System for intrusion detection and vulnerability assessment in a computer network using simulation and machine learning
First Claim
1. A system for predicting and preventing unauthorized intrusion in a computer configuration comprising at least one of a computing device and a communication network, the system comprising:
- the communication network to which at least two computing devices connect, wherein at least one of the computing devices is operable to receive data transmitted by the other computing device;
a database accessible over the network and operable to store information related to the network;
a vulnerability assessment component that is operable to execute a command over the communication network;
a data monitoring utility that is operable to monitor data transmitted over the communication network as the vulnerability assessment component executes commands; and
an intrusion detection component that is operable to provide a simulated copy of the network, to generate a first data transmission on the simulated copy of the network that represents a second data transmission transmitted on the communication network, and to compare the first data transmission with the second data transmission;
wherein the vulnerability assessment component preferably interfaces with the intrusion detection component to define rules associated with the first and second data transmissions, to store the rules in the database, and to retrieve the rules from the database in order to predict and prevent unauthorized intrusion in the computer configuration.
0 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a system and method for predicting and preventing unauthorized intrusion in a computer configuration. Preferably, the invention comprises a communication network to which at least two computing devices connect, wherein at least one of the computing devices is operable to receive data transmitted by the other computing device. The invention further comprises a database that is accessible over the network and operable to store information related to the network. A vulnerability assessment component is provided that is operable to execute a command over the communication network, and a data monitoring utility operates to monitor data transmitted over the communication network as the vulnerability assessment component executes commands. Also, an intrusion detection component is included that is operable to provide a simulated copy of the network, to generate a first data transmission on the simulated copy of the network that represents a second data transmission on the communication network, and to compare the first data transmission with a second data transmission. The vulnerability assessment component preferably interfaces with the intrusion detection component to define rules associated with the first and second data transmissions, to store the rules in the database, and to retrieve the rules from the database in order to predict and prevent unauthorized intrusion in the computer configuration.
-
Citations
19 Claims
-
1. A system for predicting and preventing unauthorized intrusion in a computer configuration comprising at least one of a computing device and a communication network, the system comprising:
-
the communication network to which at least two computing devices connect, wherein at least one of the computing devices is operable to receive data transmitted by the other computing device;
a database accessible over the network and operable to store information related to the network;
a vulnerability assessment component that is operable to execute a command over the communication network;
a data monitoring utility that is operable to monitor data transmitted over the communication network as the vulnerability assessment component executes commands; and
an intrusion detection component that is operable to provide a simulated copy of the network, to generate a first data transmission on the simulated copy of the network that represents a second data transmission transmitted on the communication network, and to compare the first data transmission with the second data transmission;
wherein the vulnerability assessment component preferably interfaces with the intrusion detection component to define rules associated with the first and second data transmissions, to store the rules in the database, and to retrieve the rules from the database in order to predict and prevent unauthorized intrusion in the computer configuration. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for predicting and preventing unauthorized intrusion in a computer configuration comprising at least one of a computing device and a communication network, the system comprising:
-
providing a database accessible over the communication network and operable to store information related to the network;
executing a command over the communication network;
monitoring data transmitted over the communication network as the command is executed; and
providing a simulated copy of the network, generating a first data transmission on the simulated copy of the network that represents a second data transmission transmitted on the communication network, and comparing the first data transmission to the second data transmission;
defining rules associated with the first and second data transmissions, storing the rules in the database, and retrieving the rules from the database in order to predict and prevent unauthorized intrusion in the computer configuration. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
Specification