WO2007067549A3 - Method and system for real time detection of threats in high volume data streams - Google Patents
Method and system for real time detection of threats in high volume data streams Download PDFInfo
- Publication number
- WO2007067549A3 WO2007067549A3 PCT/US2006/046421 US2006046421W WO2007067549A3 WO 2007067549 A3 WO2007067549 A3 WO 2007067549A3 US 2006046421 W US2006046421 W US 2006046421W WO 2007067549 A3 WO2007067549 A3 WO 2007067549A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- threats
- real time
- data streams
- volume data
- time detection
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
Abstract
A high speed detection system and method capable of generating audits of investigable patterns from log data using techniques for grouping and filtering the data so as to create vectors of patterns which can be then further analyzed by applying conditional filters to conclude that a threat may be active has been created to solve at least the above discussed problems.
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US74814405P | 2005-12-08 | 2005-12-08 | |
US60/748,144 | 2005-12-08 | ||
US11/633,626 | 2006-12-05 | ||
US11/633,626 US7961633B2 (en) | 2005-12-08 | 2006-12-05 | Method and system for real time detection of threats in high volume data streams |
Publications (3)
Publication Number | Publication Date |
---|---|
WO2007067549A2 WO2007067549A2 (en) | 2007-06-14 |
WO2007067549A9 WO2007067549A9 (en) | 2007-07-19 |
WO2007067549A3 true WO2007067549A3 (en) | 2007-11-22 |
Family
ID=38123432
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2006/046421 WO2007067549A2 (en) | 2005-12-08 | 2006-12-06 | Method and system for real time detection of threats in high volume data streams |
Country Status (2)
Country | Link |
---|---|
US (1) | US7961633B2 (en) |
WO (1) | WO2007067549A2 (en) |
Families Citing this family (37)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7607169B1 (en) | 2002-12-02 | 2009-10-20 | Arcsight, Inc. | User interface for network security console |
US7650638B1 (en) | 2002-12-02 | 2010-01-19 | Arcsight, Inc. | Network security monitoring system employing bi-directional communication |
US7376969B1 (en) | 2002-12-02 | 2008-05-20 | Arcsight, Inc. | Real time monitoring and analysis of events from multiple network security devices |
US7788722B1 (en) | 2002-12-02 | 2010-08-31 | Arcsight, Inc. | Modular agent for network security intrusion detection system |
US7899901B1 (en) | 2002-12-02 | 2011-03-01 | Arcsight, Inc. | Method and apparatus for exercising and debugging correlations for network security system |
US7219239B1 (en) | 2002-12-02 | 2007-05-15 | Arcsight, Inc. | Method for batching events for transmission by software agent |
US8176527B1 (en) | 2002-12-02 | 2012-05-08 | Hewlett-Packard Development Company, L. P. | Correlation engine with support for time-based rules |
US7260844B1 (en) | 2003-09-03 | 2007-08-21 | Arcsight, Inc. | Threat detection in a network security system |
US8015604B1 (en) | 2003-10-10 | 2011-09-06 | Arcsight Inc | Hierarchical architecture in a network security system |
US9027120B1 (en) | 2003-10-10 | 2015-05-05 | Hewlett-Packard Development Company, L.P. | Hierarchical architecture in a network security system |
US7565696B1 (en) | 2003-12-10 | 2009-07-21 | Arcsight, Inc. | Synchronizing network security devices within a network security system |
US7509677B2 (en) | 2004-05-04 | 2009-03-24 | Arcsight, Inc. | Pattern discovery in a network security system |
US7644438B1 (en) | 2004-10-27 | 2010-01-05 | Arcsight, Inc. | Security event aggregation at software agent |
US9100422B1 (en) | 2004-10-27 | 2015-08-04 | Hewlett-Packard Development Company, L.P. | Network zone identification in a network security system |
US7809131B1 (en) | 2004-12-23 | 2010-10-05 | Arcsight, Inc. | Adjusting sensor time in a network security system |
US7647632B1 (en) | 2005-01-04 | 2010-01-12 | Arcsight, Inc. | Object reference in a system |
US8850565B2 (en) * | 2005-01-10 | 2014-09-30 | Hewlett-Packard Development Company, L.P. | System and method for coordinating network incident response activities |
US7844999B1 (en) | 2005-03-01 | 2010-11-30 | Arcsight, Inc. | Message parsing in a network security system |
JP5104187B2 (en) * | 2007-10-15 | 2012-12-19 | ソニー株式会社 | VIDEO / AUDIO SETTING INFORMATION MANAGEMENT DEVICE, PROCESSING METHOD THEREOF, AND PROGRAM |
US20130339367A1 (en) * | 2012-06-14 | 2013-12-19 | Santhosh Adayikkoth | Method and system for preferential accessing of one or more critical entities |
US9736179B2 (en) * | 2013-09-30 | 2017-08-15 | Fireeye, Inc. | System, apparatus and method for using malware analysis results to drive adaptive instrumentation of virtual machines to improve exploit detection |
US9680855B2 (en) | 2014-06-30 | 2017-06-13 | Neo Prime, LLC | Probabilistic model for cyber risk forecasting |
US9584538B1 (en) | 2015-11-24 | 2017-02-28 | International Business Machines Corporation | Controlled delivery and assessing of security vulnerabilities |
US10536476B2 (en) | 2016-07-21 | 2020-01-14 | Sap Se | Realtime triggering framework |
US10482241B2 (en) | 2016-08-24 | 2019-11-19 | Sap Se | Visualization of data distributed in multiple dimensions |
US10542016B2 (en) | 2016-08-31 | 2020-01-21 | Sap Se | Location enrichment in enterprise threat detection |
US10673879B2 (en) | 2016-09-23 | 2020-06-02 | Sap Se | Snapshot of a forensic investigation for enterprise threat detection |
US10630705B2 (en) * | 2016-09-23 | 2020-04-21 | Sap Se | Real-time push API for log events in enterprise threat detection |
US10534908B2 (en) | 2016-12-06 | 2020-01-14 | Sap Se | Alerts based on entities in security information and event management products |
US10530792B2 (en) | 2016-12-15 | 2020-01-07 | Sap Se | Using frequency analysis in enterprise threat detection to detect intrusions in a computer system |
US10534907B2 (en) | 2016-12-15 | 2020-01-14 | Sap Se | Providing semantic connectivity between a java application server and enterprise threat detection system using a J2EE data |
US11470094B2 (en) | 2016-12-16 | 2022-10-11 | Sap Se | Bi-directional content replication logic for enterprise threat detection |
US10552605B2 (en) | 2016-12-16 | 2020-02-04 | Sap Se | Anomaly detection in enterprise threat detection |
US10764306B2 (en) | 2016-12-19 | 2020-09-01 | Sap Se | Distributing cloud-computing platform content to enterprise threat detection systems |
US10530794B2 (en) | 2017-06-30 | 2020-01-07 | Sap Se | Pattern creation in enterprise threat detection |
US10986111B2 (en) | 2017-12-19 | 2021-04-20 | Sap Se | Displaying a series of events along a time axis in enterprise threat detection |
US10681064B2 (en) | 2017-12-19 | 2020-06-09 | Sap Se | Analysis of complex relationships among information technology security-relevant entities using a network graph |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020078381A1 (en) * | 2000-04-28 | 2002-06-20 | Internet Security Systems, Inc. | Method and System for Managing Computer Security Information |
US6519703B1 (en) * | 2000-04-14 | 2003-02-11 | James B. Joyce | Methods and apparatus for heuristic firewall |
US20030051026A1 (en) * | 2001-01-19 | 2003-03-13 | Carter Ernst B. | Network surveillance and security system |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6601048B1 (en) * | 1997-09-12 | 2003-07-29 | Mci Communications Corporation | System and method for detecting and managing fraud |
US6526442B1 (en) * | 1998-07-07 | 2003-02-25 | Compaq Information Technologies Group, L.P. | Programmable operational system for managing devices participating in a network |
US7469341B2 (en) * | 2001-04-18 | 2008-12-23 | Ipass Inc. | Method and system for associating a plurality of transaction data records generated in a service access system |
CA2407903A1 (en) * | 2002-07-29 | 2004-01-29 | Kirk Vandezande | Systems for determining optimal test order for disease diagnosis |
US20040213289A1 (en) * | 2002-09-04 | 2004-10-28 | Chun-I Liu | Method and system for wakeup packet detection at Gigabit speeds |
WO2005093576A1 (en) * | 2004-03-28 | 2005-10-06 | Robert Iakobashvili | Visualization of packet network performance, analysis and optimization for design |
US7523504B2 (en) * | 2004-08-02 | 2009-04-21 | Netiq Corporation | Methods, systems and computer program products for evaluating security of a network environment |
US7333963B2 (en) * | 2004-10-07 | 2008-02-19 | Bernard Widrow | Cognitive memory and auto-associative neural network based search engine for computer and network located images and photographs |
-
2006
- 2006-12-05 US US11/633,626 patent/US7961633B2/en active Active
- 2006-12-06 WO PCT/US2006/046421 patent/WO2007067549A2/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6519703B1 (en) * | 2000-04-14 | 2003-02-11 | James B. Joyce | Methods and apparatus for heuristic firewall |
US20020078381A1 (en) * | 2000-04-28 | 2002-06-20 | Internet Security Systems, Inc. | Method and System for Managing Computer Security Information |
US20030051026A1 (en) * | 2001-01-19 | 2003-03-13 | Carter Ernst B. | Network surveillance and security system |
Also Published As
Publication number | Publication date |
---|---|
US7961633B2 (en) | 2011-06-14 |
US20070136437A1 (en) | 2007-06-14 |
WO2007067549A2 (en) | 2007-06-14 |
WO2007067549A9 (en) | 2007-07-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2007067549A3 (en) | Method and system for real time detection of threats in high volume data streams | |
WO2007083300A3 (en) | Securing data in a networked environment | |
WO2008112361A3 (en) | Methods and apparatus for log-ftc radar receivers having enhanced sea clutter model | |
GB201300933D0 (en) | Geological log data processing methods and apparatuses | |
WO2006101766A3 (en) | Apparatus and method for dynamically auditing data migration to produce metadata | |
WO2007109081A3 (en) | Method and apparatus for improved operation of an abatement system | |
GB2442591B (en) | Analytical server integrated in a process control network | |
WO2007117423A3 (en) | Method and apparatus for representing multidimensional data | |
NO20090572L (en) | Seismic data processing | |
WO2007035539A3 (en) | Classified filtering for temporal prediction | |
WO2007075638A3 (en) | System and method for monitoring system performance levels across a network | |
WO2007041146A3 (en) | Apparatus and method for switching between buffers using a video frame buffer flip queue | |
WO2008045199A3 (en) | Method and system for allowing access to developed applications via a multi-tenant on-demand database service | |
WO2008063973A3 (en) | Method and system for high performance data metatagging and data indexing using coprocessors | |
EP1851908A4 (en) | Network security enhancement methods, apparatuses, systems, media, signals and computer programs | |
WO2008070362A3 (en) | System and method for converting a natural language query into a logical query | |
FI20080623L (en) | System and method for processing an audio signal | |
WO2007122541A3 (en) | Data summarization system and method for summarizing a data stream | |
SI1800753T1 (en) | Method and device for separating solid particles on the basis of a difference in density | |
WO2007089861A3 (en) | Methods and apparatus for modifying a backup data stream including a set of validation bytes for each data block to be provided to a fixed position delta reduction backup application | |
WO2007109600A3 (en) | Extractions and methods comprising elder species | |
GB2457614B (en) | System, method and computer program product for stacking seismic noise data to analyze seismic events | |
MXPA06008400A (en) | Method and apparatus for attenuation wind noise in seismic data. | |
TW200634506A (en) | System and method to qualify data capture | |
WO2009148769A3 (en) | Virtual media device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 06839025 Country of ref document: EP Kind code of ref document: A2 |