发明名称 | System and method for detecting network intrusions using layered host scoring | ||
摘要 | Approaches for detecting network intrusions, such as malware infection, Trojans, worms, or bot net mining activities includes: identifying one or more threat detections in session datasets, the session datasets corresponding to network traffic from a plurality of hosts; determining a layered detection score, the layered detection score corresponding to a certainty score and threat score; determining a layered host score, the layered host score corresponding to a certainty score and threat score; and generating alarm data comprising the layered detection score and the layered host score. In some embodiments, the network traffic may be received passively through a network switch; for example, by “tapping” the switch. Other additional objects, features, and advantages of the invention are described in the detailed description, figures and claims. | ||
申请公布号 | US9565208(B2) | 申请公布日期 | 2017.02.07 |
申请号 | US201514644166 | 申请日期 | 2015.03.10 |
申请人 | Vectra Networks, Inc. | 发明人 | Ibatullin Oskar;Prenger Ryan James;Beauchesne Nicolas;Lynn Karl Matthew;Tavakoli Oliver Kourosh |
分类号 | G06F12/14;H04L29/06 | 主分类号 | G06F12/14 |
代理机构 | Vista IP Law Group, LLP | 代理人 | Vista IP Law Group, LLP |
主权项 | 1. A method for generating layered host scores, comprising: identifying one or more computer contaminate detections by analyzing one or more session datasets, the session datasets corresponding to network traffic from a plurality of hosts; generating host certainty score data that corresponds to a confidence that a host is compromised by one or more computer contaminants; generating host threat score data that corresponds to a potential harm from the one or more computer contaminants compromising the host; and storing the host certainty score data and the host threat score data as a layered detection score in a database, wherein the layered detection score is generated by comprising: combining a first detection certainty score data for a first detection type and a second detection certainty score data for a second detection type into a combined host certainty score;combining a first detection threat score for the first detection type and a second detection threat score for the second detection type into a combined host threat score; andcombining the combined host certainty score with the combined host threat score. | ||
地址 | San Jose CA US |