Multi-tier intrusion detection system
First Claim
Patent Images
1. A system comprising:
- a global intrusion detection (GID) agent, the GID agent to generate an update in response to first received information;
a number of network intrusion detection (NID) agents, each of the NID agents coupled with the GID agent, each NID agent to generate an alert in response to second received information; and
a number of local intrusion detection (LID) agents, each of the LID agents coupled with one of the NID agents, each LID agent to generate an alert in response to a detected event.
1 Assignment
0 Petitions
Accused Products
Abstract
A dynamic, multi-tier intrusion detection system for a computer network. The multi-tier intrusion detection system includes a global intrusion detection (GID) agent. A number of network intrusion detection (NID) agents may each be coupled with the GID agent, each NID agent being associated with a network. One or more local intrusion detection (LID) agents are coupled with each NID agent.
-
Citations
44 Claims
-
1. A system comprising:
-
a global intrusion detection (GID) agent, the GID agent to generate an update in response to first received information;
a number of network intrusion detection (NID) agents, each of the NID agents coupled with the GID agent, each NID agent to generate an alert in response to second received information; and
a number of local intrusion detection (LID) agents, each of the LID agents coupled with one of the NID agents, each LID agent to generate an alert in response to a detected event. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method comprising:
-
running a global intrusion detection (GID) agent on a first computer system;
running a network intrusion detection (NID) agent on each of a number of second computer systems, each second computer system coupled with the first computer system; and
running a local intrusion detection (LID) agent on each of a number of computing nodes, each computing node coupled with one of the second computer systems;
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A method comprising:
-
monitoring for the occurrence of an event at one of a number of local intrusion detection (LID) agents, each of the LID agents coupled with a network intrusion detection (NID) agent;
transmitting a first alert from the one LID agent to the NID agent in response to detection of the event, the NID agent coupled with a global intrusion detection (GID) agent; and
transmitting a second alert from the NID agent to the GID agent in response to the first alert. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. An intrusion detection system comprising:
-
a first tier, the first tier including a global intrusion detection (GID) agent running on a first computer system;
a second tier, the second tier including a number of network intrusion detection (NID) agents, each of the NID agents running on one of a number of second computer systems, each second computer system coupled with the first computer system; and
a third tier, the third tier including a number of local intrusion detection (LID) agents, each LID agent running on a computing node coupled with one of the second computer systems. - View Dependent Claims (39, 40)
-
-
41. A product comprising:
-
a first machine accessible medium providing content that, when accessed by a first machine, causes the first machine to provide a global intrusion detection agent;
a second machine accessible medium providing content that, when accessed by a second machine, causes the second machine to provide a network intrusion detection agent, the second machine coupled with the first machine; and
a third machine accessible medium providing content that, when accessed by a third machine, causes the third machine to provide a local intrusion detection agent, the third machine coupled with the second machine. - View Dependent Claims (42, 43, 44)
-
Specification