专利名称:Event sequence detection发明人:Nurmela, Kari申请号:EP03104056.1申请日:20031103公开号:EP1418484A3公开日:20050427
专利附图:
摘要:The invention relates to event sequence detection suitable for an intrusiondetection system (IDS), for example. An event sequence including two or more stages inorder, each of the stages including one or more events, is defined. Also defined is afiltering function for each of the stages, each filtering function providing a TRUE
indication, when one of the events belonging to the respective event is received, and aFALSE indication otherwise. Still further at least one binding function for each of thestages is defined such that a pair of binding functions in two successive stages links theevents in these two successive stages. Received event data is continuously evaluated withthe filtering functions. When the evaluation results in a TRUE indication from one of thefilter functions, at least one key value is derived from the received event data by thecorresponding at least one binding function. Finally, it is determined that that the
sequence has been detected, when a TRUE indication has been obtained in each stage in atimely order and the derived key values link the detected events in the successive stages.
申请人:Stonesoft Corporation
地址:Itälahdenkatu 22 A 00210 Helsinki FI
国籍:FI
代理机构:Äkräs, Tapio Juhani
更多信息请下载全文后查看
因篇幅问题不能全部显示,请点此查看更多更全内容