Method and system for alert classification in a computer network

D. Bolzoni (Inventor), S. Etalle (Inventor)

Research output: PatentPatent publication

31 Downloads (Pure)

Abstract

A method and a system for classification of intrusion alerts in computer network is provided. The method comprises the steps of monitoring traffic data in a computer network, detecting an intrusion, providing an intrusion alert and data in relation to the intrusion alert, generating a statistical analysis of the data in relation to the intrusion alert and classifying the intrusion alert based on said statistical analysis. The intrusion alerts and the data in relation to an intrusion alert may be generated by anomaly-based intrusion detection system. The generating a statistical analysis may comprise generating information about a statistical distribution of n-grams in the data. The classification may comprise comparing the statistical analysis with a model analysis of intrusion alerts with predefined alert classes. This model may be generated by providing a training set of data in relation to alerts, generating a model statistical analysis of said data, predefining at least two alert classes, and assigning predefined alert classes to the statistical analysis, based on information provided by a signature-based intrusion detection system, or by a human operator.
Original languageEnglish
Patent numberWO2010114363
Publication statusPublished - 7 Oct 2010

Fingerprint

statistical analysis
method
statistical distribution
anomaly
detection

Cite this

@misc{35bbf60bd928406295b9ed6d19d11a4b,
title = "Method and system for alert classification in a computer network",
abstract = "A method and a system for classification of intrusion alerts in computer network is provided. The method comprises the steps of monitoring traffic data in a computer network, detecting an intrusion, providing an intrusion alert and data in relation to the intrusion alert, generating a statistical analysis of the data in relation to the intrusion alert and classifying the intrusion alert based on said statistical analysis. The intrusion alerts and the data in relation to an intrusion alert may be generated by anomaly-based intrusion detection system. The generating a statistical analysis may comprise generating information about a statistical distribution of n-grams in the data. The classification may comprise comparing the statistical analysis with a model analysis of intrusion alerts with predefined alert classes. This model may be generated by providing a training set of data in relation to alerts, generating a model statistical analysis of said data, predefining at least two alert classes, and assigning predefined alert classes to the statistical analysis, based on information provided by a signature-based intrusion detection system, or by a human operator.",
author = "D. Bolzoni and S. Etalle",
year = "2010",
month = "10",
day = "7",
language = "English",
type = "Patent",
note = "WO2010114363",

}

Method and system for alert classification in a computer network. / Bolzoni, D. (Inventor); Etalle, S. (Inventor).

Patent No.: WO2010114363.

Research output: PatentPatent publication

TY - PAT

T1 - Method and system for alert classification in a computer network

AU - Bolzoni, D.

AU - Etalle, S.

PY - 2010/10/7

Y1 - 2010/10/7

N2 - A method and a system for classification of intrusion alerts in computer network is provided. The method comprises the steps of monitoring traffic data in a computer network, detecting an intrusion, providing an intrusion alert and data in relation to the intrusion alert, generating a statistical analysis of the data in relation to the intrusion alert and classifying the intrusion alert based on said statistical analysis. The intrusion alerts and the data in relation to an intrusion alert may be generated by anomaly-based intrusion detection system. The generating a statistical analysis may comprise generating information about a statistical distribution of n-grams in the data. The classification may comprise comparing the statistical analysis with a model analysis of intrusion alerts with predefined alert classes. This model may be generated by providing a training set of data in relation to alerts, generating a model statistical analysis of said data, predefining at least two alert classes, and assigning predefined alert classes to the statistical analysis, based on information provided by a signature-based intrusion detection system, or by a human operator.

AB - A method and a system for classification of intrusion alerts in computer network is provided. The method comprises the steps of monitoring traffic data in a computer network, detecting an intrusion, providing an intrusion alert and data in relation to the intrusion alert, generating a statistical analysis of the data in relation to the intrusion alert and classifying the intrusion alert based on said statistical analysis. The intrusion alerts and the data in relation to an intrusion alert may be generated by anomaly-based intrusion detection system. The generating a statistical analysis may comprise generating information about a statistical distribution of n-grams in the data. The classification may comprise comparing the statistical analysis with a model analysis of intrusion alerts with predefined alert classes. This model may be generated by providing a training set of data in relation to alerts, generating a model statistical analysis of said data, predefining at least two alert classes, and assigning predefined alert classes to the statistical analysis, based on information provided by a signature-based intrusion detection system, or by a human operator.

UR - http://www.wipo.int/patentscope/search/en/detail.jsf?docId=WO2010114363&recNum=1&docAn=NL2010000060&queryString=EN_TI:(method%20and%20system)%20AND%20IN:bolzoni&maxRec=1

M3 - Patent publication

M1 - WO2010114363

ER -