专利内容由知识产权出版社提供
专利名称:INTRUSION DETECTION SYSTEM发明人:DAY, CHRISTOPHER, W.申请号:US0323877申请日:20030730
公开号:WO2004012063A3公开日:20040408
摘要:An intrusion detection system (IDS). An IDS which has been configured inaccordance with the present invention can include a traffic sniffer for extracting networkpackets from passing network traffic; a traffic parser configured to extract individual datafrom defined packet fields of the network packets; and, a traffic logger configured tostore individual packet fields of the network packets in a database. A vector builder canbe configured to generate multi-dimensional vectors from selected features of thestored packet fields. Notably, at least one self-organizing clustering module can beconfigured to process the multi-dimensional vectors to produce a self-organized map ofclusters. Subsequently, an anomaly detector can detect anomalous correlations betweenindividual ones of the clusters in the self-organized map based upon at least oneconfigurable correlation metric. Finally, a classifier can classify detected anomalouscorrelations as one of an alarm and normal behavior.
申请人:ASGARD HOLDING, LLC
更多信息请下载全文后查看