Method and apparatus for maintaining security in a packetized data communications network
First Claim
1. A method for use in securing a packetized data communications network against invalid transmissions, said packetized data communications network including a plurality of user nodes, and an asynchronous portion wherein signals are communicated in data packets, said method comprising the steps of:
- maintaining a user profile for at least a selected one of said plurality of user nodes, said user profile including profile information regarding network use for said selected one of said plurality of user nodes;
monitoring the transmission of said data packets in said asynchronous portion of said packetized data communications network to identify a deviation from said user profile;
analyzing said deviation from said user profile including the step of emulating signaling protocols of said packetized data communications network so as to allow for investigation of said selected one of said plurality of user nodes free from establishment of a communication link between said packetized data communications network and said selected one of said plurality of user nodes; and
controlling use of said packetized data communications network in response to said step of analyzing.
1 Assignment
0 Petitions
Accused Products
Abstract
Invalid transmissions in an ATM network (200) are identified by maintaining a user profile (304) relating to network use for each participating node of the network (200) and detecting potentially invalid transmissions based on a deviation (312) from the user profile. In a preferred embodiment, the user profile is continuously updated by monitoring transmissions within the ATM network (200), taking advantage of information included in defined fields of the transmitted ATM cells. When a detected deviation exceeds a predetermined threshold (314), the source node of the transmission is investigated to verify the identity of the source node user. The investigation is accomplished prior to establishing a security link between the source node and a secured node (202), thereby increasing availability of the secured node (202) for use by authorized network users.
82 Citations
28 Claims
-
1. A method for use in securing a packetized data communications network against invalid transmissions, said packetized data communications network including a plurality of user nodes, and an asynchronous portion wherein signals are communicated in data packets, said method comprising the steps of:
-
maintaining a user profile for at least a selected one of said plurality of user nodes, said user profile including profile information regarding network use for said selected one of said plurality of user nodes; monitoring the transmission of said data packets in said asynchronous portion of said packetized data communications network to identify a deviation from said user profile; analyzing said deviation from said user profile including the step of emulating signaling protocols of said packetized data communications network so as to allow for investigation of said selected one of said plurality of user nodes free from establishment of a communication link between said packetized data communications network and said selected one of said plurality of user nodes; and controlling use of said packetized data communications network in response to said step of analyzing. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16)
-
-
13. A method for use in securing a packetized data communications network against invalid transmissions, said packetized data communications network including a plurality of user nodes, and an asynchronous portion wherein signals are communicated in data packets, said method comprising the steps of:
-
maintaining a user profile for at least a selected one of said plurality of user nodes, said user profile including profile information regarding network use for said selected one of said plurality of user nodes; monitoring the transmission of said data packets in said asynchronous portion of said packetized data communications network to identify a deviation from said user profile; analyzing said deviation from said user profile; and controlling use of said packetized data communications network in response to said step of analyzing wherein said deviation is identified with respect to an attempted communication from a source node user to a secured node user, and said step of analyzing comprises investigating said source node user to verify that said source node user is authorized to access said secured node user and wherein said step of analyzing comprises emulating signaling protocols for said secured node user so as to allow for investigation of said source node user free from establishment of a communication link between said source node user and said secured node user.
-
-
17. A method for use in securing a packetized data communications network against invalid transmissions, said packetized data communications network including a plurality of user nodes, and an asynchronous portion wherein signals are communicated in data packets, said method comprising the steps of:
-
interposing a security device between a switch and a secured node of said packetized data communications network; using said security device to receive a transmission of at least one data packet from a source node across said asynchronous portion of said packetized data communications network to a secured node of said network; establishing a communication link between said source node and said security device by emulating signaling protocols of said secured node; and using said communication link between said source node and said security device to verify an identity of a user at said source node. - View Dependent Claims (18, 19, 20, 21)
-
-
22. A method for use in securing a packetized data communications network against invalid transmissions, said packetized data communications network including a plurality of user nodes, and an asynchronous portion wherein signals are communicated in data packets, said method comprising the steps of:
-
maintaining a user profile for each participating node of said packetized data communications network, said user profile including profile information regarding network use for each said participating node; monitoring transmissions in said network to identify a deviating transmission from a participating source node that deviates from said user profile; comparing said deviating transmission to a deviation threshold; establishing communications to said participating source node before a communications link between said packetized data communications network and said participating source node is made; selectively investigating said participating source node responsive to said step of establishing; and controlling network use by said participating source node responsive to said step of investigating. - View Dependent Claims (23, 24)
-
-
25. A method for use in securing a packetized data communications network against invalid transmissions, said packetized data communications network including a plurality of user nodes and an asynchronous portion wherein signals are communicated in data packets, said method comprising the steps of:
-
monitoring the transmission of data packets in said asynchronous portion of said data communications network; based on said step of monitoring, identifying successive transmissions from one of said plurality of user nodes; analyzing said successive transmissions to detect activity indicative of potentially invalid use of said packetized data communications network; emulating signal protocols of said packetized data communications network; sending said emulated signal protocols to said one of said plurality of nodes to verify an identity of a user at said one of said plurality of nodes; and controlling use of said packetized data communications network in response to said step of verifying. - View Dependent Claims (26)
-
-
27. A sentinel apparatus for use in detecting deviations from an expected transmission based on an input data stream from a source node in an asynchronous transfer mode (ATM) communications network, comprising:
-
a programmable trigger matrix, operably coupled to receive the input data stream; a neural network, operably coupled to the programmable trigger matrix via a command bus; a heuristic engine, operably coupled to the programmable trigger matrix via the command bus, and operably coupled to the neural network via a feedback network, wherein the heuristic engine provides a deviation threshold; and a memory module, operably coupled to the programmable trigger matrix via the command bus, and operably coupled to the neural network via a data bus, wherein the memory module stores user profiles and maintains transmission records from the source node wherein said neural network establishes a communications link to said source node by emulating signal protocols of said ATM communications network and wherein said communications link is used to verify an identity of a user of said source node. - View Dependent Claims (28)
-
Specification