Re: SRI patent on "Hierarchical event monitoring and analysis"

[Rich Adamson <radamson () routers com>]

> "A computer-automated method of hierarchical event
> monitoring and analysis within an enterprise network
> including deploying network monitors in the enterprise
> network, detecting, by the network monitors,
> suspicious network activity based on analysis of
> network traffic data selected from the following
> categories: {network packet data transfer commands,
> network packet data transfer errors, network packet
> data volume, network connection requests, network
> connection denials, error codes included in a network
> packet}, 

I'd be the first to admit that I'm not a trained legal person,
however my impression suggests the patent is highly structured
toward monitoring generic statisical values (eg, errors, volumes,
requests, denials, error codes) and drawing inferences from those
values by comparison to some sort of baseline quantity. Although 
the text references IDS's, the patent is not extended to IDSs nor 
does it discuss or address any analysis or correlations one might 
find interesting relative to multiple packet "content" analyzers.





-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users