System and method of intrusion detection employing broad-scope monitoring
First Claim
Patent Images
1. An intrusion detection system for a computer network comprising:
- a plurality of devices coupled to the computer network, each device adapted to at least one of;
sense data and provide the data to a data collection and processing center, and be adjustable; and
the data collection and processing center comprising a computer with a firewall coupled to the computer network, the data collection and processing center monitoring data communicated from the plurality of devices coupled to the network.
1 Assignment
0 Petitions
Accused Products
Abstract
A broad-scope intrusion detection system analyzes traffic coming into multiple hosts or other customers'"'"' computers or sites. This provides additional data for analysis as compared to systems that just analyze the traffic coming into one customer'"'"'s site. Additional detection schemes can be used to recognize patterns that would otherwise be difficult or impossible to recognize with just a single customer detector. Standard signature detection methods can be used. Additionally, new signatures can be used based on broad-scope analysis goals.
335 Citations
22 Claims
-
1. An intrusion detection system for a computer network comprising:
-
a plurality of devices coupled to the computer network, each device adapted to at least one of;
sense data and provide the data to a data collection and processing center, and be adjustable; and
the data collection and processing center comprising a computer with a firewall coupled to the computer network, the data collection and processing center monitoring data communicated from the plurality of devices coupled to the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of detecting an anomaly in a networked computer system having a plurality of devices networked together, comprising:
-
receiving data at at least one of the plurality of devices from at least one of a plurality of sources;
providing the data from the plurality of devices to an analysis engine; and
analyzing the data to detect an anomaly. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification