1
Phillip Andrew Porras, Martin Wayne Fong: Network-based alert management. SRI International, Kin Wah Tong, Moser Patterson & Sheridan, March 9, 2004: US06704874 (322 worldwide citation)

A method of managing alerts in a network including receiving alerts from network sensors, consolidating the alerts that are indicative of a common incident and generating output reflecting the consolidated alerts.


2
Phillip Andrew Porras, Alfonso Valdes: Hierarchical event monitoring and analysis. SRI International, Fish & Richardson P C, November 19, 2002: US06484203 (278 worldwide citation)

A computer-automated method of hierarchical event monitoring and analysis within an enterprise network including deploying network monitors in the enterprise network, detecting, by the network monitors, suspicious network activity based on analysis of network traffic data selected from the following ...


3
Phillip Andrew Porras, Michael G Corr, Steven Mark Dawson, David Watt, David Manseau, John Peter Marcotullio: Method and apparatus for identifying wireless transmitters. SRI International, August 21, 2012: US08249028 (156 worldwide citation)

In one embodiment, the present invention is a method and apparatus for identifying wireless transmitters. In one embodiment, a method for identifying a transmitter in a wireless computing network includes extracting one or more radio frequency signal characteristics from a communication from the tra ...


4
Phillip Andrew Porras, Alfonso Valdes: Network surveillance. SRI International, Kin Wah Tong, Moser Patterson & Sheridan, March 16, 2004: US06708212 (142 worldwide citation)

A method of network surveillance includes receiving network packets handled by a network entity and building at least one long-term and a least one short-term statistical profile from a measure of the network packets that monitors data transfers, errors, or network connections. A comparison of the s ...


5
Phillip Andrew Porras, Alfonso Valdes: Network surveillance. SRI International, Kin Wah Tong Esq, Moser Patterson & Sheridan, March 23, 2004: US06711615 (131 worldwide citation)

A method of network surveillance includes receiving network packets handled by a network entity and building at least one long-term and a least one short-term statistical profile from a measure of the network packets that monitors data transfers, errors, or network connections. A comparison of the s ...


6
Phillip Andrew Porras, Alfonso Valdes: Network surveillance using long-term and short-term statistical profiles to determine suspicious network activity. SRI International, September 22, 2009: US07594260 (60 worldwide citation)

A method of network surveillance includes receiving network packets handled by a network entity and building at least one long-term and a least one short-term statistical profile from a measure of the network packets that monitors data transfers, errors, or network connections. A comparison of the s ...


7
Alfonso De Jesus Valdes, Martin Wayne Fong, Phillip Andrew Porras: Prioritizing Bayes network alerts. SRI International, May 27, 2008: US07379993 (38 worldwide citation)

This invention uses Bayesian techniques to prioritize alerts or alert groups generated by intrusion detection systems and other information security devices, such as network analyzers, network monitors, firewalls, antivirus software, authentication services, host and application security services, e ...


8
Phillip Andrew Porras, Martin Wayne Fong: Network-based alert management system. SRI International, Fish & Richardson P C, April 6, 2010: US07694115 (27 worldwide citation)

A system for managing network alerts including data connections adapted to receive alerts from network sensors, alert processing logic coupled to the data connections and further including alert integration logic operable to integrate the alerts, report generation logic coupled to the alert integrat ...


9
Phillip Andrew Porras, Magnus Almgren, Ulf E Lindqvist, Steven Mark Dawson: Application-layer anomaly and misuse detection. SRI International, Kin Wah Tong Esq, Patterson & Sheridan, November 28, 2006: US07143444 (26 worldwide citation)

A method includes passing a request for data received by a first server process executing in a first server to a detection process that includes packing a subset of the data into an analysis format and passing the subset to an analysis process.


10
Phillip Andrew Porras, Michael G Corr, Steven Mark Dawson, David Watt, David Manseau, John Peter Marcotullio: Method and apparatus for wireless network security. SRI International, May 25, 2010: US07724717 (14 worldwide citation)

In one embodiment, the present invention is a method and apparatus for wireless network security. In one embodiment, a method for securing a wireless computing network includes receiving a communication from an unidentified transmitter, identifying the transmitter in accordance with a fingerprint ge ...