The present invention relates to the field of digital computer systems, and more specifically, to a method for classification of suspicious activities by an intrusion detection system.
Threat intelligence systems provide real time actionable data for e.g. firewalls. Observed attacks from IP addresses are processed and shipped to customer appliances to ensure immediate protection. The threat intelligence systems may employ algorithms for classification and statistical analysis of observed attacks. However, there is a continuous need to increase the availability of such systems.