The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Jun. 01, 2010
Filed:
Aug. 20, 2007
Jeffrey Scott Bardsley, Cary, NC (US);
Ashley Anderson Brock, Morrisville, NC (US);
Nathaniel Wook Kim, Raleigh, NC (US);
Charles Steven Lingafelt, Durham, NC (US);
Jeffrey Scott Bardsley, Cary, NC (US);
Ashley Anderson Brock, Morrisville, NC (US);
Nathaniel Wook Kim, Raleigh, NC (US);
Charles Steven Lingafelt, Durham, NC (US);
International Business Machines Corporation, Armonk, NY (US);
Abstract
A method of operating an intrusion detection system. The system determines occurrence of a signature event indicative of a denial of service intrusion on a protected device. A value of a signature event counter is increased. The value of the signature event counter is adjusted to not include a count of signature events past a sliding window. The value of the signature event counter is determined to exceed a signature threshold quantity, followed by generation of an alert at a time subsequently recorded in a log. The log is cleared of entries past a permissible age. A present alert generation rate is determined as a ratio of the total number of timestamps in the log to the permissible age. The present alert generation rate is ascertained to exceed an alert generation rate threshold. A selected element of the signature set is altered to decrease the alert generation rate.