System to enable detecting attacks within encrypted traffic
First Claim
Patent Images
1. A system for detecting network attacks within encrypted network traffic received by a protected network comprising:
- a sensor module configured to receive and analyze network traffic for attacks; and
a security module configured to decrypt encrypted network traffic, and send decrypted traffic to the sensor module.
15 Assignments
0 Petitions
Accused Products
Abstract
A system and method for detecting network attacks within encrypted network traffic received by a protected network includes a decryption module and an adaptor module. This system and method can be inserted and used with multiple types of operating systems.
-
Citations
20 Claims
-
1. A system for detecting network attacks within encrypted network traffic received by a protected network comprising:
-
a sensor module configured to receive and analyze network traffic for attacks; and
a security module configured to decrypt encrypted network traffic, and send decrypted traffic to the sensor module. - View Dependent Claims (2)
-
-
3. A system, for use with a sensor module, for identifying network attacks within packets received by a protected network comprising:
-
a decryption module configured to received encrypted packets, decrypt the encrypted packets, and transmit the encrypted packets; and
an adaptor module configured to route packets from the protected network to the sensor module, route encrypted packets from the protected network to the decryption module, receive the decrypted packets from the decryption module, and route the decrypted packets to the sensor module. - View Dependent Claims (4)
-
-
5. A security module to provide an interface with a protected network for use with a sensor module which can analyze network traffic comprising:
-
a decryption module configured to receive encrypted network traffic, decrypt the encrypted network traffic, and transmit the decrypted network traffic;
a sensor module configured to analyze network traffic; and
an adaptor module configured to route network traffic from the protected network to the sensor module, route encrypted network traffic from the protected network to the decryption module, receive the decrypted network traffic from the decryption module, and route decrypted network traffic to a sensor module. - View Dependent Claims (6, 7, 8, 9, 10, 11)
-
-
12. An intrusion detection system for detecting network attacks within encrypted network traffic received by a protected network, comprising:
-
a physical network interface card (NIC) configured to receive network traffic from the protected network;
a decryption module configured to receive encrypted network traffic, decrypt the encrypted network traffic, and transmit the decrypted network traffic;
a sensor module configured to receive network traffic and analyze network traffic for potential attacks; and
a virtual NIC configured to receive network traffic from the physical NIC, route encrypted network traffic from the physical NIC to the decryption module, receive the decrypted network traffic from the decryption module, and route decrypted network traffic to the sensor module. - View Dependent Claims (13, 14)
-
-
15. A enhanced intrusion detection system for detecting network attacks within encrypted network traffic received by a protected network, comprising:
-
a NIC configured to receive all network traffic from the protected network;
a decryption module configured to receive encrypted network traffic, decrypt the encrypted network traffic, and transmit the decrypted network traffic;
a sensor module configured to receive network traffic and analyze network traffic for potential attacks; and
a bonding module configured to receive network traffic from the NIC, pass encrypted traffic from the NIC to the decryption module, receive the decrypted network traffic from the decryption module, merge network traffic from the NIC and the decryption module into a single stream of traffic, bond decrypted traffic with non-encrypted traffic, and route decrypted network traffic to the sensor module. - View Dependent Claims (16, 17)
-
-
18. A method, for use with a sensor module and security module, for identifying network attacks within encrypted packets received by a protected network comprising the steps of:
-
routing encrypted packets from the protected network to the security module, decrypting the encrypted packets, receiving the decrypted packets from the security module and routing packets from the protected network to the sensor module, and routing decrypted packets to the sensor module. - View Dependent Claims (19)
-
-
20. A method for decrypting and processing network traffic for a sensor module, to protect a network from attacks, comprising the steps of:
-
receiving network traffic, decrypting encrypted network traffic, routing decrypted network traffic to a sensor, routing non-encrypted network traffic to a sensor, and routing encrypted network traffic to a sensor.
-
Specification