Method and apparatus for security management via vicarious network devices
First Claim
1. An apparatus for security management in a data, voice, or video network comprising, in combination:
- at least one vicarious device capable of automatically simulating at least one corresponding real device or transmission medium in said network;
at least one monitor for detecting when said network may be being attacked; and
at least one trigger for substituting at least one of said vicarious devices for said corresponding real device or transmission medium.
5 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment of a method and apparatus for protecting data, voice, and video networks from individuals with malicious intent, a real network or network device has a vicarious simulated counterpart that may take the place of the real device or network upon appropriate triggering. The simulated counterpart behaves like the real device, but records the suspect transactions. The integrity of the real network or device is therefore continuously maintained because the suspect is isolated from the real network and the suspect transactions are not passed on to the actual device or network. The recorded transactions may then be analyzed for purposes of exposing the perpetrator, discovering perpetrator behavior patterns, and identifying device or network security weaknesses.
379 Citations
36 Claims
-
1. An apparatus for security management in a data, voice, or video network comprising, in combination:
-
at least one vicarious device capable of automatically simulating at least one corresponding real device or transmission medium in said network;
at least one monitor for detecting when said network may be being attacked; and
at least one trigger for substituting at least one of said vicarious devices for said corresponding real device or transmission medium. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36)
-
-
18. A method for security management in a data, voice, or video network comprising the steps, in combination, of:
-
detecting when said network is being attacked; and
substituting for said real device at least one vicarious device capable of automatically simulating at least one corresponding real device in said network.
-
-
34. A method for creating a simulator suitable for use in network security management comprising the steps, in combination, of:
-
creating a full simulated version of a real device, said simulated device having a dataset containing data values corresponding to attributes of the real device;
running the simulated device under simulated attack conditions;
capturing the simulated device'"'"'s activity;
determining which attributes were used;
eliminating data values corresponding to unused attributes from the simulated device dataset to create a reduced dataset containing only data values corresponding to used attributes; and
creating a new simulated device having the reduced dataset.
-
Specification