Prioritizing Bayes network alerts
This invention uses Bayesian techniques to prioritize alerts or alert groups generated by intrusion detection systems and other information security devices, such as network analyzers, network monitors, firewalls, antivirus software, authentication services, host and application security services, e...
Gespeichert in:
| Hauptverfasser: | , , |
|---|---|
| Format: | Patent |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | PORRAS PHILLIP ANDREW FONG MARTIN WAYNE VALDES ALFONSO DE JESUS |
| description | This invention uses Bayesian techniques to prioritize alerts or alert groups generated by intrusion detection systems and other information security devices, such as network analyzers, network monitors, firewalls, antivirus software, authentication services, host and application security services, etc. In a preferred embodiment, alerts are examined for the presence of one or more relevant features, such as the type of an attack, the target of an attack, the outcome of an attack, etc. At least a subset of the features is then provided to a real-time Bayes network, which assigns relevance scores to the received alerts or alert groups. In another embodiment, a network manager (a person) can disagree with the relevance score assigned by the Bayes network, and give an alert or alert group a different relevance score. The Bayes network is then modified so that similar future alerts or alert groups will be assigned a relevance score that more closely matches the score given by the network manager. |
| format | Patent |
| fullrecord | <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US7379993B2</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US7379993B2</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US7379993B23</originalsourceid><addsrcrecordid>eNrjZFAMKMrML8osyazKzEtXcEqsTC1WyEstKc8vylZIzEktKinmYWBNS8wpTuWF0twMCm6uIc4euqkF-fGpxQWJyalADfGhwebG5paWlsZORsZEKAEAaFsl6w</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>Prioritizing Bayes network alerts</title><source>esp@cenet</source><creator>PORRAS PHILLIP ANDREW ; FONG MARTIN WAYNE ; VALDES ALFONSO DE JESUS</creator><creatorcontrib>PORRAS PHILLIP ANDREW ; FONG MARTIN WAYNE ; VALDES ALFONSO DE JESUS</creatorcontrib><description>This invention uses Bayesian techniques to prioritize alerts or alert groups generated by intrusion detection systems and other information security devices, such as network analyzers, network monitors, firewalls, antivirus software, authentication services, host and application security services, etc. In a preferred embodiment, alerts are examined for the presence of one or more relevant features, such as the type of an attack, the target of an attack, the outcome of an attack, etc. At least a subset of the features is then provided to a real-time Bayes network, which assigns relevance scores to the received alerts or alert groups. In another embodiment, a network manager (a person) can disagree with the relevance score assigned by the Bayes network, and give an alert or alert group a different relevance score. The Bayes network is then modified so that similar future alerts or alert groups will be assigned a relevance score that more closely matches the score given by the network manager.</description><language>eng</language><subject>CALCULATING ; COMPUTING ; COUNTING ; ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRIC DIGITAL DATA PROCESSING ; ELECTRICITY ; PHYSICS ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2008</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20080527&DB=EPODOC&CC=US&NR=7379993B2$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,776,881,25542,76289</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20080527&DB=EPODOC&CC=US&NR=7379993B2$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>PORRAS PHILLIP ANDREW</creatorcontrib><creatorcontrib>FONG MARTIN WAYNE</creatorcontrib><creatorcontrib>VALDES ALFONSO DE JESUS</creatorcontrib><title>Prioritizing Bayes network alerts</title><description>This invention uses Bayesian techniques to prioritize alerts or alert groups generated by intrusion detection systems and other information security devices, such as network analyzers, network monitors, firewalls, antivirus software, authentication services, host and application security services, etc. In a preferred embodiment, alerts are examined for the presence of one or more relevant features, such as the type of an attack, the target of an attack, the outcome of an attack, etc. At least a subset of the features is then provided to a real-time Bayes network, which assigns relevance scores to the received alerts or alert groups. In another embodiment, a network manager (a person) can disagree with the relevance score assigned by the Bayes network, and give an alert or alert group a different relevance score. The Bayes network is then modified so that similar future alerts or alert groups will be assigned a relevance score that more closely matches the score given by the network manager.</description><subject>CALCULATING</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRIC DIGITAL DATA PROCESSING</subject><subject>ELECTRICITY</subject><subject>PHYSICS</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2008</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNrjZFAMKMrML8osyazKzEtXcEqsTC1WyEstKc8vylZIzEktKinmYWBNS8wpTuWF0twMCm6uIc4euqkF-fGpxQWJyalADfGhwebG5paWlsZORsZEKAEAaFsl6w</recordid><startdate>20080527</startdate><enddate>20080527</enddate><creator>PORRAS PHILLIP ANDREW</creator><creator>FONG MARTIN WAYNE</creator><creator>VALDES ALFONSO DE JESUS</creator><scope>EVB</scope></search><sort><creationdate>20080527</creationdate><title>Prioritizing Bayes network alerts</title><author>PORRAS PHILLIP ANDREW ; FONG MARTIN WAYNE ; VALDES ALFONSO DE JESUS</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US7379993B23</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2008</creationdate><topic>CALCULATING</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRIC DIGITAL DATA PROCESSING</topic><topic>ELECTRICITY</topic><topic>PHYSICS</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>PORRAS PHILLIP ANDREW</creatorcontrib><creatorcontrib>FONG MARTIN WAYNE</creatorcontrib><creatorcontrib>VALDES ALFONSO DE JESUS</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>PORRAS PHILLIP ANDREW</au><au>FONG MARTIN WAYNE</au><au>VALDES ALFONSO DE JESUS</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>Prioritizing Bayes network alerts</title><date>2008-05-27</date><risdate>2008</risdate><abstract>This invention uses Bayesian techniques to prioritize alerts or alert groups generated by intrusion detection systems and other information security devices, such as network analyzers, network monitors, firewalls, antivirus software, authentication services, host and application security services, etc. In a preferred embodiment, alerts are examined for the presence of one or more relevant features, such as the type of an attack, the target of an attack, the outcome of an attack, etc. At least a subset of the features is then provided to a real-time Bayes network, which assigns relevance scores to the received alerts or alert groups. In another embodiment, a network manager (a person) can disagree with the relevance score assigned by the Bayes network, and give an alert or alert group a different relevance score. The Bayes network is then modified so that similar future alerts or alert groups will be assigned a relevance score that more closely matches the score given by the network manager.</abstract><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | |
| ispartof | |
| issn | |
| language | eng |
| recordid | cdi_epo_espacenet_US7379993B2 |
| source | esp@cenet |
| subjects | CALCULATING COMPUTING COUNTING ELECTRIC COMMUNICATION TECHNIQUE ELECTRIC DIGITAL DATA PROCESSING ELECTRICITY PHYSICS TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION |
| title | Prioritizing Bayes network alerts |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-04T09%3A31%3A42IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=PORRAS%20PHILLIP%20ANDREW&rft.date=2008-05-27&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS7379993B2%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |