06134664 is referenced by 137 patents and cites 5 patents.

A method of reducing the volume of native audit data from further analysis by a misuse and intrusion detection engine is disclosed. Typically, more than ninety percent of the volume of audit information received from heterogeneous operating systems does not need to be analyzed by a misuse and intrusion detection engine because this audit information can be filtered out as not posing a security threat. Advantageously, by reducing (eliminating) the volume of audit information, a misuse and intrusion engine can more quickly determine whether a security threat exists because the volume of data that the engine must consider is drastically reduced. Also, advantageously, the audit information that is forwarded to the engine is normalized to a standard format, thereby reducing the computational requirements of the engine. The method of reducing the volume of native audit data includes comparing each of the native audits against at least one template and against at least one native audit. By matching the native audits against templates of native audits that do not pose security threats, the native audits that do not pose security threats can be reduced out from further consideration. The native audits that are determined to pose potential security threats are transformed into a standardized format for further analysis by a misuse and intrusion detection engine.

Title
Method and system for reducing the volume of audit data and normalizing the audit data received from heterogeneous sources
Application Number
9/109866
Publication Number
6134664
Application Date
July 6, 1998
Publication Date
October 17, 2000
Inventor
Jeffrey H Walker
Papillon
NE, US
Agent
Lowe Hauptman Gopstein Gilman & Berner
Assignee
PRC
VA, US
IPC
G06F 13/00
View Original Source