Method and apparatus for predicting and preventing attacks in communications networks
First Claim
1. An apparatus for security management in a data, voice, or video network comprising, in combination:
- at least one data collector;
precursor discovery means for identifying, among collected data, at least one precursor of an attack on said network;
at least one monitor for detecting the presence of at least one of said identified precursors on said network; and
at least one means for protecting at least one of said network, one or more associated applications, one or more associated systems, and one or more associated network services when at least one of said identified precursors is detected.
6 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment of a method and apparatus for predicting and preventing network attacks, data is collected from network devices during an attack. The collected data is analyzed to identify specific temporal precursors of the attack. The future network activity is then monitored for the presence of the identified temporal attack precursors. When the presence of a precursor is detected, appropriate protective action is taken. Preferably, all steps in this process occur automatically. In the preferred embodiment, the process is performed under the control of one or more network or element management systems. The possible network domain includes data, voice, and video networks and multiple, interconnected network technologies. In one embodiment, triggers responsive to the presence of the identified precursors are placed into a network or element management system. The preferred embodiment of the invention utilizes machine-learning algorithms for discovering precursors of attacks, but any suitable algorithm may be used. The invention may be used in “attack autopsy” mode only, monitoring mode only, or both. Among other uses, the invention allows integration of Intrusion Detection Systems with Network Management Systems.
187 Citations
23 Claims
-
1. An apparatus for security management in a data, voice, or video network comprising, in combination:
-
at least one data collector;
precursor discovery means for identifying, among collected data, at least one precursor of an attack on said network;
at least one monitor for detecting the presence of at least one of said identified precursors on said network; and
at least one means for protecting at least one of said network, one or more associated applications, one or more associated systems, and one or more associated network services when at least one of said identified precursors is detected. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An apparatus for predicting attacks on a communications network comprising, in combination:
-
at least one data collector;
precursor discovery means for identifying at least one precursor of an attack on said network among collected data; and
at least one monitor for detecting the presence of at least one of said identified precursors on said network - View Dependent Claims (7, 8, 9)
-
-
10. An apparatus for preventing attacks in a communications network comprising, in combination:
-
at least one monitor for detecting the presence of at least one known temporal precursor of an attack on said network; and
protective means for protecting said network if at least one of said known precursors is detected. - View Dependent Claims (11, 12, 13)
-
-
14. A method for security management in a data, voice, or video network comprising the steps, in combination, of:
-
collecting data during an attack on said network;
identifying one or more precursors of said attack;
monitoring said network for the presence of one or more of said precursors; and
taking one or more actions to protect at least one of said network, one or more associated applications, one or more associated systems, and one or more associated network services when the presence of any of said precursors is detected. - View Dependent Claims (15, 16, 17)
-
-
18. A method for predicting attacks in a communications network comprising the steps, in combination, of:
-
collecting data during an attack on said network;
identifying one or more precursors of said attack; and
monitoring said network for the presence of one or more of said attack precursors. - View Dependent Claims (19)
-
-
20. A method for preventing attacks in a communications network comprising the steps, in combination, of:
-
monitoring said network for the presence of one or more known precursors of an attack on said network; and
taking one or more actions to protect said network if the presence of any of said precursors is detected. - View Dependent Claims (21, 22, 23)
-
Specification