MONITORING APPARATUS AND METHOD THEREFOR
First Claim
1. A monitoring apparatus for detection of a malicious attack in a communications network, the apparatus comprising:
- a pattern matching engine arranged to receive a bit stream and identify a characteristic of a malicious attack from at least one datagram represented by at least part of the bit stream;
a data store operably coupled to the pattern matching engine, the data store being arranged to retain identification data to enable the pattern matching engine to identify the characteristic of the malicious attack; and
an alert generator arranged to generate an alert in response to an identification of the characteristic of the malicious attack;
whereinthe data store is remotely updatable.
2 Assignments
0 Petitions
Accused Products
Abstract
A monitoring apparatus for detection of a malicious attack in a communications network comprises a pattern matching engine (406), a data store (408) and an alert generator (410, 412). The pattern matching engine (406) is arranged to receive a bit stream and identify a characteristic of a malicious attack from at least one datagram represented by at least part of the bit stream. The data store (408) is operably coupled to the pattern matching engine and the data store (408) is arranged to retain identification data to enable the pattern matching engine to identify the characteristic of the malicious attack. The alert generator (410, 412) is arranged to generate an alert in response to an identification of the characteristic of the malicious attack. The data store (408) is remotely updatable.
-
Citations
31 Claims
-
1. A monitoring apparatus for detection of a malicious attack in a communications network, the apparatus comprising:
-
a pattern matching engine arranged to receive a bit stream and identify a characteristic of a malicious attack from at least one datagram represented by at least part of the bit stream; a data store operably coupled to the pattern matching engine, the data store being arranged to retain identification data to enable the pattern matching engine to identify the characteristic of the malicious attack; and an alert generator arranged to generate an alert in response to an identification of the characteristic of the malicious attack;
whereinthe data store is remotely updatable. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of detecting a malicious attack in a communications network, the method comprising:
-
receiving a bit stream; identifying a characteristic of a malicious attack from at least one datagram represented by at least part of the bit stream; accessing identification data stored by a data store to enable identification of the characteristic of the malicious attack; and generating an alert in response to an identification of the characteristic of the malicious attack; and recognising a received datagram containing replacement identification data indicative of a need to update the data store. - View Dependent Claims (28)
-
-
13. A monitoring apparatus for detection of a malicious attack in a communications network, the apparatus comprising:
-
a pattern matching engine arranged to receive a bit stream and identify a characteristic of a malicious attack from at least one datagram represented by at least part of the bit stream; an alert generator arranged to generate an alert in response to an identification of the characteristic of the malicious attack; and an alert processing entity operably coupled to the alert generator, the alert processing entity being arranged to receive the alert constituting alert information and limit communication of the alert information for receipt by an alert information collection unit. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 30, 31)
-
-
27. A method of detecting a malicious attack in a communications network, the method comprising:
-
receiving a bit stream; identifying a characteristic of a malicious attack from at least one datagram represented by at least part of the bit stream; generating an alert in response to an identification of the characteristic of the malicious attack; recognising a received datagram containing replacement identification data indicative of a need to update the data store; and processing the alert constituting alert information and limiting communication of the alert information for receipt by an alert information collection unit. - View Dependent Claims (29)
-
Specification