WO2003084181A1 - Method and system for reducing the false alarm rate of network intrusion detection systems - Google Patents
Method and system for reducing the false alarm rate of network intrusion detection systems Download PDFInfo
- Publication number
- WO2003084181A1 WO2003084181A1 PCT/US2003/009665 US0309665W WO03084181A1 WO 2003084181 A1 WO2003084181 A1 WO 2003084181A1 US 0309665 W US0309665 W US 0309665W WO 03084181 A1 WO03084181 A1 WO 03084181A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- operating system
- target host
- system fingerprint
- storage location
- fingerprint
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 238000001514 detection method Methods 0.000 title claims abstract description 21
- 238000012544 monitoring process Methods 0.000 claims description 9
- 238000010926 purge Methods 0.000 claims 8
- 230000008901 benefit Effects 0.000 description 7
- 230000007246 mechanism Effects 0.000 description 7
- 230000000694 effects Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000003068 static effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000008571 general function Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012038 vulnerability analysis Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
Description
Claims
Priority Applications (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA2479504A CA2479504C (en) | 2002-03-29 | 2003-03-28 | Method and system for reducing the false alarm rate of network intrusion detection systems |
DE60334368T DE60334368D1 (en) | 2002-03-29 | 2003-03-28 | METHOD AND SYSTEM FOR REDUCING FALSE ALARM RATE OF NETWORK IMPORTER DETECTION SYSTEMS |
EP03716896A EP1491019B1 (en) | 2002-03-29 | 2003-03-28 | Method and system for reducing the false alarm rate of network intrusion detection systems |
CN038073196A CN1643876B (en) | 2002-03-29 | 2003-03-28 | Method and system for reducing the false alarm rate of network intrusion detection systems |
AU2003220582A AU2003220582A1 (en) | 2002-03-29 | 2003-03-28 | Method and system for reducing the false alarm rate of network intrusion detection systems |
AT03716896T ATE483310T1 (en) | 2002-03-29 | 2003-03-28 | METHOD AND SYSTEM FOR REDUCING THE FALSE ALARM RATE OF NETWORK INTRUSION DETECTION SYSTEMS |
AU2008229835A AU2008229835B2 (en) | 2002-03-29 | 2008-10-09 | Method and system for reducing the false alarm rate of network intrusion detection systems |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US31915902P | 2002-03-29 | 2002-03-29 | |
US60/319,159 | 2002-03-29 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2003084181A1 true WO2003084181A1 (en) | 2003-10-09 |
Family
ID=28675210
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2003/009665 WO2003084181A1 (en) | 2002-03-29 | 2003-03-28 | Method and system for reducing the false alarm rate of network intrusion detection systems |
Country Status (8)
Country | Link |
---|---|
US (1) | US7886357B2 (en) |
EP (1) | EP1491019B1 (en) |
CN (1) | CN1643876B (en) |
AT (1) | ATE483310T1 (en) |
AU (2) | AU2003220582A1 (en) |
CA (1) | CA2479504C (en) |
DE (1) | DE60334368D1 (en) |
WO (1) | WO2003084181A1 (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005041141A2 (en) * | 2003-10-15 | 2005-05-06 | Cisco Technology, Inc. | Method and system for reducing the false alarm rate of network intrusion detection systems |
US7073198B1 (en) * | 1999-08-26 | 2006-07-04 | Ncircle Network Security, Inc. | Method and system for detecting a vulnerability in a network |
US7162742B1 (en) | 2000-01-10 | 2007-01-09 | Ncircle Network Security, Inc. | Interoperability of vulnerability and intrusion detection systems |
US7181769B1 (en) | 2000-08-25 | 2007-02-20 | Ncircle Network Security, Inc. | Network security system having a device profiler communicatively coupled to a traffic monitor |
CN100435513C (en) * | 2005-06-30 | 2008-11-19 | 杭州华三通信技术有限公司 | Method of linking network equipment and invading detection system |
US7506374B2 (en) * | 2001-10-31 | 2009-03-17 | Computer Associates Think, Inc. | Memory scanning system and method |
EP1504323B1 (en) * | 2002-05-14 | 2009-12-16 | Cisco Technology, Inc. | Method and system for analyzing and addressing alarms from network intrustion detection systems |
US7886357B2 (en) | 2002-03-29 | 2011-02-08 | Cisco Technology, Inc. | Method and system for reducing the false alarm rate of network intrusion detection systems |
CN104038372A (en) * | 2014-05-30 | 2014-09-10 | 国家电网公司 | Power wide area network (WAN) flow monitoring method |
Families Citing this family (34)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7730175B1 (en) | 2003-05-12 | 2010-06-01 | Sourcefire, Inc. | Systems and methods for identifying the services of a network |
DE60321972D1 (en) * | 2003-08-11 | 2008-08-14 | Telecom Italia Spa | METHOD AND SYSTEM FOR DETECTING UNAUTHORIZED USE OF A COMMUNICATION NETWORK |
CN1886935B (en) * | 2003-11-28 | 2014-05-14 | 迈克菲爱尔兰控股有限公司 | Method and system for collecting information relating to communication network and operation system of operation on communication network node |
US20070297349A1 (en) * | 2003-11-28 | 2007-12-27 | Ofir Arkin | Method and System for Collecting Information Relating to a Communication Network |
US7895448B1 (en) * | 2004-02-18 | 2011-02-22 | Symantec Corporation | Risk profiling |
US20050229250A1 (en) * | 2004-02-26 | 2005-10-13 | Ring Sandra E | Methodology, system, computer readable medium, and product providing a security software suite for handling operating system exploitations |
FR2868227B1 (en) * | 2004-03-26 | 2006-05-26 | Radiotelephone Sfr | METHOD FOR SUPERVISING THE SECURITY OF A NETWORK |
US7904960B2 (en) | 2004-04-27 | 2011-03-08 | Cisco Technology, Inc. | Source/destination operating system type-based IDS virtualization |
US7539681B2 (en) | 2004-07-26 | 2009-05-26 | Sourcefire, Inc. | Methods and systems for multi-pattern searching |
CN100386993C (en) * | 2005-09-05 | 2008-05-07 | 北京启明星辰信息技术有限公司 | Network invading event risk evaluating method and system |
US8046833B2 (en) * | 2005-11-14 | 2011-10-25 | Sourcefire, Inc. | Intrusion event correlation with network discovery information |
US7733803B2 (en) * | 2005-11-14 | 2010-06-08 | Sourcefire, Inc. | Systems and methods for modifying network map attributes |
US7948988B2 (en) | 2006-07-27 | 2011-05-24 | Sourcefire, Inc. | Device, system and method for analysis of fragments in a fragment train |
US7701945B2 (en) * | 2006-08-10 | 2010-04-20 | Sourcefire, Inc. | Device, system and method for analysis of segments in a transmission control protocol (TCP) session |
US8458308B1 (en) * | 2006-08-23 | 2013-06-04 | Infoblox Inc. | Operating system fingerprinting |
US8069352B2 (en) * | 2007-02-28 | 2011-11-29 | Sourcefire, Inc. | Device, system and method for timestamp analysis of segments in a transmission control protocol (TCP) session |
CA2685292C (en) | 2007-04-30 | 2013-09-24 | Sourcefire, Inc. | Real-time user awareness for a computer network |
US8839460B2 (en) * | 2008-03-07 | 2014-09-16 | Qualcomm Incorporated | Method for securely communicating information about the location of a compromised computing device |
US8850568B2 (en) | 2008-03-07 | 2014-09-30 | Qualcomm Incorporated | Method and apparatus for detecting unauthorized access to a computing device and securely communicating information about such unauthorized access |
US8474043B2 (en) | 2008-04-17 | 2013-06-25 | Sourcefire, Inc. | Speed and memory optimization of intrusion detection system (IDS) and intrusion prevention system (IPS) rule processing |
WO2010045089A1 (en) | 2008-10-08 | 2010-04-22 | Sourcefire, Inc. | Target-based smb and dce/rpc processing for an intrusion detection system or intrusion prevention system |
JP5809238B2 (en) | 2010-04-16 | 2015-11-10 | シスコ テクノロジー,インコーポレイテッド | System and method for near real-time network attack detection, and system and method for integrated detection by detection routing |
US8433790B2 (en) | 2010-06-11 | 2013-04-30 | Sourcefire, Inc. | System and method for assigning network blocks to sensors |
US8671182B2 (en) | 2010-06-22 | 2014-03-11 | Sourcefire, Inc. | System and method for resolving operating system or service identity conflicts |
EP2589198B1 (en) * | 2010-07-01 | 2019-07-24 | Onapsis S.R.L. | Automated security assessment of business-critical systems and applications |
US8499173B2 (en) * | 2010-11-23 | 2013-07-30 | Lockheed Martin Corporation | Apparatus and method for protection of circuit boards from tampering |
US8601034B2 (en) | 2011-03-11 | 2013-12-03 | Sourcefire, Inc. | System and method for real time data awareness |
US9055090B2 (en) * | 2012-06-12 | 2015-06-09 | Verizon Patent And Licensing Inc. | Network based device security and controls |
US9680855B2 (en) | 2014-06-30 | 2017-06-13 | Neo Prime, LLC | Probabilistic model for cyber risk forecasting |
US9710364B2 (en) | 2015-09-04 | 2017-07-18 | Micron Technology Licensing, Llc | Method of detecting false test alarms using test step failure analysis |
US10999307B2 (en) * | 2016-05-19 | 2021-05-04 | Infinite Group, Inc. | Network assessment systems and methods thereof |
CN107506443A (en) * | 2017-08-25 | 2017-12-22 | 国网辽宁省电力有限公司 | A kind of cross-platform intelligent data transmission method |
CN111565203B (en) * | 2020-07-16 | 2020-10-23 | 腾讯科技(深圳)有限公司 | Method, device and system for protecting service request and computer equipment |
CN112019538B (en) * | 2020-08-26 | 2023-05-26 | 国网山东省电力公司滨州供电公司 | Remote intelligent alarm system and method for safety equipment and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0985995A1 (en) * | 1998-09-09 | 2000-03-15 | International Business Machines Corporation | Method and apparatus for intrusion detection in computers and computer networks |
WO2001084270A2 (en) * | 2000-04-28 | 2001-11-08 | Internet Security Systems, Inc. | Method and system for intrusion detection in a computer network |
WO2002019077A2 (en) * | 2000-09-01 | 2002-03-07 | Sri International, Inc. | Probabilistic alert correlation |
Family Cites Families (45)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0742662B1 (en) * | 1995-05-08 | 2002-09-18 | Koninklijke KPN N.V. | Protocol conversion arrangement and method |
US5991881A (en) * | 1996-11-08 | 1999-11-23 | Harris Corporation | Network surveillance system |
US5919257A (en) * | 1997-08-08 | 1999-07-06 | Novell, Inc. | Networked workstation intrusion detection system |
US5961644A (en) * | 1997-09-19 | 1999-10-05 | International Business Machines Corporation | Method and apparatus for testing the integrity of computer security alarm systems |
US6148407A (en) * | 1997-09-30 | 2000-11-14 | Intel Corporation | Method and apparatus for producing computer platform fingerprints |
US6070244A (en) * | 1997-11-10 | 2000-05-30 | The Chase Manhattan Bank | Computer network security management system |
US6279113B1 (en) * | 1998-03-16 | 2001-08-21 | Internet Tools, Inc. | Dynamic signature inspection-based network intrusion detection |
US6408391B1 (en) | 1998-05-06 | 2002-06-18 | Prc Inc. | Dynamic system defense for information warfare |
US6275942B1 (en) * | 1998-05-20 | 2001-08-14 | Network Associates, Inc. | System, method and computer program product for automatic response to computer system misuse using active response modules |
US6182223B1 (en) * | 1998-06-10 | 2001-01-30 | International Business Machines Corporation | Method and apparatus for preventing unauthorized access to computer-stored information |
US6282546B1 (en) * | 1998-06-30 | 2001-08-28 | Cisco Technology, Inc. | System and method for real-time insertion of data into a multi-dimensional database for network intrusion detection and vulnerability assessment |
US6134664A (en) * | 1998-07-06 | 2000-10-17 | Prc Inc. | Method and system for reducing the volume of audit data and normalizing the audit data received from heterogeneous sources |
US6460141B1 (en) * | 1998-10-28 | 2002-10-01 | Rsa Security Inc. | Security and access management system for web-enabled and non-web-enabled applications and content on a computer network |
US6564216B2 (en) * | 1998-10-29 | 2003-05-13 | Nortel Networks Limited | Server manager |
US6301668B1 (en) * | 1998-12-29 | 2001-10-09 | Cisco Technology, Inc. | Method and system for adaptive network security using network vulnerability assessment |
US6415321B1 (en) * | 1998-12-29 | 2002-07-02 | Cisco Technology, Inc. | Domain mapping method and system |
US6477651B1 (en) * | 1999-01-08 | 2002-11-05 | Cisco Technology, Inc. | Intrusion detection system and method having dynamically loaded signatures |
US6839850B1 (en) * | 1999-03-04 | 2005-01-04 | Prc, Inc. | Method and system for detecting intrusion into and misuse of a data processing system |
US6725377B1 (en) * | 1999-03-12 | 2004-04-20 | Networks Associates Technology, Inc. | Method and system for updating anti-intrusion software |
US6405318B1 (en) | 1999-03-12 | 2002-06-11 | Psionic Software, Inc. | Intrusion detection system |
WO2000070464A1 (en) | 1999-05-14 | 2000-11-23 | L-3 Communications Corporation | Object oriented security analysis tool |
US7073198B1 (en) * | 1999-08-26 | 2006-07-04 | Ncircle Network Security, Inc. | Method and system for detecting a vulnerability in a network |
US6647400B1 (en) * | 1999-08-30 | 2003-11-11 | Symantec Corporation | System and method for analyzing filesystems to detect intrusions |
US6990591B1 (en) * | 1999-11-18 | 2006-01-24 | Secureworks, Inc. | Method and system for remotely configuring and monitoring a communication device |
US6957348B1 (en) * | 2000-01-10 | 2005-10-18 | Ncircle Network Security, Inc. | Interoperability of vulnerability and intrusion detection systems |
CN1310393A (en) * | 2000-02-24 | 2001-08-29 | 英业达股份有限公司 | Computer viral infection preventing method |
US7159237B2 (en) * | 2000-03-16 | 2007-01-02 | Counterpane Internet Security, Inc. | Method and system for dynamic network intrusion monitoring, detection and response |
US7162649B1 (en) * | 2000-06-30 | 2007-01-09 | Internet Security Systems, Inc. | Method and apparatus for network assessment and authentication |
WO2002069194A1 (en) * | 2000-10-23 | 2002-09-06 | Xacct Technologies, Ltd. | Data collection system and method for reducing latency |
EP1381928B1 (en) * | 2001-01-10 | 2008-12-31 | Cisco Technology, Inc. | Computer security and management system |
US20030056116A1 (en) * | 2001-05-18 | 2003-03-20 | Bunker Nelson Waldo | Reporter |
US7237264B1 (en) * | 2001-06-04 | 2007-06-26 | Internet Security Systems, Inc. | System and method for preventing network misuse |
US6513122B1 (en) * | 2001-06-29 | 2003-01-28 | Networks Associates Technology, Inc. | Secure gateway for analyzing textual content to identify a harmful impact on computer systems with known vulnerabilities |
US7197762B2 (en) * | 2001-10-31 | 2007-03-27 | Hewlett-Packard Development Company, L.P. | Method, computer readable medium, and node for a three-layered intrusion prevention system for detecting network exploits |
US7444679B2 (en) * | 2001-10-31 | 2008-10-28 | Hewlett-Packard Development Company, L.P. | Network, method and computer readable medium for distributing security updates to select nodes on a network |
US6714513B1 (en) * | 2001-12-21 | 2004-03-30 | Networks Associates Technology, Inc. | Enterprise network analyzer agent system and method |
US7152105B2 (en) * | 2002-01-15 | 2006-12-19 | Mcafee, Inc. | System and method for network vulnerability detection and reporting |
US6941467B2 (en) * | 2002-03-08 | 2005-09-06 | Ciphertrust, Inc. | Systems and methods for adaptive message interrogation through multiple queues |
CN1643876B (en) | 2002-03-29 | 2010-09-29 | 思科技术公司 | Method and system for reducing the false alarm rate of network intrusion detection systems |
US20030196123A1 (en) * | 2002-03-29 | 2003-10-16 | Rowland Craig H. | Method and system for analyzing and addressing alarms from network intrusion detection systems |
EP1504323B8 (en) | 2002-05-14 | 2010-05-19 | Cisco Technology, Inc. | Method and system for analyzing and addressing alarms from network intrusion detection systems |
KR100456635B1 (en) * | 2002-11-14 | 2004-11-10 | 한국전자통신연구원 | Method and system for defensing distributed denial of service |
US7904960B2 (en) | 2004-04-27 | 2011-03-08 | Cisco Technology, Inc. | Source/destination operating system type-based IDS virtualization |
NO20050564D0 (en) | 2005-02-02 | 2005-02-02 | Tore Lysemose Hansen | Program monitor to identify unauthorized intrusion into computer systems |
WO2007122495A2 (en) | 2006-04-21 | 2007-11-01 | Axalto Sa | A framework for protecting resource-constrained network devices from denial-of-service attacks |
-
2003
- 2003-03-28 CN CN038073196A patent/CN1643876B/en not_active Expired - Lifetime
- 2003-03-28 CA CA2479504A patent/CA2479504C/en not_active Expired - Fee Related
- 2003-03-28 AT AT03716896T patent/ATE483310T1/en not_active IP Right Cessation
- 2003-03-28 AU AU2003220582A patent/AU2003220582A1/en not_active Abandoned
- 2003-03-28 WO PCT/US2003/009665 patent/WO2003084181A1/en not_active Application Discontinuation
- 2003-03-28 DE DE60334368T patent/DE60334368D1/en not_active Expired - Lifetime
- 2003-03-28 US US10/402,649 patent/US7886357B2/en active Active
- 2003-03-28 EP EP03716896A patent/EP1491019B1/en not_active Expired - Lifetime
-
2008
- 2008-10-09 AU AU2008229835A patent/AU2008229835B2/en not_active Ceased
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0985995A1 (en) * | 1998-09-09 | 2000-03-15 | International Business Machines Corporation | Method and apparatus for intrusion detection in computers and computer networks |
WO2001084270A2 (en) * | 2000-04-28 | 2001-11-08 | Internet Security Systems, Inc. | Method and system for intrusion detection in a computer network |
WO2002019077A2 (en) * | 2000-09-01 | 2002-03-07 | Sri International, Inc. | Probabilistic alert correlation |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7073198B1 (en) * | 1999-08-26 | 2006-07-04 | Ncircle Network Security, Inc. | Method and system for detecting a vulnerability in a network |
US7162742B1 (en) | 2000-01-10 | 2007-01-09 | Ncircle Network Security, Inc. | Interoperability of vulnerability and intrusion detection systems |
US7509681B2 (en) | 2000-01-10 | 2009-03-24 | Ncircle Network Security, Inc. | Interoperability of vulnerability and intrusion detection systems |
US7594273B2 (en) | 2000-08-25 | 2009-09-22 | Ncircle Network Security, Inc. | Network security system having a device profiler communicatively coupled to a traffic monitor |
US7181769B1 (en) | 2000-08-25 | 2007-02-20 | Ncircle Network Security, Inc. | Network security system having a device profiler communicatively coupled to a traffic monitor |
US7506374B2 (en) * | 2001-10-31 | 2009-03-17 | Computer Associates Think, Inc. | Memory scanning system and method |
US7886357B2 (en) | 2002-03-29 | 2011-02-08 | Cisco Technology, Inc. | Method and system for reducing the false alarm rate of network intrusion detection systems |
EP1504323B1 (en) * | 2002-05-14 | 2009-12-16 | Cisco Technology, Inc. | Method and system for analyzing and addressing alarms from network intrustion detection systems |
CN100451984C (en) * | 2003-10-15 | 2009-01-14 | 思科技术公司 | Method and system for reducing the false alarm rate of network intrusion detection systems |
WO2005041141A3 (en) * | 2003-10-15 | 2006-02-09 | Cisco Tech Ind | Method and system for reducing the false alarm rate of network intrusion detection systems |
WO2005041141A2 (en) * | 2003-10-15 | 2005-05-06 | Cisco Technology, Inc. | Method and system for reducing the false alarm rate of network intrusion detection systems |
US7805762B2 (en) | 2003-10-15 | 2010-09-28 | Cisco Technology, Inc. | Method and system for reducing the false alarm rate of network intrusion detection systems |
CN100435513C (en) * | 2005-06-30 | 2008-11-19 | 杭州华三通信技术有限公司 | Method of linking network equipment and invading detection system |
CN104038372A (en) * | 2014-05-30 | 2014-09-10 | 国家电网公司 | Power wide area network (WAN) flow monitoring method |
Also Published As
Publication number | Publication date |
---|---|
ATE483310T1 (en) | 2010-10-15 |
CA2479504C (en) | 2010-07-13 |
US20030212910A1 (en) | 2003-11-13 |
CN1643876B (en) | 2010-09-29 |
EP1491019B1 (en) | 2010-09-29 |
DE60334368D1 (en) | 2010-11-11 |
CN1643876A (en) | 2005-07-20 |
AU2008229835B2 (en) | 2010-12-09 |
US7886357B2 (en) | 2011-02-08 |
EP1491019A1 (en) | 2004-12-29 |
CA2479504A1 (en) | 2003-10-09 |
AU2003220582A1 (en) | 2003-10-13 |
AU2008229835A1 (en) | 2008-11-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2479504C (en) | Method and system for reducing the false alarm rate of network intrusion detection systems | |
US20030196123A1 (en) | Method and system for analyzing and addressing alarms from network intrusion detection systems | |
US7805762B2 (en) | Method and system for reducing the false alarm rate of network intrusion detection systems | |
US7418733B2 (en) | Determining threat level associated with network activity | |
US6775657B1 (en) | Multilayered intrusion detection system and method | |
US7845007B1 (en) | Method and system for intrusion detection in a computer network | |
CN102082836B (en) | DNS (Domain Name Server) safety monitoring system and method | |
EP1618725B1 (en) | Attack database structure | |
US20080295173A1 (en) | Pattern-based network defense mechanism | |
US20070214504A1 (en) | Method And System For Network Intrusion Detection, Related Network And Computer Program Product | |
US20060294588A1 (en) | System, method and program for identifying and preventing malicious intrusions | |
US20050273673A1 (en) | Systems and methods for minimizing security logs | |
US20030101260A1 (en) | Method, computer program element and system for processing alarms triggered by a monitoring system | |
JP4159814B2 (en) | Interactive network intrusion detection system and interactive intrusion detection program | |
EP1504323B1 (en) | Method and system for analyzing and addressing alarms from network intrustion detection systems | |
US20040255153A1 (en) | Application based intrusion detection | |
JP4661554B2 (en) | Unauthorized access detection method, apparatus and program | |
KR20050063477A (en) | Security system for network information and method thereof | |
KR20030051929A (en) | Method for managing alert database and policy propagation in ladon-security gateway system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2479504 Country of ref document: CA |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2003220582 Country of ref document: AU |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2003716896 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 20038073196 Country of ref document: CN |
|
WWP | Wipo information: published in national office |
Ref document number: 2003716896 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |