Integrated Network Intrusion Detection
First Claim
Patent Images
1. A method comprising:
- receiving requests for access to network services from an invoked application;
integrating firewall and intrusion detection to check whether the requests violate a network policy, wherein network policies include permissive and restrictive rules to designate each of the received requests as authorized or unauthorized, respectively;
monitoring network communications, for the invoked application, based on the designation of the requests; and
blocking network communications that fail to correspond to an authorized network service request.
1 Assignment
0 Petitions
Accused Products
Abstract
Intrusion preludes may be detected (including detection using fabricated responses to blocked network requests), and particular sources of network communications may be singled out for greater scrutiny, by performing intrusion analysis on packets blocked by a firewall. An integrated intrusion detection system uses an end-node firewall that is dynamically controlled using invoked-application information and a network policy. The system may use various alert levels to trigger heightened monitoring states, alerts sent to a security operation center, and/or logging of network activity for later forensic analysis. The system may monitor network traffic to block traffic that violates the network policy, monitor blocked traffic to detect an intrusion prelude, and monitor traffic from a potential intruder when an intrusion prelude is detected. The system also may track behavior of applications using the network policy to identify abnormal application behavior, and monitor traffic from an abnormally behaving application to identify an intrusion.
-
Citations
12 Claims
-
1. A method comprising:
-
receiving requests for access to network services from an invoked application; integrating firewall and intrusion detection to check whether the requests violate a network policy, wherein network policies include permissive and restrictive rules to designate each of the received requests as authorized or unauthorized, respectively; monitoring network communications, for the invoked application, based on the designation of the requests; and blocking network communications that fail to correspond to an authorized network service request. - View Dependent Claims (2)
-
-
3. A tangible machine-readable medium embodying machine instructions for causing one or more machines to perform operations comprising:
-
receiving requests for access to network services from an invoked application; integrating firewall and intrusion detection to check whether the requests violate a network policy, wherein network policies include permissive and restrictive rules to designate each of the received requests as authorized or unauthorized, respectively; monitoring network communications, for the invoked application, based on the designation of the requests; and blocking network communications that fail to correspond to an authorized network service request. - View Dependent Claims (4)
-
-
5. A system comprising:
-
a processor; a communication interface coupled with the processor; and a tangible machine-readable medium operatively coupled with the processor and embodying machine instructions for causing the processor to perform operations comprising; receiving requests for access to network services from an invoked application; integrating firewall and intrusion detection to check whether the requests violate a network policy, wherein network policies include permissive and restrictive rules to designate each of the received requests as authorized or unauthorized, respectively; monitoring network communications, for the invoked application, based on the designation of the requests; and blocking network communications that fail to correspond to an authorized network service request. - View Dependent Claims (6)
-
-
7. A machine-implemented method comprising:
-
receiving requests for access to network services from an invoked application; integrating firewall and intrusion detection to check whether the requests violate a network policy, wherein network policies include permissive and restrictive rules to designate each of the received requests as authorized or unauthorized, respectively; and monitoring network communications, for the invoked application, based on the designation of the requests; wherein monitoring of the network communications for the invoked application comprises monitoring in an intrusion detection system component invoked with the invoked application. - View Dependent Claims (8, 9)
-
-
10. A tangible machine-readable medium embodying machine instructions for causing one or more machines to perform operations comprising:
-
receiving requests for access to network services from an invoked application; integrating firewall and intrusion detection to check whether the requests violate a network policy, wherein network policies include permissive and restrictive rules to designate each of the received requests as authorized or unauthorized, respectively; and monitoring network communications, for the invoked application, based on the designation of the requests; wherein monitoring of the network communications for the invoked application comprises monitoring in an intrusion detection system component invoked with the invoked application. - View Dependent Claims (11, 12)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeIntel Corporation
-
Original AssigneeIntel Corporation
-
InventorsYadav, Satyendra
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current726/1
-
CPC Class CodesH04L 63/02 for separating internal fro...H04L 63/0218 Distributed architectures, ...H04L 63/0227 Filtering policies mail mes...H04L 63/1408 by monitoring network traff...H04L 63/1416 Event detection, e.g. attac...H04L 63/1425 Traffic logging, e.g. anoma...H04L 63/1441 Countermeasures against mal...H04L 63/145 the attack involving the pr...H04L 63/20 for managing network securi...
