Method and system for protecting computer networks by altering unwanted network data traffic
First Claim
1. A computer-implemented method for protecting a computer network, comprising the steps of:
- monitoring network data carried by the computer network;
analyzing byte information of the network data to determine whether the network data comprises one of a plurality of intrusion events; and
in response to detecting one of the intrusion events, altering at least a portion of the byte information associated with the intrusion event and forwarding the altered byte information to an intended destination on the computer network, otherwise, passing the byte information without alteration to the destination in the absence of detecting one of the intrusion events.
4 Assignments
0 Petitions
Accused Products
Abstract
Protecting computer networks by altering unwanted network data traffic. An Intrusion Protection System (IPS) or an Intrusion Detection System (IDS) can monitor network data traffic comprising byte information. This network security device analyzes network data traffic at the byte level to determine whether an intrusion event is present in the network data traffic. If an intrusion event is detected, the network security device alters at least a portion of the relevant byte information to prevent the occurrence of a successful intrusion event at the intended destination. This altered byte information is then passed to the destination by the network security device. If an intrusion event is not present, the network security device passes the byte information without alteration to the destination.
151 Citations
10 Claims
-
1. A computer-implemented method for protecting a computer network, comprising the steps of:
-
monitoring network data carried by the computer network;
analyzing byte information of the network data to determine whether the network data comprises one of a plurality of intrusion events; and
in response to detecting one of the intrusion events, altering at least a portion of the byte information associated with the intrusion event and forwarding the altered byte information to an intended destination on the computer network, otherwise, passing the byte information without alteration to the destination in the absence of detecting one of the intrusion events. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented method for protecting a computer network, comprising the steps of:
-
monitoring network data carried by the computer network;
analyzing byte information of the network data to determine whether the network data comprises one of a plurality of intrusion events, the byte information comprising a plurality of bytes for the network data;
in response to detecting one of the intrusion events, altering at least a portion of the byte information associated with the intrusion event by;
determining the location of the intrusion event within the network data, inspecting each of the bytes at the location of the intrusion event, identifying each byte that requires alteration to prevent a successful occurrence of the intrusion event at the destination, the alteration defined by a response plan associated with the intrusion event, and completing the alteration of each identified byte in accordance with the response plan, forwarding the altered byte information to an intended destination on the computer network, and in the absence of detecting one of the intrusion events, passing the byte information without alteration to the destination.
-
-
9. A computer-implemented system for protecting a computer network from intrusion by an unauthorized user, comprising:
-
a monitoring program module operative to analyze network data transported by the computer network to determine whether the network data comprises one of a plurality of intrusion events and, in the absence of identifying one of the intrusion events, passing the network data to an intended destination on the computer network; and
an alteration program module, communicatively coupled to the analysis program module, operative to respond to the detection of one of the intrusion events by altering at least a portion of byte-level information of the network data corresponding to the intrusion event and forwarding the altered portion of the network data to the intended destination on the computer network.
-
-
10. A computer-implemented method for protecting a computer network, comprising the steps of:
-
monitoring network data carried by the computer network;
analyzing the network data to determine whether the network data comprises an intrusion event; and
in the event that the network data fails to comprise one of a plurality of intrusion events, passing the network data to a destination coupled to the computer network;
in the event that the network data comprises one of the intrusion events, altering at least a portion of the network data associated with the intrusion event and forwarding the network data comprising the portion of altered network data and any remainder of unaltered network data to the destination, thereby preventing the occurrence of a successful intrusion event at the destination.
-
Specification