Systems and methods for dynamic and risk-aware network security

US 20060206615A1
Filed: 05/30/2003
Published: 09/14/2006
Est. Priority Date: 05/30/2003
Status: Abandoned Application

First Claim

Patent Images

1. A network security system, comprising:

a static policy data store;

a dynamic policy data store;

an authorization enforcement facility (AEF) in communication with said static policy data store and said dynamic policy data store and operable to perform a risk-aware analysis of a connection.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for dynamic and risk-aware network security are described. In one embodiment, a system dynamically assesses whether a connection over a communications medium (102) is anomalous (suspicious, malicious, deviating from normal behavior, fits a certain profile or pattern, or has the potential to be any one of these) and generates an appropriate response depending on whether the connection is deemed to be normal or anomalous for a specified period of time. The types of responses include, but are not limited to, blocking the source of the connection from connecting to its intended destination, altering the destination of the connection, auditing the connection, or any combination of these.

Citations

17 Claims

1. A network security system, comprising:
- a static policy data store;
  
  a dynamic policy data store;
  
  an authorization enforcement facility (AEF) in communication with said static policy data store and said dynamic policy data store and operable to perform a risk-aware analysis of a connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The network security system of claim 1, wherein said static policy data store comprises at least one of a constraint, a role, a node-role assignment, a threshold value, a node value, a service value, and an action value.
  - 3. The network security system of claim 2, wherein said threshold value is inversely proportional to said node value.
  - 4. The network security system of claim 2, wherein said threshold value is inversely proportional to said node value.
  - 5. The network security system of claim 1, wherein said dynamic policy data store comprises a threat level table.
  - 6. The network security system of claim 1, wherein said AEF is further operable to generate a response to said connection.
  - 7. The network security system of claim 6, wherein said response comprises at least one of blocking the source of said connection from connecting to an intended destination, altering said intended destination of said connection, and auditing said connection.
  - 8. The network security system of claim 1, wherein said AEF is further operable to generate a countermeasure.
  - 9. The network security system of claim 8, wherein said wherein said countermeasure comprises an active countermeasure or a passive countermeasure.
  - 10. The network security system of claim 1, wherein said AEF comprises a router, a gateway, a hardware appliance, or a web server.
  - 11. The network security system of claim 1, further comprising a firewall in communication with said AEF.
  - 12. The network security system of claim 1, further comprising an intrusion detection system in communication with said AEF.

13. A method comprising:
- receiving a static policy data attribute from a static policy data store;
  
  receiving a connection request directed to a node;
  
  receiving a dynamic policy data attribute from a dynamic policy data store;
  
  determining whether said connection request is anomalous based at least in part on said static policy data attribute and at least in part on said dynamic policy data attribute.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13, further comprising responding to said connection request.
  - 15. The method of claim 14, wherein responding comprises at least one of forwarding said connection request to said node;
    - blocking the source of said connection from connecting to an intended destination, altering said intended destination of said connection, and auditing said connection.
  - 16. The method of claim 13, further comprising updating said dynamic policy data attribute in said dynamic policy data store based on a result of said determining.
  - 17. The method of claim 13, wherein said updating comprises increasing a threat level if the connection request is determined to be anomalous.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Calyptix Security
Original Assignee
Calyptix Security
Inventors
Ahn, Gail-Joon, Zheng, Yuliang, Teo, Lawrence Chin Shiun

Application Number

US10/553,306
Publication Number

US 20060206615A1
Time in Patent Office

Days
Field of Search
US Class Current

709/229
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/102   Entity profiles

H04L 63/1408   by monitoring network traff...

H04L 63/145   the attack involving the pr...

Systems and methods for dynamic and risk-aware network security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for dynamic and risk-aware network security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links