开(公告)号：US07461036B2

公开(公告)日：2008-12-02

申请号：US11334671

申请日：2006-01-18

申请人： Denise Marie Genty ,  Shawn Patrick Mullen ,  Bhargavi Bheemreddy Reddy ,  Jacqueline Hegedus Wilson

发明人： Denise Marie Genty ,  Shawn Patrick Mullen ,  Bhargavi Bheemreddy Reddy ,  Jacqueline Hegedus Wilson

IPC分类号： G06N5/02 ,  G06F11/00

CPC分类号： G06N5/04 ,  G06N3/02

摘要： A computer implemented method for monitoring system events and providing real-time response to security threats. System data is collected by monitors in the computing system. The expert system of the present invention compares the data against information in a knowledge base to identify a security threat to a system resource in a form of a system event and an action for mitigating effects of the system event. A determination is made as to whether a threat risk value of the system event is greater than an action risk value of the action for mitigating the system event. If the threat risk value is greater, a determination is made as to whether a trust value set by a user is greater than the action risk value. If the trust value is greater, the expert system executes the action against the security threat.

摘要翻译： 一种用于监控系统事件并提供对安全威胁的实时响应的计算机实现的方法。 系统数据由计算系统中的监视器收集。 本发明的专家系统将数据与知识库中的信息进行比较，以系统事件的形式识别对系统资源的安全威胁以及减轻系统事件影响的动作。 确定系统事件的威胁风险值是否大于用于减轻系统事件的动作的动作风险值。 如果威胁风险值较大，则确定用户设置的信任值是否大于动作风险值。 如果信任值较大，专家系统将针对安全威胁执行操作。