Network intrusion detection system and method
First Claim
1. A network intrusion detection system, comprising:
- a processor;
a memory accessible by the processor;
a monitor application stored in the memory and executable by the processor, the monitor application adapted to monitor network activity associated with a network node;
a profile application stored in the memory and executable by the processor, the profile application adapted to automatically generate an activity profile associated with the network node using the monitored network activity; and
a recognition engine stored in the memory and executable by the processor, the recognition engine adapted to compare a network event to the activity profile to determine whether the network event is authorized for the network node.
2 Assignments
0 Petitions
Accused Products
Abstract
A network intrusion detection system comprises a processor and a memory accessible by the processor. The system also comprises a monitor application stored in the memory and executable by the processor. The monitor application is adapted to monitor network activity associated with a network node. The system also comprises a profile application stored in the memory and executable by the processor. The profile application is adapted to automatically generate an activity profile associated with the network node using the monitored network activity. The system further comprises a recognition engine stored in the memory and executable by the processor. The recognition engine is adapted to compare a network event to the activity profile to determine whether the network event is authorized for the network node.
166 Citations
33 Claims
-
1. A network intrusion detection system, comprising:
-
a processor;
a memory accessible by the processor;
a monitor application stored in the memory and executable by the processor, the monitor application adapted to monitor network activity associated with a network node;
a profile application stored in the memory and executable by the processor, the profile application adapted to automatically generate an activity profile associated with the network node using the monitored network activity; and
a recognition engine stored in the memory and executable by the processor, the recognition engine adapted to compare a network event to the activity profile to determine whether the network event is authorized for the network node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for network intrusion detection, comprising:
-
monitoring network activity associated with a network node for a predetermined time period;
automatically generating an activity profile corresponding to the network node using the monitored network activity;
identifying a network event associated with the network node; and
automatically determining whether the network event is authorized for the network node using the activity profile. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A network detection intrusion system, comprising:
-
a plurality of nodes coupled to a server via a network;
a monitoring application accessibly by the server and adapted to monitor network activity between the plurality of nodes;
a profile application accessible by the server and adapted to generate an activity profile for each of the plurality of nodes; and
a recognition engine accessible by the server and adapted to compare a network event corresponding to one of the plurality of nodes to the activity profile corresponding to the one node to determine whether the network event is authorized for the one node. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
-
-
27. A computer program for assisting in network intrusion detection, comprising:
-
a computer-readable medium; and
a profile application stored on the computer-readable medium, the profile application adapted to monitor network activity and generate an activity profile using the monitored network activity, the activity profile used to determine whether a network event is authorized. - View Dependent Claims (28, 29, 30, 31, 32, 33)
-
Specification