WO2007058952A3 - Intrusion event correlation with network discovery information - Google Patents

Intrusion event correlation with network discovery information Download PDF

Info

Publication number
WO2007058952A3
WO2007058952A3 PCT/US2006/043820 US2006043820W WO2007058952A3 WO 2007058952 A3 WO2007058952 A3 WO 2007058952A3 US 2006043820 W US2006043820 W US 2006043820W WO 2007058952 A3 WO2007058952 A3 WO 2007058952A3
Authority
WO
WIPO (PCT)
Prior art keywords
network
policy
events
information
discovery information
Prior art date
Application number
PCT/US2006/043820
Other languages
French (fr)
Other versions
WO2007058952A2 (en
Inventor
Eric Gustafson
Brian P Rittermann
Original Assignee
Sourcefire Inc
Eric Gustafson
Brian P Rittermann
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sourcefire Inc, Eric Gustafson, Brian P Rittermann filed Critical Sourcefire Inc
Priority to JP2008540218A priority Critical patent/JP2009516266A/en
Priority to EP06837345.5A priority patent/EP1949235A4/en
Priority to CA002629723A priority patent/CA2629723A1/en
Publication of WO2007058952A2 publication Critical patent/WO2007058952A2/en
Publication of WO2007058952A3 publication Critical patent/WO2007058952A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

A policy component comprises policy configuration information. The policy configuration information contains one or more rules. Each rule and group of rules can be associated with a set of response actions (25). As the nodes on the monitored networks (40) change or intrusive actions are introduced on the networks, network change events or intrusion events are generated (22). The policy component correlates network change events and/or intrusions events with network map (15) information. The network map (15) contains information on the network topology, services and network devices, amongst other things. When certain criteria is satisfied based on the correlation, a policy violation event may be issued by the system resulting in alerts (35) or remediations (30).
PCT/US2006/043820 2005-11-14 2006-11-09 Intrusion event correlation with network discovery information WO2007058952A2 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
JP2008540218A JP2009516266A (en) 2005-11-14 2006-11-09 Intrusion event correlation method and system using network discovery information
EP06837345.5A EP1949235A4 (en) 2005-11-14 2006-11-09 Intrusion event correlation with network discovery information
CA002629723A CA2629723A1 (en) 2005-11-14 2006-11-09 Intrusion event correlation with network discovery information

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/272,035 2005-11-14
US11/272,035 US8046833B2 (en) 2005-11-14 2005-11-14 Intrusion event correlation with network discovery information

Publications (2)

Publication Number Publication Date
WO2007058952A2 WO2007058952A2 (en) 2007-05-24
WO2007058952A3 true WO2007058952A3 (en) 2009-05-07

Family

ID=38049168

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2006/043820 WO2007058952A2 (en) 2005-11-14 2006-11-09 Intrusion event correlation with network discovery information

Country Status (5)

Country Link
US (1) US8046833B2 (en)
EP (1) EP1949235A4 (en)
JP (1) JP2009516266A (en)
CA (1) CA2629723A1 (en)
WO (1) WO2007058952A2 (en)

Families Citing this family (65)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE60130902T2 (en) * 2001-11-23 2008-07-17 Protegrity Research & Development Method for detecting intrusion into a database system
US7730175B1 (en) 2003-05-12 2010-06-01 Sourcefire, Inc. Systems and methods for identifying the services of a network
US7539681B2 (en) * 2004-07-26 2009-05-26 Sourcefire, Inc. Methods and systems for multi-pattern searching
US7733803B2 (en) 2005-11-14 2010-06-08 Sourcefire, Inc. Systems and methods for modifying network map attributes
US9294477B1 (en) * 2006-05-04 2016-03-22 Sprint Communications Company L.P. Media access control address security
US9715675B2 (en) 2006-08-10 2017-07-25 Oracle International Corporation Event-driven customizable automated workflows for incident remediation
US8522304B2 (en) * 2006-09-08 2013-08-27 Ibahn General Holdings Corporation Monitoring and reporting policy compliance of home networks
US20080184368A1 (en) * 2007-01-31 2008-07-31 Coon James R Preventing False Positive Detections in an Intrusion Detection System
US8874159B2 (en) * 2007-05-10 2014-10-28 Cisco Technology, Inc. Method and system for handling dynamic incidents
US20090038014A1 (en) * 2007-07-31 2009-02-05 Paul Force System and method for tracking remediation of security vulnerabilities
US20100332641A1 (en) * 2007-11-09 2010-12-30 Kulesh Shanmugasundaram Passive detection of rebooting hosts in a network
US8707385B2 (en) * 2008-02-11 2014-04-22 Oracle International Corporation Automated compliance policy enforcement in software systems
US8655950B2 (en) * 2008-08-06 2014-02-18 International Business Machines Corporation Contextual awareness in real time collaborative activity alerts
US8272055B2 (en) 2008-10-08 2012-09-18 Sourcefire, Inc. Target-based SMB and DCE/RPC processing for an intrusion detection system or intrusion prevention system
US8010085B2 (en) * 2008-11-19 2011-08-30 Zscaler, Inc. Traffic redirection in cloud based security services
FR2946209A1 (en) * 2009-06-02 2010-12-03 Alcatel Lucent METHOD FOR PROTECTING A TELECOMMUNICATION NETWORK AND SECURE ROUTER USING SUCH A METHOD
US8261355B2 (en) * 2009-07-24 2012-09-04 Cisco Technology, Inc. Topology-aware attack mitigation
EP2559217B1 (en) 2010-04-16 2019-08-14 Cisco Technology, Inc. System and method for near-real time network attack detection, and system and method for unified detection via detection routing
US8433790B2 (en) 2010-06-11 2013-04-30 Sourcefire, Inc. System and method for assigning network blocks to sensors
US8671182B2 (en) 2010-06-22 2014-03-11 Sourcefire, Inc. System and method for resolving operating system or service identity conflicts
US9461878B1 (en) * 2011-02-01 2016-10-04 Palo Alto Networks, Inc. Blocking download of content
US8601034B2 (en) 2011-03-11 2013-12-03 Sourcefire, Inc. System and method for real time data awareness
US8849770B2 (en) * 2011-05-16 2014-09-30 Business Objects Software Limited Event auditing framework
US8855311B1 (en) 2011-08-02 2014-10-07 The United States Of America As Represented By The Secretary Of The Navy Advanced container security device network protocols
US8607049B1 (en) 2011-08-02 2013-12-10 The United States Of America As Represented By The Secretary Of The Navy Network access device for a cargo container security network
US9648029B2 (en) * 2012-07-30 2017-05-09 Newegg Inc. System and method of active remediation and passive protection against cyber attacks
WO2014134630A1 (en) 2013-03-01 2014-09-04 RedOwl Analytics, Inc. Modeling social behavior
US9542650B2 (en) 2013-03-01 2017-01-10 RedOwl Analytics, Inc. Analyzing behavior in light of social time
US11281643B2 (en) 2014-04-15 2022-03-22 Splunk Inc. Generating event streams including aggregated values from monitored network data
US10127273B2 (en) * 2014-04-15 2018-11-13 Splunk Inc. Distributed processing of network data using remote capture agents
US10523521B2 (en) 2014-04-15 2019-12-31 Splunk Inc. Managing ephemeral event streams generated from captured network data
US9762443B2 (en) 2014-04-15 2017-09-12 Splunk Inc. Transformation of network data at remote capture agents
US10693742B2 (en) 2014-04-15 2020-06-23 Splunk Inc. Inline visualizations of metrics related to captured network data
US10462004B2 (en) 2014-04-15 2019-10-29 Splunk Inc. Visualizations of statistics associated with captured network data
WO2015167496A1 (en) * 2014-04-30 2015-11-05 Hewlett-Packard Development Company, L.P. Selecting from computing nodes for correlating events
US9602525B2 (en) 2015-02-27 2017-03-21 Cisco Technology, Inc. Classification of malware generated domain names
US20170331690A1 (en) 2016-05-12 2017-11-16 Iboss, Inc. Applying network policies to devices based on their current access network
US10771479B2 (en) 2016-09-26 2020-09-08 Splunk Inc. Configuring modular alert actions and reporting action performance information
US10999296B2 (en) 2017-05-15 2021-05-04 Forcepoint, LLC Generating adaptive trust profiles using information derived from similarly situated organizations
US11888859B2 (en) 2017-05-15 2024-01-30 Forcepoint Llc Associating a security risk persona with a phase of a cyber kill chain
US10609081B1 (en) * 2017-06-20 2020-03-31 Cisco Technology, Inc. Applying computer network security policy using domain name to security group tag mapping
US10318729B2 (en) * 2017-07-26 2019-06-11 Forcepoint, LLC Privacy protection during insider threat monitoring
US10803178B2 (en) 2017-10-31 2020-10-13 Forcepoint Llc Genericized data model to perform a security analytics operation
US10666681B2 (en) * 2017-12-31 2020-05-26 Rapid7, Inc. Detecting malicious actors
US11314787B2 (en) 2018-04-18 2022-04-26 Forcepoint, LLC Temporal resolution of an entity
US10949428B2 (en) 2018-07-12 2021-03-16 Forcepoint, LLC Constructing event distributions via a streaming scoring operation
US11810012B2 (en) 2018-07-12 2023-11-07 Forcepoint Llc Identifying event distributions using interrelated events
US11436512B2 (en) 2018-07-12 2022-09-06 Forcepoint, LLC Generating extracted features from an event
US11755584B2 (en) 2018-07-12 2023-09-12 Forcepoint Llc Constructing distributions of interrelated event features
US11811799B2 (en) 2018-08-31 2023-11-07 Forcepoint Llc Identifying security risks using distributions of characteristic features extracted from a plurality of events
US11025659B2 (en) 2018-10-23 2021-06-01 Forcepoint, LLC Security system using pseudonyms to anonymously identify entities and corresponding security risk related behaviors
US11171980B2 (en) 2018-11-02 2021-11-09 Forcepoint Llc Contagion risk detection, analysis and protection
RU2739864C1 (en) * 2019-07-17 2020-12-29 Акционерное общество "Лаборатория Касперского" System and method of correlating events for detecting information security incident
US11570197B2 (en) 2020-01-22 2023-01-31 Forcepoint Llc Human-centric risk modeling framework
US11630901B2 (en) 2020-02-03 2023-04-18 Forcepoint Llc External trigger induced behavioral analyses
US11080109B1 (en) 2020-02-27 2021-08-03 Forcepoint Llc Dynamically reweighting distributions of event observations
US11429697B2 (en) 2020-03-02 2022-08-30 Forcepoint, LLC Eventually consistent entity resolution
US11836265B2 (en) 2020-03-02 2023-12-05 Forcepoint Llc Type-dependent event deduplication
US11080032B1 (en) 2020-03-31 2021-08-03 Forcepoint Llc Containerized infrastructure for deployment of microservices
US11568136B2 (en) 2020-04-15 2023-01-31 Forcepoint Llc Automatically constructing lexicons from unlabeled datasets
US11516206B2 (en) 2020-05-01 2022-11-29 Forcepoint Llc Cybersecurity system having digital certificate reputation system
US11544390B2 (en) 2020-05-05 2023-01-03 Forcepoint Llc Method, system, and apparatus for probabilistic identification of encrypted files
US11895158B2 (en) 2020-05-19 2024-02-06 Forcepoint Llc Cybersecurity system having security policy visualization
US11704387B2 (en) 2020-08-28 2023-07-18 Forcepoint Llc Method and system for fuzzy matching and alias matching for streaming data sets
US11190589B1 (en) 2020-10-27 2021-11-30 Forcepoint, LLC System and method for efficient fingerprinting in cloud multitenant data loss prevention

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6957348B1 (en) * 2000-01-10 2005-10-18 Ncircle Network Security, Inc. Interoperability of vulnerability and intrusion detection systems
US7073198B1 (en) * 1999-08-26 2006-07-04 Ncircle Network Security, Inc. Method and system for detecting a vulnerability in a network
US7257630B2 (en) * 2002-01-15 2007-08-14 Mcafee, Inc. System and method for network vulnerability detection and reporting

Family Cites Families (148)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS59195179A (en) * 1983-04-20 1984-11-06 Uro Denshi Kogyo Kk Alarming device for intruder
US4550436A (en) * 1983-07-26 1985-10-29 At&T Bell Laboratories Parallel text matching methods and apparatus
JPH0797373B2 (en) * 1985-08-23 1995-10-18 株式会社日立製作所 Document matching system
JPH0786537B2 (en) * 1987-09-26 1995-09-20 松下電工株式会社 Human body detection device
US4857912A (en) * 1988-07-27 1989-08-15 The United States Of America As Represented By The Secretary Of The Navy Intelligent security assessment system
JP2790466B2 (en) * 1988-10-18 1998-08-27 株式会社日立製作所 Character string search method and apparatus
US5193192A (en) * 1989-12-29 1993-03-09 Supercomputer Systems Limited Partnership Vectorized LR parsing of computer programs
US5404488A (en) * 1990-09-26 1995-04-04 Lotus Development Corporation Realtime data feed engine for updating an application with the most currently received data from multiple data feeds
US5222081A (en) * 1991-06-28 1993-06-22 Universal Data Systems, Inc. Method of performing an autobaud function using a state flow machine
US5430842A (en) 1992-05-29 1995-07-04 Hewlett-Packard Company Insertion of network data checksums by a network adapter
US5497463A (en) * 1992-09-25 1996-03-05 Bull Hn Information Systems Inc. Ally mechanism for interconnecting non-distributed computing environment (DCE) and DCE systems to operate in a network system
JP2994926B2 (en) * 1993-10-29 1999-12-27 松下電器産業株式会社 Method for creating finite state machine, method for creating pattern matching machine, method for transforming them, and method for driving
GB9326476D0 (en) * 1993-12-24 1994-02-23 Newbridge Networks Corp Network
US5459841A (en) * 1993-12-28 1995-10-17 At&T Corp. Finite state machine with minimized vector processing
US5666293A (en) * 1994-05-27 1997-09-09 Bell Atlantic Network Services, Inc. Downloading operating system software through a broadcast channel
US5995153A (en) * 1995-11-02 1999-11-30 Prime Image, Inc. Video processing system with real time program duration compression and expansion
JPH09198398A (en) * 1996-01-16 1997-07-31 Fujitsu Ltd Pattern retrieving device
US5870554A (en) 1996-04-01 1999-02-09 Advanced Micro Devices, Inc. Server selection method where a client selects a server according to address, operating system and found frame for remote booting
US5995963A (en) 1996-06-27 1999-11-30 Fujitsu Limited Apparatus and method of multi-string matching based on sparse state transition list
US5901307A (en) * 1996-07-22 1999-05-04 International Business Machines Corporation Processor having a selectively configurable branch prediction unit that can access a branch prediction utilizing bits derived from a plurality of sources
US5796942A (en) * 1996-11-21 1998-08-18 Computer Associates International, Inc. Method and apparatus for automated network-wide surveillance and security breach intervention
US6477648B1 (en) 1997-03-23 2002-11-05 Novell, Inc. Trusted workstation in a networked client/server computing system
US5999937A (en) 1997-06-06 1999-12-07 Madison Information Technologies, Inc. System and method for converting data between data sets
US5919257A (en) 1997-08-08 1999-07-06 Novell, Inc. Networked workstation intrusion detection system
US5987473A (en) 1997-09-09 1999-11-16 Beologic A/S Interactive configuration via network
US6199181B1 (en) * 1997-09-09 2001-03-06 Perfecto Technologies Ltd. Method and system for maintaining restricted operating environments for application programs or operating systems
US6002427A (en) 1997-09-15 1999-12-14 Kipust; Alan J. Security system with proximity sensing for an electronic device
US8225408B2 (en) 1997-11-06 2012-07-17 Finjan, Inc. Method and system for adaptive rule-based content scanners
US6141686A (en) * 1998-03-13 2000-10-31 Deterministic Networks, Inc. Client-side application-classifier gathering network-traffic statistics and application and user names using extensible-service provider plugin for policy-based network control
CN1154896C (en) * 1998-04-27 2004-06-23 迪吉多电子股份有限公司 Control system, display, host computer for control, and data transmitting method
EP0954139B1 (en) 1998-05-01 2005-04-06 Hewlett-Packard Company, A Delaware Corporation Methods of altering dynamic decision trees
US6334121B1 (en) 1998-05-04 2001-12-25 Virginia Commonwealth University Usage pattern based user authenticator
US6684332B1 (en) * 1998-06-10 2004-01-27 International Business Machines Corporation Method and system for the exchange of digitally signed objects over an insecure network
US6973455B1 (en) 1999-03-03 2005-12-06 Emc Corporation File server system providing direct data sharing between clients with a server acting as an arbiter and coordinator
US6324656B1 (en) 1998-06-30 2001-11-27 Cisco Technology, Inc. System and method for rules-driven multi-phase network vulnerability assessment
US6590885B1 (en) * 1998-07-10 2003-07-08 Malibu Networks, Inc. IP-flow characterization in a wireless point to multi-point (PTMP) transmission system
US6711127B1 (en) * 1998-07-31 2004-03-23 General Dynamics Government Systems Corporation System for intrusion detection and vulnerability analysis in a telecommunications signaling network
US6343362B1 (en) 1998-09-01 2002-01-29 Networks Associates, Inc. System and method providing custom attack simulation language for testing networks
US6219786B1 (en) * 1998-09-09 2001-04-17 Surfcontrol, Inc. Method and system for monitoring and controlling network access
US6321338B1 (en) 1998-11-09 2001-11-20 Sri International Network surveillance
US6499107B1 (en) 1998-12-29 2002-12-24 Cisco Technology, Inc. Method and system for adaptive network security using intelligent packet analysis
US6415321B1 (en) * 1998-12-29 2002-07-02 Cisco Technology, Inc. Domain mapping method and system
US6393474B1 (en) * 1998-12-31 2002-05-21 3Com Corporation Dynamic policy management apparatus and method using active network devices
US6487666B1 (en) 1999-01-15 2002-11-26 Cisco Technology, Inc. Intrusion detection signature analysis using regular expressions and logical operators
US6754826B1 (en) * 1999-03-31 2004-06-22 International Business Machines Corporation Data processing system and method including a network access connector for limiting access to the network
US6539381B1 (en) * 1999-04-21 2003-03-25 Novell, Inc. System and method for synchronizing database information
US6894608B1 (en) * 1999-07-22 2005-05-17 Altra Technologies Incorporated System and method for warning of potential collisions
US6587876B1 (en) * 1999-08-24 2003-07-01 Hewlett-Packard Development Company Grouping targets of management policies
US7310688B1 (en) 1999-08-30 2007-12-18 Ciena Corporation Relative addressing for network elements
US7065657B1 (en) * 1999-08-30 2006-06-20 Symantec Corporation Extensible intrusion detection system
US6789202B1 (en) * 1999-10-15 2004-09-07 Networks Associates Technology, Inc. Method and apparatus for providing a policy-driven intrusion detection system
US6678824B1 (en) * 1999-11-02 2004-01-13 Agere Systems Inc. Application usage time limiter
US6678734B1 (en) 1999-11-13 2004-01-13 Ssh Communications Security Ltd. Method for intercepting network packets in a computing device
US6990591B1 (en) 1999-11-18 2006-01-24 Secureworks, Inc. Method and system for remotely configuring and monitoring a communication device
US7315801B1 (en) * 2000-01-14 2008-01-01 Secure Computing Corporation Network security modeling system and method
US6851061B1 (en) * 2000-02-16 2005-02-01 Networks Associates, Inc. System and method for intrusion detection data collection using a network protocol stack multiplexor
CA2375206A1 (en) 2000-03-27 2001-10-04 Network Security Systems, Inc. Internet/network security method and system for checking security of a client from a remote facility
JP2001285400A (en) * 2000-03-29 2001-10-12 Kddi Corp Correcting method of traffic statistics information
US7134141B2 (en) 2000-06-12 2006-11-07 Hewlett-Packard Development Company, L.P. System and method for host and network based intrusion detection and response
US8661539B2 (en) * 2000-07-10 2014-02-25 Oracle International Corporation Intrusion threat detection
US20020087716A1 (en) 2000-07-25 2002-07-04 Shakeel Mustafa System and method for transmitting customized multi priority services on a single or multiple links over data link layer frames
US6772196B1 (en) * 2000-07-27 2004-08-03 Propel Software Corp. Electronic mail filtering system and methods
US6766320B1 (en) 2000-08-24 2004-07-20 Microsoft Corporation Search engine with natural language-based robust parsing for user query and relevance feedback learning
US7181769B1 (en) * 2000-08-25 2007-02-20 Ncircle Network Security, Inc. Network security system having a device profiler communicatively coupled to a traffic monitor
US7032114B1 (en) * 2000-08-30 2006-04-18 Symantec Corporation System and method for using signatures to detect computer intrusions
US20020035639A1 (en) * 2000-09-08 2002-03-21 Wei Xu Systems and methods for a packet director
US20070192863A1 (en) * 2005-07-01 2007-08-16 Harsh Kapoor Systems and methods for processing data flows
US20020066034A1 (en) 2000-10-24 2002-05-30 Schlossberg Barry J. Distributed network security deception system
US7054930B1 (en) * 2000-10-26 2006-05-30 Cisco Technology, Inc. System and method for propagating filters
US20020083344A1 (en) * 2000-12-21 2002-06-27 Vairavan Kannan P. Integrated intelligent inter/intra networking device
US6792269B2 (en) * 2000-12-22 2004-09-14 Bellsouth Intellectual Property Corporation System, method and apparatus for tracking deployment of cellular telephone network sites
JP3672242B2 (en) * 2001-01-11 2005-07-20 インターナショナル・ビジネス・マシーンズ・コーポレーション PATTERN SEARCH METHOD, PATTERN SEARCH DEVICE, COMPUTER PROGRAM, AND STORAGE MEDIUM
US7058821B1 (en) 2001-01-17 2006-06-06 Ipolicy Networks, Inc. System and method for detection of intrusion attacks on packets transmitted on a network
US20020165707A1 (en) 2001-02-26 2002-11-07 Call Charles G. Methods and apparatus for storing and processing natural language text data as a sequence of fixed length integers
US7234168B2 (en) * 2001-06-13 2007-06-19 Mcafee, Inc. Hierarchy-based method and apparatus for detecting attacks on a computer system
FI114416B (en) * 2001-06-15 2004-10-15 Nokia Corp Method for securing the electronic device, the backup system and the electronic device
US7096503B1 (en) * 2001-06-29 2006-08-22 Mcafee, Inc. Network-based risk-assessment tool for remotely detecting local computer vulnerabilities
US6978223B2 (en) * 2001-09-06 2005-12-20 Bbnt Solutions Llc Systems and methods for network performance measurement using packet signature collection
US7406526B2 (en) * 2001-09-28 2008-07-29 Uri Benchetrit Extended internet protocol network address translation system
US6999998B2 (en) * 2001-10-04 2006-02-14 Hewlett-Packard Development Company, L.P. Shared memory coupling of network infrastructure devices
CA2464402C (en) * 2001-10-25 2010-04-06 General Dynamics Government Systems Corporation A method and system for modeling, analysis and display of network security events
US20030101353A1 (en) * 2001-10-31 2003-05-29 Tarquini Richard Paul Method, computer-readable medium, and node for detecting exploits based on an inbound signature of the exploit and an outbound signature in response thereto
US20030083847A1 (en) * 2001-10-31 2003-05-01 Schertz Richard L. User interface for presenting data for an intrusion protection system
US7472167B2 (en) * 2001-10-31 2008-12-30 Hewlett-Packard Development Company, L.P. System and method for uniform resource locator filtering
US6546493B1 (en) * 2001-11-30 2003-04-08 Networks Associates Technology, Inc. System, method and computer program product for risk assessment scanning based on detected anomalous events
KR20040069324A (en) * 2001-12-31 2004-08-05 시타델 시큐리티 소프트웨어, 인크. Automated computer vulnerability resolution system
US6993706B2 (en) * 2002-01-15 2006-01-31 International Business Machines Corporation Method, apparatus, and program for a state machine framework
US7152105B2 (en) 2002-01-15 2006-12-19 Mcafee, Inc. System and method for network vulnerability detection and reporting
JP4152108B2 (en) * 2002-01-18 2008-09-17 株式会社コムスクエア Vulnerability monitoring method and system
US7076803B2 (en) * 2002-01-28 2006-07-11 International Business Machines Corporation Integrated intrusion detection services
US7174566B2 (en) * 2002-02-01 2007-02-06 Intel Corporation Integrated network intrusion detection
US7769997B2 (en) * 2002-02-25 2010-08-03 Network Resonance, Inc. System, method and computer program product for guaranteeing electronic transactions
US20030229726A1 (en) 2002-03-18 2003-12-11 Daseke Michael J. Default device configuration system and method for thin devices
WO2003084181A1 (en) * 2002-03-29 2003-10-09 Cisco Technology, Inc. Method and system for reducing the false alarm rate of network intrusion detection systems
JP4047053B2 (en) * 2002-04-16 2008-02-13 富士通株式会社 Retrieval apparatus and method using sequence pattern including repetition
US7383577B2 (en) * 2002-05-20 2008-06-03 Airdefense, Inc. Method and system for encrypted network management and intrusion detection
WO2003100617A1 (en) * 2002-05-22 2003-12-04 Lucid Security Corporation Adaptive intrusion detection system
US6983323B2 (en) * 2002-08-12 2006-01-03 Tippingpoint Technologies, Inc. Multi-level packet screening with dynamically selected filtering criteria
US7069438B2 (en) * 2002-08-19 2006-06-27 Sowl Associates, Inc. Establishing authenticated network connections
US20040064726A1 (en) 2002-09-30 2004-04-01 Mario Girouard Vulnerability management and tracking system (VMTS)
US20040093582A1 (en) 2002-11-01 2004-05-13 Segura Tim E. Method for allowing a computer to be used as an information kiosk while locked
US7363656B2 (en) * 2002-11-04 2008-04-22 Mazu Networks, Inc. Event detection/anomaly correlation heuristics
US7454499B2 (en) * 2002-11-07 2008-11-18 Tippingpoint Technologies, Inc. Active network defense system and method
KR100456635B1 (en) * 2002-11-14 2004-11-10 한국전자통신연구원 Method and system for defensing distributed denial of service
US7350077B2 (en) * 2002-11-26 2008-03-25 Cisco Technology, Inc. 802.11 using a compressed reassociation exchange to facilitate fast handoff
US7353533B2 (en) * 2002-12-18 2008-04-01 Novell, Inc. Administration of protection of data accessible by a mobile device
US20040193943A1 (en) * 2003-02-13 2004-09-30 Robert Angelino Multiparameter network fault detection system using probabilistic and aggregation analysis
US7536456B2 (en) * 2003-02-14 2009-05-19 Preventsys, Inc. System and method for applying a machine-processable policy rule to information gathered about a network
AU2003277247A1 (en) * 2003-02-28 2004-09-28 Lockheed Martin Corporation Hardware accelerator state table compiler
US7706378B2 (en) * 2003-03-13 2010-04-27 Sri International Method and apparatus for processing network packets
US7185015B2 (en) * 2003-03-14 2007-02-27 Websense, Inc. System and method of monitoring and controlling application files
US8127359B2 (en) * 2003-04-11 2012-02-28 Samir Gurunath Kelekar Systems and methods for real-time network-based vulnerability assessment
US7305708B2 (en) 2003-04-14 2007-12-04 Sourcefire, Inc. Methods and systems for intrusion detection
US7644275B2 (en) * 2003-04-15 2010-01-05 Microsoft Corporation Pass-thru for client authentication
US20040221176A1 (en) 2003-04-29 2004-11-04 Cole Eric B. Methodology, system and computer readable medium for rating computer system vulnerabilities
AU2003225232A1 (en) 2003-04-29 2004-11-26 Threatguard, Inc. System and method for network security scanning
US7349400B2 (en) 2003-04-29 2008-03-25 Narus, Inc. Method and system for transport protocol reconstruction and timer synchronization for non-intrusive capturing and analysis of packets on a high-speed distributed network
US7317693B1 (en) * 2003-05-12 2008-01-08 Sourcefire, Inc. Systems and methods for determining the network topology of a network
US7089383B2 (en) 2003-06-06 2006-08-08 Hewlett-Packard Development Company, L.P. State machine and system for data redundancy
US7636917B2 (en) 2003-06-30 2009-12-22 Microsoft Corporation Network load balancing with host status information
US7596807B2 (en) * 2003-07-03 2009-09-29 Arbor Networks, Inc. Method and system for reducing scope of self-propagating attack code in network
US7346922B2 (en) * 2003-07-25 2008-03-18 Netclarity, Inc. Proactive network security system to protect against hackers
US7133916B2 (en) 2003-07-28 2006-11-07 Etelemetry, Inc. Asset tracker for identifying user of current internet protocol addresses within an organization's communications network
US20050114700A1 (en) * 2003-08-13 2005-05-26 Sensory Networks, Inc. Integrated circuit apparatus and method for high throughput signature based network applications
US7467202B2 (en) 2003-09-10 2008-12-16 Fidelis Security Systems High-performance network content analysis platform
US8417673B2 (en) * 2003-10-07 2013-04-09 International Business Machines Corporation Method, system, and program for retaining versions of files
US7725936B2 (en) * 2003-10-31 2010-05-25 International Business Machines Corporation Host-based network intrusion detection systems
US7581249B2 (en) 2003-11-14 2009-08-25 Enterasys Networks, Inc. Distributed intrusion response system
EP1549012A1 (en) 2003-12-24 2005-06-29 DataCenterTechnologies N.V. Method and system for identifying the content of files in a network
GB2410647A (en) * 2004-01-31 2005-08-03 Hewlett Packard Development Co Identifying and Patching Vulnerabilities in a Network
US20050188079A1 (en) * 2004-02-24 2005-08-25 Covelight Systems, Inc. Methods, systems and computer program products for monitoring usage of a server application
US7313695B2 (en) 2004-03-23 2007-12-25 Sourcefire, Inc. Systems and methods for dynamic threat assessment
US7761918B2 (en) * 2004-04-13 2010-07-20 Tenable Network Security, Inc. System and method for scanning a network
US7366728B2 (en) 2004-04-27 2008-04-29 International Business Machines Corporation System for compressing a search tree structure used in rule classification
US20050273673A1 (en) 2004-05-19 2005-12-08 Paul Gassoway Systems and methods for minimizing security logs
US20050268331A1 (en) 2004-05-25 2005-12-01 Franck Le Extension to the firewall configuration protocols and features
US8074277B2 (en) 2004-06-07 2011-12-06 Check Point Software Technologies, Inc. System and methodology for intrusion detection and prevention
US7480245B2 (en) * 2004-12-11 2009-01-20 International Business Machines Corporation Segmenting data packets for over-network transmission at adjustable fragment boundary
US10015140B2 (en) * 2005-02-03 2018-07-03 International Business Machines Corporation Identifying additional firewall rules that may be needed
US7454790B2 (en) 2005-05-23 2008-11-18 Ut-Battelle, Llc Method for detecting sophisticated cyber attacks
US20060294588A1 (en) 2005-06-24 2006-12-28 International Business Machines Corporation System, method and program for identifying and preventing malicious intrusions
US20070027913A1 (en) * 2005-07-26 2007-02-01 Invensys Systems, Inc. System and method for retrieving information from a supervisory control manufacturing/production database
US8077718B2 (en) * 2005-08-12 2011-12-13 Microsoft Corporation Distributed network management
US7873025B2 (en) * 2006-02-23 2011-01-18 Cisco Technology, Inc. Network device that determines application-level network latency by monitoring option values in a transport layer message
GB2432933B (en) 2006-03-14 2008-07-09 Streamshield Networks Ltd A method and apparatus for providing network security
US7958227B2 (en) 2006-05-22 2011-06-07 Mcafee, Inc. Attributes of captured objects in a capture system
US7930747B2 (en) * 2007-01-08 2011-04-19 Trend Micro Incorporated Host intrusion prevention server
US7936794B2 (en) * 2007-08-07 2011-05-03 Avaya Inc. Clock management between two end points

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7073198B1 (en) * 1999-08-26 2006-07-04 Ncircle Network Security, Inc. Method and system for detecting a vulnerability in a network
US6957348B1 (en) * 2000-01-10 2005-10-18 Ncircle Network Security, Inc. Interoperability of vulnerability and intrusion detection systems
US7257630B2 (en) * 2002-01-15 2007-08-14 Mcafee, Inc. System and method for network vulnerability detection and reporting

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
See also references of EP1949235A4 *
SPITZNER, LANCE: "Passive Fingerprinting", FOCUS ON INTRUSION DETECTION, 3 May 2003 (2003-05-03), pages 1 - 4, XP008129880, Retrieved from the Internet <URL:www.ctillhq.com/pdfdb/000183/data.pdf.> *

Also Published As

Publication number Publication date
US20080244741A1 (en) 2008-10-02
EP1949235A4 (en) 2014-09-03
EP1949235A2 (en) 2008-07-30
WO2007058952A2 (en) 2007-05-24
CA2629723A1 (en) 2007-05-24
US8046833B2 (en) 2011-10-25
JP2009516266A (en) 2009-04-16

Similar Documents

Publication Publication Date Title
WO2007058952A3 (en) Intrusion event correlation with network discovery information
Le et al. 6LoWPAN: a study on QoS security threats and countermeasures using intrusion detection system approach
Alpcan et al. A game theoretic approach to decision and analysis in network intrusion detection
WO2003067847A3 (en) Integrated network intrusion detection
WO2005050364A3 (en) Distributed intrusion response system
WO2004082195A3 (en) Secure self-organizing and self-provisioning anomalous event detection systems
US20110295982A1 (en) Societal-scale graph-based interdiction for virus propagation slowdown in telecommunications networks
Chen et al. FCM technique for efficient intrusion detection system for wireless networks in cloud environment
Indirani et al. A swarm-based efficient distributed intrusion detection system for mobile ad hoc networks (MANET)
Dhakne et al. Detailed Survey on attacks in wireless sensor network
Li et al. A study on one‐dimensional k‐coverage problem in wireless sensor networks
Zarei et al. Defense against flooding attacks using probabilistic thresholds in the internet of things ecosystem
Anand et al. Localized DoS attack detection architecture for reliable data transmission over wireless sensor network
Ganesh et al. Intrusion detection and prevention systems: A review
Jaya Krishna et al. An insight view on denial of service attacks in vehicular ad hoc networks
Panke Clustering based certificate revocation scheme for malicious nodes in MANET
Goli-Bidgoli et al. A trust-based framework for increasing MAC layer reliability in cognitive radio VANETs
Zhang et al. Indra: a distributed approach to network intrusion detection and prevention
Zhang et al. A SDN Proactive Defense Scheme Based on IP and MAC Address Mutation
Zia et al. Security and Privacy in Communication Networks: 9th International ICST Conference, SecureComm 2013, Revised Selected Papers
Ashraf et al. RGB technique of intrusion detection in IEEE 802.11 wireless mesh networks
Masdari et al. Comprehensive evaluation of the localized certificate revocation in mobile ad hoc network
Kaur et al. Intrusion detection in mobile ad-hoc networks: a mobile agent approach
Chaturvedi et al. NS2 Based Structured Network Attack Scrutiny in MANET
Coull et al. On the development of an internetwork-centric defense for scanning worms

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2006837345

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2008540218

Country of ref document: JP

Kind code of ref document: A

Ref document number: 2629723

Country of ref document: CA

NENP Non-entry into the national phase

Ref country code: DE