SYSTEMS AND METHODS FOR SELF-TUNING NETWORK INTRUSION DETECTION AND PREVENTION
First Claim
1. A method of mitigating intrusions via a computer network, comprising:
- identifying, by a vulnerability assessment tool, a current vulnerability of a private network;
determining, by the vulnerability assessment tool, a signature of an attack configured to exploit the current vulnerability;
comparing, by a network security device, the signature with active and inactive signatures stored in a signature repository to identify an inactive signature corresponding to the signature of the attack configured to exploit the current vulnerability;
automatically activating, by the network security device responsive to the comparison, the identified inactive signature; and
using, by an intrusion detector, the activated signature to analyze data packets received via the private network to detect an exploits.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and method of the present disclosure are directed to a network security tool. In some embodiments, the tool identifies a current vulnerability of a private network. The tool can determine a signature of an attack configured to exploit the current vulnerability. The tool can comparing the signature with active and inactive signatures stored in a signature repository. The tool can compare the signatures to identify an inactive signature corresponding to the signature of the attack configured to exploit the current vulnerability. The tool can automatically activate, responsive to the comparison, the identified inactive signature. The tool can use the activated signature to identify an exploit based on data packets received via the private network.
-
Citations
20 Claims
-
1. A method of mitigating intrusions via a computer network, comprising:
-
identifying, by a vulnerability assessment tool, a current vulnerability of a private network; determining, by the vulnerability assessment tool, a signature of an attack configured to exploit the current vulnerability; comparing, by a network security device, the signature with active and inactive signatures stored in a signature repository to identify an inactive signature corresponding to the signature of the attack configured to exploit the current vulnerability; automatically activating, by the network security device responsive to the comparison, the identified inactive signature; and using, by an intrusion detector, the activated signature to analyze data packets received via the private network to detect an exploits. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for mitigating intrusions via a computer network, comprising:
-
a vulnerability assessment tool configured to identify a current vulnerability of a private network and determine a signature of an attack configured to exploit the current vulnerability; a network security device configured to; compare the signature with active and inactive signatures stored in a signature repository to identify an inactive signature corresponding to the signature of the attack configured to exploit the current vulnerability; automatically activate, responsive to the comparison, the identified inactive signature; and deactivate, responsive to the comparison, an active signature stored in the signature repository that does not correspond to the signature of the attack configured to exploit the current vulnerability; and an intrusion detector configured to use the activated signature to identify an exploit based on data packets received via the private network. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification