Parallel intrusion detection sensors with load balancing for high speed networks
1 Assignment
0 Petitions
Accused Products
Abstract
Various embodiments of a method and system for detecting unauthorized signatures to or from a local network. Multiple sensors are connected at an internetworking device, which can be a router or a switch. The sensors operate in parallel and each receives a portion of traffic through the internetworking device, at a session-based level or at a lower (packet-based) level. Depending on the type of internetworking device (router or switch) the load balancing mechanism that distributes the packets can be internal or external to the internetworking device. Also depending on the level of packet distribution (session-based or packet-based), the sensors share a network analyzer (if session-based) or both a network analyzer and a session analyzer (if packet-based).
-
Citations
42 Claims
-
1. canceled
-
2. canceled
-
3. canceled
-
4. canceled
-
5. canceled
-
6. canceled
-
7. canceled
-
8. canceled
-
9. canceled
-
10. canceled
-
11. canceled
-
12. canceled
-
13. canceled
-
14. canceled
-
15. canceled
-
16. canceled
-
17. canceled
-
18. canceled
-
19. canceled
-
20. A method for detecting network intrusion, comprising:
-
receiving a plurality of packets at an internetworking device coupled with a network;
distributing examination of the plurality of packets among a plurality of intrusion detection sensors operating in parallel in accordance with a load-balancing technique;
detecting a composite signature of more than one the plurality of packets; and
determining whether the composite signature is associated with an unauthorized access attempt to the network. - View Dependent Claims (21, 22, 23, 24)
-
-
25. A system for detecting network intrusion, comprising:
-
an internetworking device coupled with a network and operable to receive a plurality of packets;
a plurality of intrusion detection sensors operating in parallel and operable to receive the plurality of packets;
a load balancer operable to distribute examination of the plurality of packets among the plurality of intrusion detection sensors in accordance with a load-balancing technique; and
an analyzer operable detect a composite signature of more than one of the plurality of packets, the composite signature associated with an unauthorized access attempt to the network. - View Dependent Claims (26, 27, 28, 29)
-
-
30. A system for detecting network intrusion, comprising:
-
means for receiving a plurality of packets at an internetworking device coupled with a network;
means for distributing examination of the plurality of packets among a plurality of intrusion detection sensors operating in parallel in accordance with a load-balancing technique;
means for detecting a composite signature of more than one the plurality of packets; and
means for determining whether the composite signature is associated with an unauthorized access attempt to the network. - View Dependent Claims (31, 32, 33, 34)
-
-
35. Logic embodied in a computer readable medium, the computer readable medium comprising code operable to:
-
receive a plurality of packets at an internetworking device coupled with a network;
distribute the plurality of packets to a plurality of intrusion detection sensors operating in parallel;
examine the plurality of packets at the plurality of intrusion detection sensors in accordance with a load-balancing technique;
detect a composite signature of more than one the plurality of packets; and
determine whether the composite signature is associated with an unauthorized access attempt to the network. - View Dependent Claims (36, 37, 38, 39)
-
-
40. A method for detecting network intrusion, comprising:
-
receiving a plurality of packets at an internetworking device coupled with a network;
distributing the plurality of packets to a plurality of intrusion detection sensors operating in parallel;
examining the plurality of packets at the plurality of intrusion detection sensors in accordance with a load-balancing technique;
detecting a composite signature of more than one the plurality of packets; and
determining whether the composite signature is associated with an unauthorized access attempt to the network.
-
-
41. A system for detecting network intrusion, comprising:
-
an internetworking device coupled with a network and operable to receive a plurality of packets;
a plurality of intrusion detection sensors operating in parallel and operable to receive the plurality of packets;
a load balancer operable to determine a distribution of the examination of the plurality of packets at the plurality of intrusion detection sensors; and
an analyzer operable detect a composite signature of more than one of the plurality of packets, the composite signature associated with an unauthorized access attempt to the network.
-
-
42. A system for detecting network intrusion, comprising:
-
means for receiving a plurality of packets at an internetworking device coupled with a network;
means for distributing the plurality of packets to a plurality of intrusion detection sensors operating in parallel;
means for examining the plurality of packets at the plurality of intrusion detection sensors in accordance with a load-balancing technique;
means for detecting a composite signature of more than one the plurality of packets; and
means for determining whether the composite signature is associated with an unauthorized access attempt to the network.
-
Specification