METHODS FOR FILTERING AND FOR QUALIFYING SECURITY EVENTS OF AN INTRUSION DETECTION SYSTEM
A method for filtering security events of an intrusion detection system of a computer system with a plurality of computing units connected for data communication. The intrusion detection system is configured to detect security events and to classify them according to a plurality of event types; wher...
Gespeichert in:
Hauptverfasser: | , , |
---|---|
Format: | Patent |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | A method for filtering security events of an intrusion detection system of a computer system with a plurality of computing units connected for data communication. The intrusion detection system is configured to detect security events and to classify them according to a plurality of event types; wherein a type-specific counter is initialized for each event type; and wherein, in response to a detection of a security event by the intrusion detection system, the type-specific counter corresponding to the detected security event is in each case incremented until a threshold value is reached, and the detected security event is discarded if the type-specific counter corresponding to the detected security event has reached the threshold value. |
---|