Adaptive intrusion detection system
First Claim
Patent Images
8. An intrusion detection system comprising:
- a vulnerability determination tool to identify defects on one or more computers, hosts, or combination thereof a correlation engine and database to correlate the defects with attack signatures to identify specific attack signatures that relate to the specific vulnerabilities identified;
an intrusion detection sensor to facilitate identifying and inhibiting or dropping IP sessions or communication traffic associated with the attempted exploitation of the specific vulnerabilities identified.
5 Assignments
0 Petitions
Accused Products
Abstract
An intrusion detection method wherein a vulnerability determination or vulnerability assessment of one or more computers or hosts is performed to determine whether and what vulnerabilities exist on the computers or hosts, accomplished by using existing vulnerability determination or vulnerability assessment information that can be continually updated. Attack signatures, which can also be continually updated, are identified and correlated with the specific vulnerabilities identified. One or more designated IP sessions associated with attempted vulnerability exploitation are then inhibited or disconnected.
145 Citations
16 Claims
-
8. An intrusion detection system comprising:
-
a vulnerability determination tool to identify defects on one or more computers, hosts, or combination thereof a correlation engine and database to correlate the defects with attack signatures to identify specific attack signatures that relate to the specific vulnerabilities identified;
an intrusion detection sensor to facilitate identifying and inhibiting or dropping IP sessions or communication traffic associated with the attempted exploitation of the specific vulnerabilities identified. - View Dependent Claims (1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 12, 13, 14, 15)
-
-
10-1. The intrusion detection system of claim 8 further comprising:
an application programming interface to pull vulnerability information into a vulnerability determination tool.
-
16. An intrusion detection method comprising:
-
retrieving network and system configuration information;
retrieving vulnerability information and attack signature rules;
analyzing potential vulnerabilities only for systems and services present in the network;
determining the presence of vulnerabilities or performing a vulnerability assessment of one or more computers or hosts to determine if the computers or hosts are vulnerable and what specific vulnerabilities exist on the computers;
retrieving vulnerability assessment information;
correlating the attack signatures with the specific vulnerabilities identified;
only examining communication traffic bound for vulnerable computers or hosts and/or only comparing communication traffic to the attack signatures that relate to the specific vulnerabilities of the computers, hosts or systems and services identified by the intrusion detection system; and
dropping or inhibiting traffic or instructing the security gateway to drop or inhibit traffic identified by the intrusion detection engine of the system or the firewall as matching the attack signatures that relate to the specific vulnerabilities identified by the intrusion detection system.
-
Specification