公开(公告)号：US09401924B2

公开(公告)日：2016-07-26

申请号：US13721698

申请日：2012-12-20

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Zihui Ge ,  Jie Chu ,  Richard Huber ,  Ping Ji ,  Jennifer Yates ,  Yung-Chao Yu

IPC: G11C11/00 ,  H04L29/06

CPC classification number: H04L63/1416 ,  H04L63/1425

Abstract: Concepts and technologies disclosed herein are for monitoring operational activities in networks and detecting potential network intrusions and misuses. According to one aspect disclosed herein, an intrusion detection system can collect logs from an authentication, authorization, and accounting system. The intrusion detection system can extract information from the logs, update intrusion detection information utilized by an intrusion detection rule based upon the information extracted from the logs, update a profile utilized by the intrusion detection rule, compare the profile and the intrusion detection rule against a running state of an on-going session, tag corresponding log entries with a threat score, calculate the threat scores from the corresponding log entries to create an aggregated threat score, and present the aggregated threat score. The intrusion detection system can also present an alarm if the aggregated threat score triggers an alarm condition.

Abstract translation: 本文所公开的概念和技术用于监控网络中的运行活动并检测潜在的网络入侵和滥用。 根据本文公开的一个方面，入侵检测系统可以从认证，授权和计费系统收集日志。 入侵检测系统可以从日志中提取信息，基于从日志提取的信息更新入侵检测规则所使用的入侵检测信息，更新入侵检测规则使用​​的配置文件，将配置文件和入侵检测规则相对于 正在进行的会话的运行状态，标记具有威胁分数的相应日志条目，从相应的日志条目计算威胁分数以创建聚合的威胁分数，并呈现聚合的威胁分数。 入侵检测系统还可以在聚合的威胁分数触发报警条件时发出报警。

公开(公告)号：US20140181968A1

公开(公告)日：2014-06-26

申请号：US13721698

申请日：2012-12-20

Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.

Inventor： Zihui Ge ,  Jie Chu ,  Richard Huber ,  Ping Ji ,  Jennifer Yates ,  Yung-Chao Yu

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L63/1425

Abstract: Concepts and technologies disclosed herein are for monitoring operational activities in networks and detecting potential network intrusions and misuses. According to one aspect disclosed herein, an intrusion detection system can collect logs from an authentication, authorization, and accounting system. The intrusion detection system can extract information from the logs, update intrusion detection information utilized by an intrusion detection rule based upon the information extracted from the logs, update a profile utilized by the intrusion detection rule, compare the profile and the intrusion detection rule against a running state of an on-going session, tag corresponding log entries with a threat score, calculate the threat scores from the corresponding log entries to create an aggregated threat score, and present the aggregated threat score. The intrusion detection system can also present an alarm if the aggregated threat score triggers an alarm condition.

Abstract translation: 本文所公开的概念和技术用于监控网络中的运行活动并检测潜在的网络入侵和滥用。 根据本文公开的一个方面，入侵检测系统可以从认证，授权和计费系统收集日志。 入侵检测系统可以从日志中提取信息，基于从日志提取的信息更新入侵检测规则所使用的入侵检测信息，更新入侵检测规则使用​​的配置文件，将配置文件和入侵检测规则相对于 正在进行的会话的运行状态，标记具有威胁分数的相应日志条目，从相应的日志条目计算威胁分数以创建聚合的威胁分数，并呈现聚合的威胁分数。 入侵检测系统还可以在聚合的威胁分数触发报警条件时发出报警。