SRI International Receives Patent for Network Security Monitoring Technology

MENLO PARK, Calif., December 16, 2002 — SRI International, a leading independent research institute, announced today that the United States Patent and Trademark Office has issued SRI a fundamental patent for its computer network security monitoring technology.

U.S. Patent No. 6,484,203 covers SRI’s hierarchical event monitoring and analysis technology for defense against hacking and other malicious activities, or “cyber-attacks”. These attacks, which can threaten national security and disrupt business operations, may include Internet “worm” attacks – those repeated against common network services across domains, or “denial of service” attacks – coordinated strikes from multiple domains against a single domain. SRI’s technology includes both distributed sensors that continuously monitor for such intrusions and consolidated alerts for analysis and action.

The patent specifically covers computer-automated hierarchical event monitoring and analysis within an enterprise network, including the deployment of network monitors.   It also covers the ability to detect, through the monitors, suspicious network activity based on analysis of network traffic data selected from among several categories: network packet data transfer commands, data transfer errors, data volume, network connection requests and denials, and error codes included in a network packet.   Also covered is the generation of reports on suspicious activity noted by the monitors and automatic receipt and integration of such reports by one or more hierarchical monitors.

The patent is based on years of technology development.   Long before cyber-attacks became a widespread problem, SRI researchers recognized that strikes against networks could come from various launch points across a network or series of interconnected networks. In 1996, an SRI project team called EMERALD (for Event Monitoring Enabling Responses to Anomalous Live Disturbances), supported by funding from the U.S. Defense Advanced Research Projects Agency (DARPA), began developing a continuous hierarchical monitoring approach for effective identification of such network attacks. That work ultimately led to the filing of the recently issued patent.

The patent inventors are program director Phillip Porras and senior computer scientist Alfonso Valdes, two members of SRI’s Information and Computing Sciences Division.   The Division conducts research and develops new technologies in computer security, formal methods, machine intelligence, speech and natural language, perception and visual sciences, and bioinformatics.

About SRI International
Silicon Valley-based SRI International ( http://www.sri.com ) is one of the world's leading independent research and technology development organizations. Founded as Stanford Research Institute in 1946, SRI has been meeting the strategic needs of clients for more than 55 years. The nonprofit research institute performs contract research and development for government agencies, commercial businesses and private foundations. SRI is well known for its innovations in information technology, telecommunications, engineering, pharmaceuticals, chemistry, physics, and the public policy areas of education, health, and economic development. In addition to conducting contract R&D, SRI licenses its technologies, forms strategic partnerships and creates spin-off companies.