DETECTING NETWORK INTRUSION AND ANOMALY INCIDENTS

摘要

In an embodiment, a method comprises: using computing apparatus, receiving one or more data streams, determining one or more characteristics of the one or more data streams, and based on the one or more characteristics of the one or more data streams, determining one or more tags for the one or more data streams; determining whether the one or more tags indicate one or more malicious patterns representative of network intrusions; in response to determining that the one or more tags indicate one or more malicious patterns representative of network intrusions: generating, based on the one or more tags, one or more aggregated alert streams; applying one or more rules to the one or more aggregated alert streams and receiving a result indicating whether a network intrusion is in progress; in response thereto, determining and executing one or more remedial actions.

主权项

1. A computer-implemented data processing method comprising:
using computing apparatus, receiving one or more data streams, determining one or more characteristics of the one or more data streams, and based on the one or more characteristics of the one or more data streams, determining one or more tags for the one or more data streams; using computing apparatus, determining whether the one or more tags indicate one or more malicious patterns representative of network intrusions; using computing apparatus, in response to determining that the one or more tags indicate one or more malicious patterns representative of network intrusions:
generating, based on the one or more tags, one or more aggregated alert streams;applying one or more rules to the one or more aggregated alert streams and receiving a result indicating whether a network intrusion is in progress;in response to receiving the result indicating that the network intrusion is in progress, determining and executing one or more remedial actions.