Method and apparatus for detecting SSH login attacks

摘要

A digital filter correlation engine, wherein the correlation engine combines N arbitrary digital filter states based on the weights and along with a threshold generate a network incident. This network incident in turn can be feedback to another digital filter. This multi-layering capability allows the creation of higher level event detections that are time-based for a cyber security analyst to analyze, thereby reducing the amount of manual work the analyst has to do in inspecting behaviors within the network.