System and Method for Analyzing Unauthorized Intrusion Into a Computer Network
First Claim
Patent Images
1. A method for analyzing unauthorized intrusion into a computer network, the method comprising:
- allowing access to a virtualized operating system running on a hypervisor operating system hosted on a network device;
using an introspection module comprising a virtual-machine-based rootkit module and its associated userland processes running on the hypervisor operating system to intercept a network attack on the virtualized operating system, wherein the network attack includes attack-identifying information;
generating forensic data on the network attack from the attack-identifying information, where the forensic data is based on all activity associated with the operating system;
generating an attack signature from the forensic data; and
providing the attack signature to an intrusion prevention system configured to control access to a protected network using the attack signature to identify subsequent attacks.
6 Assignments
0 Petitions
Accused Products
Abstract
The method analyzes unauthorized intrusion into a computer network. Access is allowed to a virtualized operating system running on a hypervisor operating system hosted on a network device. A network attack is intercepted on the virtualized operating system using an introspection module with a virtual-machine-based rootkit module and its associated userland processes running on the hypervisor operating system. The network attack includes attack-identifying information. Forensic data is generated on the network attack from the attack-identifying information.
-
Citations
1 Claim
-
1. A method for analyzing unauthorized intrusion into a computer network, the method comprising:
-
allowing access to a virtualized operating system running on a hypervisor operating system hosted on a network device; using an introspection module comprising a virtual-machine-based rootkit module and its associated userland processes running on the hypervisor operating system to intercept a network attack on the virtualized operating system, wherein the network attack includes attack-identifying information; generating forensic data on the network attack from the attack-identifying information, where the forensic data is based on all activity associated with the operating system; generating an attack signature from the forensic data; and providing the attack signature to an intrusion prevention system configured to control access to a protected network using the attack signature to identify subsequent attacks.
-
Specification