Differential intrusion detection in networks

US 20060075498A1
Filed: 10/06/2005
Published: 04/06/2006
Est. Priority Date: 10/06/2004
Status: Abandoned Application

First Claim

Patent Images

1. An apparatus comprising:

an intrusion detection system adapted to perform pattern matching on a received packet to detect intrusion, and to determine whether to perform pattern matching based on a received first control signal; and

a switching device adapted to determine whether the received packet is a packet requiring pattern matching, and to generate and transmit the first control signal to the intrusion detection system based on the determination result, the first control signal including information indicating whether pattern matching is to be performed on the received packet.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Automatic differential intrusion detection in a network using an Intrusion Detection System (IDS) as a security device is provided, in order to enhance Quality of Service (QoS) for a packet requiring real-time processing. A delay caused by the IDS is reduced by applying differential IDS pattern matching according to the type of packet, thus reducing the time needed to process the packet.

35 Citations

View as Search Results

18 Claims

1. An apparatus comprising:
- an intrusion detection system adapted to perform pattern matching on a received packet to detect intrusion, and to determine whether to perform pattern matching based on a received first control signal; and
  
  a switching device adapted to determine whether the received packet is a packet requiring pattern matching, and to generate and transmit the first control signal to the intrusion detection system based on the determination result, the first control signal including information indicating whether pattern matching is to be performed on the received packet.
- View Dependent Claims (2)
- - 2. The apparatus according to claim 1, wherein the first control signal includes Internet Protocol (IP) information and port information of the received packet and information indicating whether the pattern matching is to be performed on the received packet.

3. An apparatus comprising:
- an intrusion detection system adapted to perform pattern matching on a received packet to detect intrusion, and to determine whether to perform pattern matching based on a received first control signal; and
  
  a switching device adapted to determine whether the received packet is a packet requiring real-time processing, and to generate and transmit the first control signal to the intrusion detection system based on the determination result, the first control signal including information indicating whether pattern matching is to be performed on the received packet.
- View Dependent Claims (4, 5, 6, 7, 8)
- - 4. The apparatus according to claim 3, wherein the packet requiring real-time processing is a Voice over Internet Protocol (VoIP) packet.
  - 5. The apparatus according to claim 3, wherein the first control signal includes Internet Protocol (IP) information and port information of the received packet and information indicating whether pattern matching is to be performed on a packet received via a relevant port.
  - 6. The apparatus according to claim 3, wherein the switching device is adapted to output the first control signal to the intrusion detection system in response to a determination that the received packet is a packet requiring the real-time processing, the first control signal including Internet Protocol (IP) information and port information of the received packet, and information to block pattern matching for the packet received via a relevant port.
  - 7. The apparatus according to claim 6, wherein the switching device is adapted to output the first control signal to the intrusion detection system in response to a determination that receipt of the packet requiring real-time processing via the port for which pattern matching has been blocked has been terminated, the first control signal including the Internet Protocol (IP) information and the port information of the received packet, and information to perform pattern matching.
  - 8. The apparatus according to claim 3, wherein the switching device comprises a Voice over Internet Protocol (VoIP) signaling processor adapted to check Internet Protocol (IP) and port information of a received VoIP packet and to generate and output the first control signal, the first control signal including the IP information and the port information and the information indicating whether pattern matching is to be blocked.

9. An apparatus comprising:
- an intrusion detector adapted to perform pattern matching on a received packet to detect intrusion; and
  
  a switch adapted to determine whether the received packet is a packet requiring real-time processing and, upon a determination that the received packet requires real-time processing, to transmit a control signal to the intrusion detector via Inter-Processor Communication (IPC), the control signal including information to block pattern matching on the received packet.

10. An apparatus comprising:
- an intrusion detection system adapted to perform pattern matching on a received packet to detect intrusion, and to determine whether to perform pattern matching based on a received control signal; and
  
  a switching device adapted to determine whether the received packet is a first packet of a call and, upon a determination that the received packet is the first packet of a call, to transmit the control signal to the intrusion detection system, the control signal including information indicates whether pattern matching is to be performed on the received packet.
- View Dependent Claims (11, 12)
- - 11. The apparatus according to claim 10, wherein the control signal includes at least Internet Protocol (IP) information and port information of the received packet and information indicating whether to pattern matching is to be performed on the received packet.
  - 12. The apparatus according to claim 11, wherein the control signal further includes information indicating that the intrusion detection system is a destination.

13. A method comprising:
- receiving a packet;
  
  determining whether the received packet is a packet requiring perform pattern matching; and
  
  performing packet matching on the packet requiring pattern matching and not performing packet matching on a packet not requiring pattern matching, based on the determination result.
- View Dependent Claims (14, 15, 16)
- - 14. The method according to claim 13, wherein determining whether the received packet requires pattern matching is based on Internet Protocol (IP) information and port information included in the packet.
  - 15. The method according to claim 13, wherein determining whether the received packet requires pattern matching is effected by determining a packet received via a port for which pattern matching has been blocked as a packet not requiring pattern matching and a packet received via a port for which pattern matching has not been blocked as a packet requiring pattern matching.
  - 16. The method according to claim 15, wherein, upon a determination that receipt of a packet not requiring pattern matching via the port being terminated, subsequent packets received via the port being determined to be packets requiring pattern matching.

17. A method comprising:
- receiving a packet;
  
  determining whether the received packet is a packet requiring real-time processing; and
  
  not performing pattern matching on packet requiring the real-time processing, and performing pattern matching on a packet not requiring the real-time processing, based on the determination result.
- View Dependent Claims (18)
- - 18. The method according to claim 17, wherein the packet requiring real-time processing is a Voice over Internet Protocol (VoIP) packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Yeom, Eung-Moon

Application Number

US11/244,111
Publication Number

US 20060075498A1
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

H04L 63/1416 Event detection, e.g. attac...

H04L 63/1441 Countermeasures against mal...

Differential intrusion detection in networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

35 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Differential intrusion detection in networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others