Invention Grant
- Patent Title: Method of operating an intrusion detection system
- Patent Title (中): 操作入侵检测系统的方法
-
Application No.: US11841214Application Date: 2007-08-20
-
Publication No.: US07730537B2Publication Date: 2010-06-01
- Inventor: Jeffrey Scott Bardsley , Ashley Anderson Brock , Nathaniel Wook Kim , Charles Steven Lingafelt
- Applicant: Jeffrey Scott Bardsley , Ashley Anderson Brock , Nathaniel Wook Kim , Charles Steven Lingafelt
- Applicant Address: US NY Armonk
- Assignee: International Business Machines Corporation
- Current Assignee: International Business Machines Corporation
- Current Assignee Address: US NY Armonk
- Agency: Schmeiser, Olsen & Watts
- Agent David R. Irvin; Anna L. Linne
- Main IPC: G06F21/00
- IPC: G06F21/00 ; G06F7/04 ; G06F15/173 ; G06F11/00
Abstract:
A method of operating an intrusion detection system. The system determines occurrence of a signature event indicative of a denial of service intrusion on a protected device. A value of a signature event counter is increased. The value of the signature event counter is adjusted to not include a count of signature events past a sliding window. The value of the signature event counter is determined to exceed a signature threshold quantity, followed by generation of an alert at a time subsequently recorded in a log. The log is cleared of entries past a permissible age. A present alert generation rate is determined as a ratio of the total number of timestamps in the log to the permissible age. The present alert generation rate is ascertained to exceed an alert generation rate threshold. A selected element of the signature set is altered to decrease the alert generation rate.
Public/Granted literature
- US20080077989A1 METHOD OF OPERATING AN INTRUSION DETECTION SYSTEM Public/Granted day:2008-03-27
Information query
