ATTACK DEFENDING SYSTEM AND ATTACK DEFENDING METHOD
First Claim
Patent Images
1. A decoy device in an attack defending system comprising:
- an event memory for temporarily storing events related to at least network input/output, file input/output, and process creation/termination while executing a server process; and
an event manager for analyzing cause-effect relations of the events stored in the event memory to form links among the events.
1 Assignment
0 Petitions
Accused Products
Abstract
An attack defending system allows effective defense against attacks from external networks even when a communication system uses a communication path encryption technique such as SSL. A firewall device and a decoy device are provided. The firewall device refers to the header of an input IP packet and, when it is determined that the input IP packet is suspicious, it is guided into the decoy device. The decoy device monitors a process providing a service to detect the presence or absence of attacks. When an attack has been detected, an alert including the attack-source IP address is sent to the firewall device so as to reject subsequent packets from attack source.
49 Citations
7 Claims
-
1. A decoy device in an attack defending system comprising:
-
an event memory for temporarily storing events related to at least network input/output, file input/output, and process creation/termination while executing a server process; and an event manager for analyzing cause-effect relations of the events stored in the event memory to form links among the events.
-
-
2. An attack detecting method in an attack defending system, comprising:
-
temporarily storing events related to at least network input/output, file input/output, and process creation/termination while executing a server process; and analyzing cause-effect relations of the events stored in the event memory to form links among the events.
-
-
3. A program for implementing an attack detecting system on a computer, the program comprising:
-
temporarily storing events related to at least network input/output, file input/output, and process creation/termination while executing a server process; and analyzing cause-effect relations of the events stored in the event memory to form links among the events.
-
-
4. A program for implementing an attack detecting system on a computer, the program comprising:
-
temporarily storing events related to at least network input/output, file input/output, and process creation/termination while executing a server process; analyzing cause-effect relations of the events stored in the event memory to form links among the events; and comparing the events with a rule having domain constraint and type constraint added thereto.
-
-
5. An attack defending system provided at an interface between an internal network and an external network, comprising:
-
a firewall device; and at least one attack detecting system provided in at least one of the internal network and the external network, wherein the firewall device comprises an alert transformation section, which receives an attack detection alert from the at least one attack detecting system and transforms it to an alert including at least an attack-source IP address and an attack-target IP address.
-
-
6. An attack defending method in an attack defending system provided at an interface between an internal network and an external network, comprising:
-
preparing at least one attack detecting system provided in at least one of the internal network and the external network; and when an attack detection alert is received from the at least one attack detecting system, transforming it to an alert including at least an attack-source IP address and an attack-target IP address.
-
-
7. A program for implementing an attack detecting system on a computer, wherein the attack detecting system is provided at an interface between an internal network and an external network, the program comprising:
-
receiving an attack detection alert from at least one attack detecting system provided in at least one of the internal network and the external network; and transforming the attack detection alert to an alert including at least an attack-source IP address and an attack-target IP address.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeNEC Corporation
-
Original AssigneeNEC Corporation
-
InventorsNAKAE, Masayuki, YAMAGATA, Masaya
-
Application NumberUS11/782,809Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current726/22CPC Class CodesH04L 63/0227 Filtering policies mail mes...H04L 63/0263 Rule managementH04L 63/101 Access control lists [ACL]H04L 63/1408 by monitoring network traff...H04L 63/1491 using deception as counterm...H04L 63/20 for managing network securi...
