&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12177240.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,177,240 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Machine learning based intrusion detection system for mission critical systems</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Tamer Soliman,  Toronto (CA)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  iS5 Communications Inc.,  Ontario (CA)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  iS5 Communications, Inc.,  Mississauga (CA)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Feb.  28, 2023, as Appl. No. 18/115,208.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 18/115,208 is a continuation of application No. 16/570,386, filed on Sep.  13, 2019, granted, now 11,621,970.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2024/0080328 A1, Mar.  7, 2024</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 9/40</b></i> (2022.01); <i><b>G06N 3/044</b></i> (2023.01); <i><b>G06N 3/045</b></i> (2023.01); <i><b>G06N 3/08</b></i> (2023.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 63/1425</b></i> (2013.01)&#xa0;[<i><b>G06N 3/044</b></i> (2023.01); <i><b>G06N 3/045</b></i> (2023.01); <i><b>G06N 3/08</b></i> (2013.01)]</td>
            <td class="table_data" align="right"><b>37 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12177240-20241224-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A system for intrusion detection for network and control elements used in a mission critical environment connected to a network, the system comprising:<div class="claim_text">(a) a traffic aggregator module for mirroring and aggregating network traffic;</div>
                <div class="claim_text">(b) a protocol category splitter module for receiving the mirrored and aggregated network traffic from the traffic aggregator and for splitting the mirrored and aggregated network traffic into a first and second protocol category;</div>
                <div class="claim_text">(c) a first and second intrusion detection system (IDS) module for the first and second protocol categories, the first intrusion detection system module for analyzing the mirrored and aggregated network traffic from the first protocol category and for transmitting a first IDS associated data and the second intrusion detection system module for analyzing the mirrored and aggregated network traffic from the second protocol category and for transmitting a second IDS associated data;</div>
                <div class="claim_text">(d) a first and second security information and event management (SIEM) module for each of the first and second protocol categories, the first SIEM module for processing the first IDS associated data to make a first protocol category alert available to a user and the second SIEM module for processing the second IDS associated data to make a second protocol category alert available to the user; and</div>
                <div class="claim_text">(e) a first and second global threat intelligence platform (GTI) for the first and second IDS modules, comprising:<div class="claim_text">(i) the first GTI for receiving the first IDS associated data and further analyzing the first IDS associated data for transmitting a first GTI response data to the first IDS module, the first IDS module utilizing the first GTI response data in the analyzing of the mirrored and aggregated network traffic of the first protocol category by the first IDS module; and</div>
                  <div class="claim_text">(ii) the second GTI for receiving the second IDS associated data and further analyzing the second IDS associated data for transmitting a second GTI response data to the second IDS module, the second IDS module utilizing the second GTI response data in the analyzing of the mirrored and aggregated network traffic of the second protocol category by the second IDS module;</div>
                </div>
                <div class="claim_text">wherein the first and second IDS associated data each comprises alerts data and analytics data; and</div>
                <div class="claim_text">wherein the first and second SIEM module receive the first and second alerts data of the first and second IDS associated data.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>