21
Alfonso De Jesus Valdes, Martin Wayne Fong, Phillip Andrew Porras: Prioritizing bayes network alerts. Moser Patterson & Sheridan, May 15, 2003: US20030093514-A1

This invention uses Bayesian techniques to prioritize alerts or alert groups generated by intrusion detection systems and other information security devices, such as network analyzers, network monitors, firewalls, antivirus software, authentication services, host and application security services, e ...


22
Phillip Andrew Porras, Magnus Almgren, Ulf E Lindqvist, Steven Mark Dawson: Application-layer anomaly and misuse detection. Moser Patterson & Sheridan, May 29, 2003: US20030101358-A1

A method includes passing a request for data received by a first server process executing in a first server to a detection process that includes packing a subset of the data into an analysis format and passing the subset to an analysis process.


23
Phillip Andrew Porras, Alfonso Valdes: Network surveillance. Moser Patterson & Sheridan, January 15, 2004: US20040010718-A1

A method of network surveillance includes receiving network packets handled by a network entity and building at least one long-term and a least one short-term statistical profile from a measure of the network packets that monitors data transfers, errors, or network connections. A comparison of the s ...


24
Phillip Andrew Porras, Alfonso Valdes: Network surveillance. SRI International a California corporation, Moser Patterson & Sheridan, May 8, 2003: US20030088791-A1

A method of network surveillance includes receiving network packets handled by a network entity and building at least one long-term and a least one short-term statistical profile from a measure of the network packets that monitors data transfers, errors, or network connections. A comparison of the s ...


25
Phillip Andrew Porras, Alfonso De Jesus Valdes: Network surveillance. SRI International, Fish & Richardson PC, February 25, 2010: US20100050248-A1

A method of network surveillance includes receiving network packets handled by a network entity and building at least one long-term and at least one short-term statistical profile from a measure of the network packets that monitors data transfers, errors, or network connections. A comparison of the ...


26
Phillip Andrew Porras, Jian Zhang: Method and apparatus for generating highly predictive blacklists. Patterson & Sheridan, Sri International, March 5, 2009: US20090064332-A1

In one embodiment, the present invention is a method and apparatus for generating highly predictive blacklists. One embodiment of a method for generating a blacklist of network addresses for a user of a network includes collecting security log data from users of the network, the security log data id ...


27
Phillip Andrew Porras, Alfonso de Jesus Valdes: Network Surveillance. Sri International, August 16, 2012: US20120210425-A1

A method of network surveillance includes receiving network packets handled by a network entity and building at least one long-term and at least one short-term statistical profile from a measure of the network packets that monitors data transfers, errors, or network connections. A comparison of the ...


28
Guofei Gu, Phillip Andrew Porras, Martin Fong: Method and apparatus for detecting malware infection. Wall & Tong, Sri International, July 2, 2009: US20090172815-A1

In one embodiment, the present invention is a method and apparatus for detecting malware infection. One embodiment of a method for detecting a malware infection at a local host in a network, includes monitoring communications between the local host and one or more entities external to the network, g ...