Invention Grant
US09565208B2 System and method for detecting network intrusions using layered host scoring
有权
使用分层主机评分来检测网络入侵的系统和方法
- Patent Title: System and method for detecting network intrusions using layered host scoring
- Patent Title (中): 使用分层主机评分来检测网络入侵的系统和方法
-
Application No.: US14644166Application Date: 2015-03-10
-
Publication No.: US09565208B2Publication Date: 2017-02-07
- Inventor: Oskar Ibatullin , Ryan James Prenger , Nicolas Beauchesne , Karl Matthew Lynn , Oliver Kourosh Tavakoli
- Applicant: VECTRA NETWORKS, INC.
- Applicant Address: US CA San Jose
- Assignee: Vectra Networks, Inc.
- Current Assignee: Vectra Networks, Inc.
- Current Assignee Address: US CA San Jose
- Agency: Vista IP Law Group, LLP
- Main IPC: G06F12/14
- IPC: G06F12/14 ; H04L29/06
Abstract:
Approaches for detecting network intrusions, such as malware infection, Trojans, worms, or bot net mining activities includes: identifying one or more threat detections in session datasets, the session datasets corresponding to network traffic from a plurality of hosts; determining a layered detection score, the layered detection score corresponding to a certainty score and threat score; determining a layered host score, the layered host score corresponding to a certainty score and threat score; and generating alarm data comprising the layered detection score and the layered host score. In some embodiments, the network traffic may be received passively through a network switch; for example, by “tapping” the switch. Other additional objects, features, and advantages of the invention are described in the detailed description, figures and claims.
Public/Granted literature
- US20150264061A1 SYSTEM AND METHOD FOR DETECTING NETWORK INTRUSIONS USING LAYERED HOST SCORING Public/Granted day:2015-09-17
Information query
