Firewall system and method via feedback from broad-scope monitoring for intrusion detection
6 Assignments
0 Petitions
Accused Products
Abstract
A broad-scope intrusion detection system analyzes traffic coming into multiple hosts or other customers'"'"' computers or sites. This provides additional data for analysis as compared to systems that just analyze the traffic coming into one customer'"'"'s site. Additional detection schemes can be used to recognize patterns that would otherwise be difficult or impossible to recognize with just a single customer detector. Standard signature detection methods can be used. Additionally, new signatures can be used based on broad-scope analysis goals. An anomaly is detected in the computer system, and then it is determined which devices or devices are anticipated to be affected by the anomaly in the future. These anticipated devices are then alerted to the potential for the future anomaly. The anomaly can be an intrusion or an intrusion attempt or reconnaissance activity.
-
Citations
42 Claims
-
1-22. -22. (canceled)
-
23. A method of alerting a device in a networked computer system to an anomaly, comprising:
-
determining that the device is anticipated to be affected by an anomaly by using network-based intrusion detection techniques comprising analyzing data entering into a plurality of hosts, servers, and computer sites in the networked computer system and by using pattern correlations across the plurality of hosts, servers, and computer sites; and
sending an alert to the device that the anomaly is anticipated at the device. - View Dependent Claims (24, 25, 26, 27, 28)
-
-
29. A method of anticipating a device in a networked computer system is to be affected by an anomaly, comprising:
-
detecting an anomaly at a first device in the computer system using network-based intrusion detection techniques comprising analyzing data entering into a plurality of hosts, servers, and computer sites in the networked computer system; and
determining a device that is anticipated to be affected by the anomaly by using pattern correlations across the plurality of hosts, servers, and computer sites. - View Dependent Claims (30, 31, 32, 33, 34, 35)
-
- 36. A computer-readable medium having computer-executable components comprising a data collection and processing center monitoring data communicated to a network, and detecting an anomaly in the network using network-based intrusion detection techniques comprising analyzing data entering into a plurality of hosts, servers, and computer sites in the networked computer system.
Specification