METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR MEASURING DETECTION ACCURACY OF A SECURITY DEVICE USING BENIGN TRAFFIC

US 20130312094A1
Filed: 05/15/2012
Published: 11/21/2013
Est. Priority Date: 05/15/2012
Status: Active Grant

First Claim

Patent Images

1. A method for measuring detection accuracy of a security device using benign traffic, the method comprising:

at an Internet protocol (IP) traffic simulator having a first communications interface and a second communications interface;

sending, by the first communications interface, a plurality of benign data packets to a security device, wherein the plurality of benign data packets is engineered to be similar to one or more malicious data packets;

receiving, by the second communications interface, zero or more of the plurality of benign data packets via the security device; and

determining, using statistics associated with the plurality of benign data packets, a detection accuracy metric associated with the security device.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer readable media for measuring detection accuracy of a security device using benign traffic are disclosed. According to one method, the method occurs at an Internet protocol (IP) traffic simulator having a first communications interface and a second communications interface. The method includes sending, by the first communications interface, a plurality of benign data packets to a security device, wherein the plurality of benign data packets is engineered to be similar to one or more malicious data packets. The method also includes receiving, by the second communications interface, zero or more of the plurality of benign data packets via the security device. The method further includes determining, using statistics associated with the plurality of benign data packets, a detection accuracy metric associated with the security device.

Citations

24 Claims

1. A method for measuring detection accuracy of a security device using benign traffic, the method comprising:
- at an Internet protocol (IP) traffic simulator having a first communications interface and a second communications interface;
  
  sending, by the first communications interface, a plurality of benign data packets to a security device, wherein the plurality of benign data packets is engineered to be similar to one or more malicious data packets;
  
  receiving, by the second communications interface, zero or more of the plurality of benign data packets via the security device; and
  
  determining, using statistics associated with the plurality of benign data packets, a detection accuracy metric associated with the security device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein the security device is an intrusion prevention system or a data leakage prevention system.
  - 3. The method of claim 1 wherein the benign data packets contain non-confidential information and the one or more malicious data packets contain confidential information.
  - 4. The method of claim 1 wherein the one or more malicious data packets include data for triggering a vulnerability in a target system.
  - 5. The method of claim 1 wherein the statistics associated with the plurality of benign data packets includes one or more packet counters for determining a number of benign data packets sent to the security device, received via the security device, or blocked by the security device.
  - 6. The method of claim 1 wherein determining the detection accuracy metric includes dividing a number of benign data packets returned to the IP traffic simulator via the security device by a number of benign data packets sent by the IP traffic simulator to the security device.
  - 7. The method of claim 1 wherein the detection accuracy metric comprises one of an integer, a percentage, a probability, a code, a color, a value, or a range of values.
  - 8. The method of claim 1 wherein the plurality of benign data packets is provided by a security analysis entity.
  - 9. The method of claim 1 wherein each of the plurality of benign data packets is engineered to have distinct characteristics.
  - 10. The method of claim 6 comprising identifying, using the distinct characteristics associated with the plurality of benign data packets, a portion of a first packet of the plurality of benign data packets that causes the security device to block the first packet.
  - 11. The method of claim 1 wherein the first communications interface is associated with a first IP address and the second communications interface is associated with a second IP address.

12. A system for measuring detection accuracy of a security device using benign traffic, the system comprising:
- an Internet protocol (IP) traffic simulator, the IP traffic simulator comprising;
  
  a first communications interface configured to send a plurality of benign data packets to a security device, wherein the plurality of benign data packets is engineered to be similar to one or more malicious data packets;
  
  a second communications interface configured to receive zero or more of the plurality of benign data packets via the security device; and
  
  a detection accuracy module (DAM) configured to determine, using statistics associated with the plurality of benign data packets, a detection accuracy metric associated with the security device.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 13. The system of claim 12 wherein the security device is an intrusion prevention system or a data leakage prevention system.
  - 14. The system of claim 12 wherein the benign data packets contain non-confidential information and the one or more malicious data packets contain confidential information.
  - 15. The system of claim 12 wherein the one or more malicious data packets include data for triggering a vulnerability in a target system.
  - 16. The system of claim 12 wherein the statistics associated with the plurality of benign data packets includes one or more packet counters for determining a number of benign data packets sent to the security device, received via the security device, or blocked by the security device.
  - 17. The system of claim 12 wherein the DAM is configured to determine the detection accuracy metric by dividing a number of benign data packets returned to the IP traffic simulator via the security device by a number of benign data packets sent by the IP traffic simulator to the security device.
  - 18. The system of claim 12 wherein the detection accuracy metric comprises one of an integer, a percentage, a probability, a code, a color, a value, or a range of values.
  - 19. The system of claim 12 wherein the plurality of benign data packets is provided by a security analysis entity.
  - 20. The system of claim 12 wherein the plurality of benign data packets is stored in a database.
  - 21. The system of claim 12 wherein each of the plurality of benign data packets is engineered to have distinct characteristics.
  - 22. The system of claim 21 comprising the DAM is configured to identify, using the distinct characteristics associated with the plurality of benign data packets, a portion of a first packet of the plurality of benign data packets that causes the security device to block the first packet.
  - 23. The system of claim 12 wherein the first communications interface is associated with a first IP address and the second communications interface is associated with a second IP address.

24. A non-transitory computer readable medium comprising computer executable instructions embodied in a computer readable medium that when executed by a processor of a computer control the computer to perform steps comprising:
- at an Internet protocol (IP) traffic simulator having a first communications interface and a second communications interface;
  
  sending, by the first communications interface, a plurality of benign data packets to a security device, wherein the plurality of benign data packets is engineered to be similar to one or more malicious data packets;
  
  receiving, by the second communications interface, zero or more of the plurality of benign data packets via the security device; and
  
  determining, using statistics associated with the plurality of benign data packets, a detection accuracy metric associated with the security device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Keysight Technologies Singapore Sales Pte Ltd (Keysight Technologies, Inc.)
Original Assignee
Ixia (Keysight Technologies, Inc.)
Inventors
Zecheru, George

Granted Patent

US 9,117,084 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR MEASURING DETECTION ACCURACY OF A SECURITY DEVICE USING BENIGN TRAFFIC

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR MEASURING DETECTION ACCURACY OF A SECURITY DEVICE USING BENIGN TRAFFIC

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links