Intrusion detection system and network flow director method
First Claim
Patent Images
1. A method for intrusion detection, comprising:
- receiving at a probe data packets communicated over a first network link;
converting the received data packets into a format suitable for a second network link;
monitoring, by the probe, the received packets to evaluate network performance; and
transmitting, by the probe over a second network link, data-converted packets to an intrusion detection system in communication with the second network link.
10 Assignments
0 Petitions
Accused Products
Abstract
A system and related methods for detecting the occurrence of an intrusion attack. A network device, such a probe, monitors traffic on a first network and converts the traffic to a format that is suitable for transmission on a second network. The converted traffic is forwarded to an intrusion detection system for further processing. Prior to transmission, the converted data may be filtered to remove data that is not useful in detecting an intrusion attack.
66 Citations
43 Claims
-
1. A method for intrusion detection, comprising:
-
receiving at a probe data packets communicated over a first network link;
converting the received data packets into a format suitable for a second network link;
monitoring, by the probe, the received packets to evaluate network performance; and
transmitting, by the probe over a second network link, data-converted packets to an intrusion detection system in communication with the second network link. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A network performance probe comprising:
-
a first network interface for monitoring packets communicated over a first network link;
a packet converter for converting the monitored data packets into a format suitable for a second network link;
a second network interface for communicating, over a second network link, converted packets to an intrusion detection system in communication with the second network link. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 30, 31, 34, 35, 36, 37, 38, 39)
-
- 32. The system of claim 29 wherein the audit trail buffer comprises a memory for recording monitored packets for forensic analysis.
-
40. An article of manufacture comprising a program storage medium having computer readable program code embodied therein for providing intrusion detection, the computer readable program code in the article of manufacture including:
-
computer readable code for causing a computer to receive at a probe data packets communicated over a first network link;
computer readable code for causing a computer to convert the received data packets into a format suitable for a second network link;
computer readable code for causing a computer to monitor, via the probe, the received packets to evaluate network performance; and
computer readable code for causing a computer to transmit, via the probe over a second network link, data-converted packets to an intrusion detection system in communication with the second network link, so as to provide intrusion detection. - View Dependent Claims (41)
-
-
42. A program storage medium readable by a computer, tangibly embodying a program of instructions executable by the computer to perform method steps for providing intrusion detection, the method steps comprising:
-
receiving at a probe data packets communicated over a first network link;
converting the received data packets into a format suitable for a second network link;
monitoring, by the probe, the received packets to evaluate network performance; and
transmitting, by the probe over a second network link, data-converted packets to an intrusion detection system in communication with the second network link. - View Dependent Claims (43)
-
Specification