| US 7,546,637 B1 | ||
| Structures and methods for using geo-location in security detectors | ||
| Paul Agbabian, Los Angeles, Calif. (US); and William E. Sobel, Stevenson Ranch, Calif. (US) | ||
| Assigned to Symantec Corproation, Mountain View, Calif. (US) | ||
| Filed on Nov. 22, 2004, as Appl. No. 10/996,019. | ||
| Int. Cl. H04L 9/00 (2006.01) | ||
| U.S. Cl. 726—23 [726/25; 713/151; 713/168; 709/223; 709/224; 709/232; 709/238] | 16 Claims |
| 1. A method for characterizing events on a network comprising:
processing a plurality of network events with a security event detector to identify a set of network events having a common
source address and to generate a network security event for the set of network events,
wherein said processing a plurality of network events with a security event detector to identify a set of network events having
a common source address and to generate a network security event for the set of network events further comprises:
generating an interest level for each set of network events having a common source address thereby generating a plurality
of interest levels; and
processing a first occurrence of a network event having the source address in the plurality of network events with a geo-location
detector to generate a location identifier for the network event having the source address wherein a plurality of location
identifiers are generated with each location identifier in said plurality being associated with a different source address.
|