Adaptive security network, sensor node and method for detecting anomalous events in a security network

摘要

An adaptive security network, sensor node and methods for detecting and responding to anomalous events in a security network are provided herein. In general, the adaptive security network comprises a plurality of sensor nodes interconnected to form a communication network, wherein each sensor node is configured for detecting an anomalous event occurring within a vicinity of the sensor node and for identifying the detected anomalous event as a specific threat-event, a specific non-threat event or an unidentified event. In addition, the adaptive security network comprises a central processing and control system coupled to the plurality of sensor nodes for receiving an event notification message from at least one of the sensor nodes indicating an identity of an anomalous event detected by the at least one sensor node. Upon receiving the event notification message, the central processing and control system is configured for confirming the identity of the anomalous event provided by the at least one sensor node and for responding to the anomalous event once the identity is confirmed.

主权项

1. A sensor node configured for detecting anomalous events in a security network, the sensor node comprising:
at least one sensor coupled for acquiring sensor data pertaining to the security network; a storage medium coupled for storing:
a plurality of event signatures corresponding to previously identified anomalous events, wherein the previously identified anomalous events comprise threat-events and non-threat events;a set of event property filters specified for each of the stored event signatures, wherein each set of event property filters defines a plurality of parameters that the sensor data must meet in order to detect an anomalous event in the sensor data, and wherein the set of event property filters comprise a minimum threshold value filter, a minimum time filter, and an event count filter; and a set of program instructions, which uses the plurality of event signatures and the sets of event property filters for detecting an anomalous event within the sensor data and, once the anomalous event is detected, the set of program instructions are configured for classifying the detected event as a threat-event, a non-threat event, or an unidentified event; and a processor coupled for executing the set of program instructions to detect and classify the anomalous event.