Saturday, October 04, 2003

SRI Patent on "Hierarchical event monitoring and analysis"

I was doing research for my book "The Tao of Network Security Monitoring" and learned SRI was awarded a patent on 19 Nov 02 for "Hierarchical event monitoring and analysis." It's patent 6,484,203 and says:

"A computer-automated method of hierarchical event monitoring and analysis within an enterprise network including deploying network monitors in the enterprise network, detecting, by the network monitors, suspicious network activity based on analysis of network traffic data selected from the following categories: {network packet data transfer commands, network packet data transfer errors, network packet data volume, network connection requests, network connection denials, error codes included in a network packet}, generating, by the monitors, reports of the suspicious activity, and automatically receiving and integrating the reports of suspicious activity, by one or more hierarchical monitors."

I thought this was alarming until I started browsing through the linked patents and found just about everything under the sun has been patented. How can SRI or anyone expect a patent like this to withstand scrutiny, since anyone can point to Marty's 1999 LISA talk on Snort as prior art, or Todd Heberlein's 1990 paper on network security monitoring?

No comments: