System and method of graphically correlating data for an intrusion protection system

US 20030084318A1
Filed: 10/31/2001
Published: 05/01/2003
Est. Priority Date: 10/31/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method of displaying data related to an intrusion event on a computer system, comprising:

capturing data related to the intrusion event;

decoding the captured data from a first predetermined format to a second predetermined format decipherable by humans, the decoded data in turn comprising intrusion signature, data summary, and detailed data;

correlating data components of the intrusion signature, data summary and detailed data to one another; and

graphically displaying the correlated decoded data components.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with the present invention, a method of displaying data related to an intrusion event on a computer system comprises data components of the steps of capturing data related to the intrusion event and decoding the captured data from a predetermined format to a predetermined format decipherable by humans. The decoded data comprises data components of the intrusion signature, data summary, and detailed data. The method further comprises data components of the steps of correlating data components of the intrusion signature, data summary and detailed data to one another, and then graphically displaying the correlated decoded data components.

Citations

24 Claims

1. A method of displaying data related to an intrusion event on a computer system, comprising:
- capturing data related to the intrusion event;
  
  decoding the captured data from a first predetermined format to a second predetermined format decipherable by humans, the decoded data in turn comprising intrusion signature, data summary, and detailed data;
  
  correlating data components of the intrusion signature, data summary and detailed data to one another; and
  
  graphically displaying the correlated decoded data components.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method, as set forth in claim 1, wherein graphically displaying the correlated decoded data components comprises graphically highlighting correlated data components of intrusion signature, data summary and detailed data.
  - 3. The method, as set forth in claim 1, wherein graphically displaying the correlated decoded data comprises:
    - receiving a user input selecting a displayed data component;
      
      graphically highlighting data components correlated to the selected data component.
  - 4. The method, as set forth in claim 1, wherein graphically displaying the correlated decoded data comprises:
    - receiving a user input selecting a displayed data component;
      
      graphically highlighting the user selected data component; and
      
      graphically highlighting data components correlated to the selected data component.
  - 5. The method, as set forth in claim 1, wherein capturing data comprises capturing network data packets of the intrusion event.
  - 6. The method, as set forth in claim 1, wherein decoding the captured data comprises decoding the captured data from a binary format to a human-readable text format.
  - 7. The method, as set forth in claim 1, wherein decoding the captured data comprises decoding the captured data to decoded data having a data link layer protocol header, a network layer protocol header, a network layer protocol data summary, and packet data in hexadecimal format.
  - 8. The method, as set forth in claim 1, wherein decoding the captured data comprises decoding the captured data to decoded data having an Ethernet header, an IP header, an IP data summary, and packet data in hexadecimal format.
  - 9. The method, as set forth in claim 1, further comprising storing the captured data.

10. A method of graphically displaying data related to an intrusion event on a computer system, comprising:
- capturing data related to the intrusion event (the data comprising data components of intrusion signature, data summary, and detailed data);
  
  correlating data components of the intrusion signature, data summary and detailed data to one another; and
  
  graphically displaying the correlated data components.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method, as set forth in claim 10, wherein graphically displaying the correlated data components comprises:
    - receiving a user input selecting a displayed data component; and
      
      graphically highlighting all data components correlated to the selected data component.
  - 12. The method, as set forth in claim 10, wherein graphically displaying the correlated data components comprises:
    - receiving a user input selecting a displayed data component;
      
      graphically highlighting the user selected data component; and
      
      graphically highlighting all data components correlated to the selected data component.
  - 13. The method, as set forth in claim 10, wherein capturing data comprises capturing network data packets of the intrusion event in response to detecting the presence of a predetermined signature in the network data packet.
  - 14. The method, as set forth in claim 10, further comprising decoding the captured data from a binary format to a human-readable text format.
  - 15. The method, as set forth in claim 10, further comprising decoding the captured data to decoded data having a data link layer protocol header, a network layer protocol header, a network layer protocol data summary, and packet data in hexadecimal format.
  - 16. The method, as set forth in claim 10, further comprising decoding the captured data to decoded data having an Ethernet header, an IP header, an IP data summary, and packet data in hexadecimal format.

17. A system of presenting data of an intrusion detection system, comprising:
- a network driver capturing data related to an intrusion event upon detecting a predetermined intrusion signature;
  
  a decode engine decoding the captured data from a first predetermined format to a second predetermined format decipherable by humans, the decoded data comprising data components of intrusion event data, data summary, and detailed data; and
  
  a user interface correlating data components of the intrusion signature, intrusion event data, data summary and detailed data to one another and displaying the correlated decoded data components.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The system, as set forth in claim 17, wherein the user interface graphically highlights correlated data components of intrusion event data, data summary and detailed data.
  - 19. The system, as set forth in claim 17, wherein the user interface is operable to receive a user input selecting a displayed data component, and graphically highlight all data components correlated to the selected data component.
  - 20. The system, as set forth in claim 17, wherein the user interface is operable to receive a user input selecting a displayed data component, highlight the user selected data component, and highlight all data components correlated to the selected data component.
  - 21. The system, as set forth in claim 17, wherein the network driver captures network data packets of the intrusion event in response to the intrusion detection system detecting a predetermined intrusion signature.
  - 22. The system, as set forth in claim 17, wherein the decode engine decodes the captured data from a binary format to a human-readable text format.
  - 23. The system, as set forth in claim 17, wherein the decode engine decodes the captured data to decoded data having a data link layer protocol header, a network layer protocol header, a network layer protocol data summary, and packet data in hexadecimal format.
  - 24. The system, as set forth in claim 17, wherein the decode engine decodes the captured data to decoded data having an Ethernet header, an IP header, an IP data summary, and packet data in hexadecimal format.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Schertz, Richard L.

Application Number

US10/001,350
Publication Number

US 20030084318A1
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/20   for managing network securi...

H04L 67/75   Indicating network or usage...

System and method of graphically correlating data for an intrusion protection system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of graphically correlating data for an intrusion protection system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links