Mitigation and mitigation management of attacks in networked systems
First Claim
1. A computer program product residing on a computer readable medium for producing recommended mitigation plans to mitigate intrusions in a networked system, the program comprising instructions for causing a processor to:
- manage mitigation plans stored in a database; and
communicate with network devices on the network system to implement and maintain the mitigation plans.
3 Assignments
0 Petitions
Accused Products
Abstract
A system includes a plurality of collector devices that are disposed to collect statistical information on packets that are sent between nodes on a network. The system also includes a stackable aggregator that receives network data from the plurality of collector devices, and which produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The stackable aggregator includes a manager blade, a database blade, and two or more, analyzer blades.
-
Citations
23 Claims
-
1. A computer program product residing on a computer readable medium for producing recommended mitigation plans to mitigate intrusions in a networked system, the program comprising instructions for causing a processor to:
-
manage mitigation plans stored in a database; and
communicate with network devices on the network system to implement and maintain the mitigation plans. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer program product for an intrusion detection system to produce recommended mitigation plans, comprises instructions for causing a processor to:
use unicast routing and unicast reverse path forwarding protocols to provide a route based black hole process to advertise a more specific route for misbehaving hosts than available on the network, associated with its null interface. - View Dependent Claims (11, 12)
-
13. A computer program product residing on a computer readable medium for producing recommended mitigation plans to mitigate intrusions in a networked system, the program comprising instructions for causing a processor to:
- disable hosts by turning off a specific port on the switch based on a list of every switch that the user wants to be considered for disabling hosts by turning off a specific port.
- View Dependent Claims (14, 15, 16)
-
17. A mitigation plan detail interface comprises:
-
a first section for listing active mitigation plans, which are actions that the user has specifically activated;
a second section for listing inactive mitigation plans, which are actions that the user has decided not to accept. - View Dependent Claims (18, 19, 20, 21)
-
-
22. A system, comprising:
-
a plurality of collector devices disposed to collect statistical information on packets sent between nodes on a network;
a stackable aggregator device that receives network data from the plurality of collector devices, the aggregator device producing a connection table that maps each node on the network to a record that stores information about traffic to or from the node, the stackable aggregator comprising;
a manager blade, a database blade, and two or more, analyzer blades and wherein each blade includes a mitigation engine to manage mitigation plans stored in a database and to communicate with network devices to implement and maintain mitigation plans.
-
-
23. A computer program product for minimizing effects of configuration errors or accidental bad mitigation plans in a intrusion detection system, comprises instructions to:
-
manage mitigation plans in a database;
communicate with network devices to implement and maintain mitigation plans; and
log all configuration changes to the network devices by a time stamp in order to undo mitigation plan based changes to recover from a configuration error resulting from a mitigation action.
-
Specification