Method and system for preventing, auditing and trending unauthorized traffic in network systems
First Claim
1. A method for preventing unauthorized traffic in a network system, the method comprising providing a router;
- creating signatures for network system resources, wherein each signature represents the behavior of a network system resource to an attack vector; and
emulating network system resources to understand the attack vector on the router, wherein emulating the network system resources is based on the signatures.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for preventing, auditing and trending unauthorized traffic in a network system is provided. The unauthorized traffic is detected at the router level. An attacker transmits an attack vector to the network system. The attack vector is detected at the router and signatures are created for network system resources, wherein each signature represents the response of a network system resource to the attack vector. Signatures are created by learning how the attack is taking place within the network system. Network system resources corresponding to the signatures are then emulated, thereby protecting the network device.
-
Citations
22 Claims
-
1. A method for preventing unauthorized traffic in a network system, the method comprising
providing a router; -
creating signatures for network system resources, wherein each signature represents the behavior of a network system resource to an attack vector; and
emulating network system resources to understand the attack vector on the router, wherein emulating the network system resources is based on the signatures. - View Dependent Claims (2, 3, 4, 5, 7, 8)
-
-
6. A method for learning information about unauthorized network traffic in a network system, the method comprising:
-
providing a router; and
emulating network system resources to understand an attack vector on the router and learn how the attack vector is occurring within the network system.
-
-
9. A method for auditing network traffic in a network system, the method comprising
providing a router; - and
creating a session audit policy based on an access control language, wherein the session audit policy is used to understand the network traffic. - View Dependent Claims (10, 11, 12, 13, 14)
- and
-
15. A system for preventing unauthorized network traffic in a network system, the system comprising:
-
a router;
a signature creator for creating signatures for network system resources, wherein each signature represents the behavior of a network system resource to an attack vector;
a system of record for storing the signatures for network system resources; and
a resource emulator disposed in the router for emulating the network system resources to understand the attack vector on the router, wherein emulating the network system resources is based on the signatures. - View Dependent Claims (16, 17)
-
-
18. A system for preventing unauthorized network traffic in a network, the system comprising:
-
means for routing;
means for creating signatures for network system resources, wherein each signature represents the behavior of a network system resource to an attack vector;
means for storing the signatures for the network system resources; and
means for emulating the network system resources to understand the attack vector, wherein emulating the network system resources is based on the signatures.
-
-
19. A system comprising:
-
a router; and
a computer coupled to the router and including an adaptive service learning software module for emulating network system resources to understand an attack vector and learn how the attack vector is occurring within a network.
-
-
20. A device for learning information about unauthorized network traffic in a network system, the device comprising:
-
a router; and
an adaptive service learning module disposed in the router for emulating network system resources to understand an attack vector and learn how the attack vector is occurring within a network.
-
-
21. An apparatus for preventing unauthorized traffic in a network, the apparatus comprising:
-
a processing system including a processor coupled to a display and user input device;
a machine-readable medium including instructions executable by the processor comprising one or more instructions for providing a router;
one or more instructions for creating signatures for network system resources, wherein each signature represents the behavior of a network system resource to an attack vector; and
one or more instructions for emulating the network system resources to understand the attack vector on the router, wherein emulating the network system resources is based on the signatures.
-
-
22. A machine-readable medium including instructions executable by the processor for preventing unauthorized traffic in a network, the machine-readable medium comprising:
-
one or more instructions for providing a router;
one or more instructions for creating signatures for network system resources, wherein each signature represents the behavior of a network system resource to an attack vector; and
one or more instructions for emulating the network system resources to understand the attack vector on the router, wherein emulating the network system resources is based on the signatures.
-
Specification