摘要 |
A method for identifying a device attempting an intrusion into a TCP/IP protocol based network is disclosed. The present invention allows creating links between two independent information levels, the TCP/IP stack information on one side and the Windows Security Event Log information on the other side. The method allows establishing the relationship between the computer name of the attacker device as stored in the Security Event Log and the TCP/IP information related to this computer name.
|