METHODS FOR FILTERING AND FOR QUALIFYING SECURITY EVENTS OF AN INTRUSION DETECTION SYSTEM

A method for filtering security events of an intrusion detection system of a computer system with a plurality of computing units connected for data communication. The intrusion detection system is configured to detect security events and to classify them according to a plurality of event types; wher...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Kneib, Marcel, Kant, Jens, Peters, Jeremy
Format: Patent
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A method for filtering security events of an intrusion detection system of a computer system with a plurality of computing units connected for data communication. The intrusion detection system is configured to detect security events and to classify them according to a plurality of event types; wherein a type-specific counter is initialized for each event type; and wherein, in response to a detection of a security event by the intrusion detection system, the type-specific counter corresponding to the detected security event is in each case incremented until a threshold value is reached, and the detected security event is discarded if the type-specific counter corresponding to the detected security event has reached the threshold value.