Network security apparatus, network security control method and network security system

US 20070074272A1
Filed: 01/27/2006
Published: 03/29/2007
Est. Priority Date: 09/29/2005
Status: Active Grant

First Claim

Patent Images

1. A network security apparatus for monitoring telecommunication information flowing through a network and carrying out detection of, and/or protection from, an illegitimate intrusion to the network, comprising:

an anomaly judgment unit for judging a presence or absence of an abnormality of the telecommunication information based on judgment reference information by using a statistical method;

a learning unit for creating the judgment reference information from the telecommunication information;

a first port for importing first telecommunication information currently from the network;

a second port for importing second telecommunication information accumulated by a telecommunication information accumulation apparatus historically; and

a telecommunication information allocation unit for allocating the first and second telecommunication information taken in respectively from the first and second ports to the anomaly judgment unit and the learning unit, wherein the learning unit creates the judgment reference information by learning the first and/or second telecommunication information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a network security apparatus for monitoring telecommunication information flowing through a network and carrying out detection of, and/or protection from, an illegitimate intrusion to the network, comprising: an anomaly judgment unit for judging a presence or absence of an abnormality of the telecommunication information based on judgment reference information by using a statistical method; a learning unit for creating the judgment reference information from the telecommunication information; a first port for importing first telecommunication information currently from the network; a second port for importing second telecommunication information accumulated by a telecommunication information accumulation apparatus historically; and a telecommunication information allocation unit for allocating the first and second telecommunication information taken in respectively from the first and second ports to the anomaly judgment unit and the learning unit, wherein the learning unit creates the judgment reference information by learning the first and/or second telecommunication information.

107 Citations

View as Search Results

11 Claims

1. A network security apparatus for monitoring telecommunication information flowing through a network and carrying out detection of, and/or protection from, an illegitimate intrusion to the network, comprising:
- an anomaly judgment unit for judging a presence or absence of an abnormality of the telecommunication information based on judgment reference information by using a statistical method;
  
  a learning unit for creating the judgment reference information from the telecommunication information;
  
  a first port for importing first telecommunication information currently from the network;
  
  a second port for importing second telecommunication information accumulated by a telecommunication information accumulation apparatus historically; and
  
  a telecommunication information allocation unit for allocating the first and second telecommunication information taken in respectively from the first and second ports to the anomaly judgment unit and the learning unit, wherein the learning unit creates the judgment reference information by learning the first and/or second telecommunication information.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The network security apparatus according to claim 1, further comprising a performance management unit for controlling a presence or absence of an input of said second telecommunication information from said telecommunication information accumulation apparatus byway of said second port and/or a replay rate of the second telecommunication information in the telecommunication information accumulation apparatus depending on a magnitude of a processing load at the network security apparatus.
  - 3. The network security apparatus according to claim 1, wherein said telecommunication information allocation unit categorizes said first and second telecommunication information into a time independent item and a time dependent item, simply multiplexes the time independent item included in the first and second telecommunication information, and makes the time dependent item of the second telecommunication information conform to a processing speed of the time dependent item of the first telecommunication information based on timing information at the time of picking up the second telecommunication information.
  - 4. The network security apparatus according to claim 1, further comprising a recognition unit for recognizing third telecommunication information which is mixed in said second telecommunication information coming in from said telecommunication information accumulation apparatus and includes information indicating a replay rate of the second telecommunication information therein.
  - 5. The network security apparatus according to claim 1, wherein said second port is logically multi-functioned with an apparatus management port for externally managing the aforementioned network security apparatus.
  - 6. The network security apparatus according to claim 1, further comprising a replay rate conversion unit, intervening between said telecommunication information accumulation apparatus and the network security apparatus, for inputting said second telecommunication information to said second port at a replay rate instructed by the network security apparatus, and making third telecommunication information, which indicates the replay rate of the second telecommunication information in the telecommunication information accumulation apparatus, mixed in the second telecommunication information.
  - 7. The network security apparatus according to claim 1, further comprising a intrusion detection unit, being equipped at the front stage of said telecommunication information allocation unit, for carrying out a detection and protection processing for said second telecommunication information based on the same security policy as said first telecommunication information.

8. A control method for use in a network security apparatus for monitoring telecommunication information flowing through a network and carrying out detection of, and/or protection from, an illegitimate intrusion to the network, comprising:
- a first process for accumulating second telecommunication information which flowed through the network historically;
  
  a second process for inputting first telecommunication information currently flowing through the network and the second telecommunication information in parallel; and
  
  a third process for learning, from the first and/or second telecommunication information, judgment reference information used for an abnormality judgment which judges a presence or absence of an abnormality of the first telecommunication information by using a statistical method.
- View Dependent Claims (9, 10)
- - 9. The control method for use in a network security apparatus according to claim 8, wherein said second process performs a detection and protection processing for said second telecommunication information based on the same security policy as said first telecommunication information.
  - 10. The control method for use in a network security apparatus according to claim 9, wherein said third process categorizes said first and second telecommunication information into a time independent item and a time dependent item, simply multiplexes the time independent item included in the first and second telecommunication information, and makes the time dependent item of the second telecommunication information conform to a processing speed of the time dependent item of the first telecommunication information based on timing information at the time of picking up the second telecommunication information.

11. A network security system, including:
- a network security apparatus comprising a first port, being connected to a network as the subject of monitoring, for importing first telecommunication information currently flowing through the network, a second port for importing second telecommunication information of the network historically which is accumulated in a telecommunication information accumulation apparatus, and a learning unit for learning judgment reference information used for an abnormality judgment which judges a presence or absence of an abnormality of the telecommunication information by using a statistical method; and
  
  a replay rate control apparatus, existing between the network security apparatus and the telecommunication information accumulation apparatus, for controlling a replay rate of the second telecommunication information from the telecommunication information accumulation apparatus to the network security apparatus.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Watanabe, Naotoshi

Granted Patent

US 8,544,063 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

H04L 63/1408 by monitoring network traff...

Network security apparatus, network security control method and network security system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

107 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Network security apparatus, network security control method and network security system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

107 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links