Interoperability of Vulnerability and Intrusion Detection Systems
First Claim
1. A computer-implemented method for protecting a network, the method comprising:
- gathering information about the network;
using the gathered information to determine vulnerabilities of one or more hosts on the network;
examining network traffic to determine intrusions on the network; and
correlating the determined vulnerabilities of the hosts with the detected intrusions to identify network traffic indicative of an exploitation of one or more of the determined vulnerabilities.
11 Assignments
0 Petitions
Accused Products
Abstract
A system in accordance with an embodiment of the invention includes a vulnerability detection system (VDS) and an intrusion detection system (IDS). The intrusion detection system leverages off of information gathered about a network, such as vulnerabilities, so that it only examines and alerts the user to potential intrusions that could actually affect the particular network. In addition, both the VDS and IDS may use rules in performing their respective analyses that are query-based and that are easy to construct. In particular, these rules may be based on a set of templates, which represent various entities or processes on the network.
-
Citations
48 Claims
-
1. A computer-implemented method for protecting a network, the method comprising:
-
gathering information about the network;
using the gathered information to determine vulnerabilities of one or more hosts on the network;
examining network traffic to determine intrusions on the network; and
correlating the determined vulnerabilities of the hosts with the detected intrusions to identify network traffic indicative of an exploitation of one or more of the determined vulnerabilities. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer-implemented method for protecting a network by a vulnerability detection system in cooperation with an intrusion detection system, the method comprising:
-
gathering information about the network;
using the gathered information to determine vulnerabilities of one or more hosts on the network; and
communicating the determined vulnerabilities to an intrusion detection system that is configured to examine network traffic to determine intrusions in the network and correlate the determined vulnerabilities of the hosts with the detected intrusions to identify potentially threatening malicious activity. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A computer program product for protecting a network, the computer program product comprising a computer-readable medium containing computer program code for:
-
gathering information about the network;
using the gathered information to determine vulnerabilities of one or more hosts on the network;
examining network traffic to determine intrusions on the network; and
correlating the determined vulnerabilities of the hosts with the detected intrusions to identify network traffic indicative of an exploitation of one or more of the determined vulnerabilities. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. A computer program product for protecting a network by a vulnerability detection system in cooperation with an intrusion detection system, the computer program product comprising a computer-readable medium containing computer program code for:
-
gathering information about the network;
using the gathered information to determine vulnerabilities of one or more hosts on the network; and
communicating the determined vulnerabilities to an intrusion detection system that is configured to examine network traffic to determine intrusions in the network and correlate the determined vulnerabilities of the hosts with the detected intrusions to identify potentially threatening malicious activity. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
-
Specification