Intrusion event correlation system

Invention Grant

US08719943B2 Intrusion event correlation system 有权

Title translation: 入侵事件相关系统

Please log in to see more content

Patent Title: Intrusion event correlation system
Patent Title (中): 入侵事件相关系统
Application No.: US13466706

Application Date: 2012-05-08
Publication No.: US08719943B2

Publication Date: 2014-05-06
Inventor: Steven E Noel , Sushil Jajodia , Eric B Robertson
Applicant: Steven E Noel , Sushil Jajodia , Eric B Robertson
Applicant Address: US VA Fairfax
Assignee: George Mason Intellectual Properties, Inc.
Current Assignee: George Mason Intellectual Properties, Inc.
Current Assignee Address: US VA Fairfax
Agency: MDIP LLC
Main IPC: H04L29/06
IPC: H04L29/06

Abstract:

Disclosed is a system for correlating intrusion events using attack graph distances. The system includes an attack graph generator, an exploit distance calculator, an intrusion detector, an event report/exploit associator, an event graph creator, an event graph distance calculator, a correlation value calculator, and a coordinated attack analyzer. An attack graph is constructed for exploits and conditions in a network. The exploit distance calculator determines exploit distances for exploit pair(s). The intrusion detector generates event. Events are associated with exploits. Event graph distances are calculated. Correlation values are calculated for event pair(s) using event graph distances. The correlation values are analyzed using a correlation threshold to detect coordinated attacks.

Abstract(Chinese):

公开了一种使用攻击图距离来相关入侵事件的系统。该系统包括攻击图生成器，利用距离计算器，入侵检测器，事件报告/利用关联器，事件图形创建器，事件图距离计算器，相关值计算器和协调攻击分析器。为网络中的利用和条件构建攻击图。利用距离计算器确定漏洞利用距离。入侵检测器生成事件。事件与漏洞相关联。计算事件图距离。使用事件图距离计算事件对的相关值。使用相关阈值分析相关值以检测协调的攻击。

Public/Granted literature

US20120227108A1 Intrusion Event Correlation System Public/Granted day:2012-09-06

Information query

Espacenet