摘要 |
According to one embodiment of the invention, a computerized method for addressing intrusion attacks directed at a computer includes receiving a data stream corresponding to a potential attack on the computer and calculating an event risk rating for the data stream. Calculating the event risk rating includes determining at least one component risk rating. In one embodiment, the component risk ratings are: a signature fidelity rating indicative of the likelihood the potential attack will affect the computer in the absence of knowledge regarding the computer, an attack relevance rating indicative of the relevance of the potential attack to the computer, and a target value rating indicative of the perceived value of the computer. The method also includes responding to the potential attack based on the calculated risk rating.
|