Method and system for adaptive anomaly-based intrusion detection

Patent No. 8,800,036

Issued: August 5, 2014
Filed: January 22, 2010
Term Extension: 689 days

Inventors: Khayam; Syed Ali (Islamabad, PK), Ali; Muhammad Qasim (Islamabad, PK)
Assignee: The School of Electrical Engineering and Computer Science (SEECS), National University of Sciences and Technology (NUST) (Islamabad, Pakistan)


The input characteristics of a real-time IDS change continuously with time therefore setting a rigid (time and behavior invariant) classification threshold limits the accuracy that the IDS can potentially achieve. A generic threshold tuning method and system is proposed which can adaptively tune the detection threshold of a real-time IDS in accordance with varying host and network behavior. The method and system perform statistical and information-theoretic analysis of network and host-based IDSs' anomaly based intrusions to reveal a consistent time correlation structure between benign activity periods which is used to predict future anomaly scores and to adapt an IDS' detection threshold accordingly.


Go Back for more representative patents.


Home || Intellectual Property || Patents || Trademarks || Copyrights


Brown & Michaels, PC
400 M & T Bank Building
118 North Tioga Street - The Commons
Ithaca, NY 14850
Phone: (607) 256-2000 Fax: (607) 256-3628

e-mail: bpm@bpmlegal.com

© 2014 Brown & Michaels PC