System and method for detection and mitigation of network worms

An intrusion detection system for a computer network includes a knowledge database that contains a baseline of normal host behavior, and a correlation engine that monitors network activity with reference to the knowledge database. The correlation engine accumulating information about anomalous event...

Full description

Saved in:
Bibliographic Details
Main Authors VARANASI RAVI K, ZHANG SHUGUANG, SADHASIVAM KARTHIKEYAN M
Format Patent
LanguageEnglish
Published 26.10.2006
Subjects
Online AccessGet full text

Cover

Loading…
More Information
Summary:An intrusion detection system for a computer network includes a knowledge database that contains a baseline of normal host behavior, and a correlation engine that monitors network activity with reference to the knowledge database. The correlation engine accumulating information about anomalous events occurring on the network and then periodically correlating the anomalous events. The correlation engine generates a worm outbreak alarm when a certain number of hosts exhibit a role-reversal behavior. It is emphasized that this abstract is provided to comply with the rules requiring an abstract that will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims.
Bibliography:Application Number: US20050114575