Network surveillance system
First Claim
1. A Network Surveillance System, connected into a data network for transmission of selectively addressed data to respective data processors connected into the data network, said data processors having respective addresses corresponding to the selectively addressed data for selective receipt of the data and processing of the data by said respective data processors comprising:
- (a) a network observation means connected into said data network for receiving all of said selectively addressed data transmitted by said data network to said respective data processors;
(b) said network observation means including intrusion detection means connected to said network observation means for examining said received data for an attempted intrusion into said network;
(c) said intrusion detection means including means for providing an event indication, in response to said examining means detecting an attempted intrusion;
(d) alert/notification means responsive to said event indication for providing a message alert of said attempted intrusion;
(e) evidence logging means responsive to said event indication for making a record of said attempted intrusion;
(f) incident analyzing and reporting means responsive to said event indication for providing an identifying indication of said attempted intrusion.
8 Assignments
0 Petitions
Accused Products
Abstract
This is a system and method for network surveillance and detection of attempted intrusions, or intrusions, into the network and into computers connected to the network. The System functions are: (A) intrusion detection monitoring, (B) real-time alert, (C) logging of potential unauthorized activity, and (D) incident progress analysis and reporting. Upon detection of any attempts to intrude, the System will initiate a log of all activity between the computer elements involved and send an alert to a monitoring console. When a log is initiated, the network continues to be monitored by a primary surveillance system. A secondary monitoring process is started which interrogates the activity log in real-time and sends additional alerts reporting the progress of the suspected intruder.
874 Citations
34 Claims
-
1. A Network Surveillance System, connected into a data network for transmission of selectively addressed data to respective data processors connected into the data network, said data processors having respective addresses corresponding to the selectively addressed data for selective receipt of the data and processing of the data by said respective data processors comprising:
-
(a) a network observation means connected into said data network for receiving all of said selectively addressed data transmitted by said data network to said respective data processors; (b) said network observation means including intrusion detection means connected to said network observation means for examining said received data for an attempted intrusion into said network; (c) said intrusion detection means including means for providing an event indication, in response to said examining means detecting an attempted intrusion; (d) alert/notification means responsive to said event indication for providing a message alert of said attempted intrusion; (e) evidence logging means responsive to said event indication for making a record of said attempted intrusion; (f) incident analyzing and reporting means responsive to said event indication for providing an identifying indication of said attempted intrusion.
-
-
2. A Network Surveillance System, connected into a data network for transmission of selectively addressed data to respective data processors connected into the data network, said data processors having respective addresses corresponding to the selectively addressed data for selective receipt of the data and processing of the data by said respective data processors comprising:
-
(a) intrusion detection means connected into the data network for receiving all of said data transmitted through the network and for examining said received data for an attempted intrusion into said network and, responsive to detecting an attempted intrusion, providing an event indication; and (b) incident analyzing and reporting means including identifying means responsive to a said event indication, for providing an identifying indication of said attempted intrusion. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. In a data processing network system having data processors connected to a network for transmitting or receiving data over said network, a network surveillance system for detecting attempted intrusions into the network or into any of the data processors on the network comprising:
-
a. intrusion detection means connected into a data network for receiving all data transmitted through said network to said data processors and providing an event indication of an attempted intrusion from a data processor; b. incident analyzing and reporting means for receiving said event indication, and for providing an identifying indication of said data processor, and c. means, responsive to said identifying indication for identifying subsequent attempted intrusions by said data processor. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A method for network surveillance of a data network transmitting selectively addressed data to respective data processors connected into the data network and with said data processors having respective addresses corresponding to the selectively addressed data for selective receipt of the data and processing of the data by said respective data processors, comprising the steps of:
-
(a) network observation of all of said selectively addressed data transmitted by said data network to said respective data processors; (b) examination of all of said selectively addressed data for detecting an attempted intrusion into said network and, responsive to an attempted intrusion, producing an event indication of an attempted intrusion into said network; (c) responsive to said step of providing an event indication, the step of alert/notification for providing a message alert of said attempted intrusion; (d) responsive to said step of providing an event indication, the step of evidence logging for making a record of said event indication; (f) responsive to said step of providing an event indication the step of incident analyzing and reporting, for providing an identifying indication of said event.
-
-
18. A method for network surveillance of a data network for transmitting selectively addressed data to respective data processors connected into the data network, said data processors having respective addresses corresponding to the selectively addressed data for selective receipt of the data and processing of the data by said respective data processors, comprising the steps of:
-
(a) receiving all of said selectively addressed data transmitted by said data network to said respective data processors; (b) examining said all of said selectively addressed data for an attempted intrusion into said network and, responsive to an attempted intrusion, providing an event indication of an attempted intrusion into said network; and (c) incident analyzing and reporting said attempted intrusion, responsive to said event indication. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A method for network surveillance of a data network for transmitting selectively addressed data to respective data processors connected into the data network, said data processors having respective addresses corresponding to the selectively addressed data for selective receipt of the data and processing of the data by said respective data processors comprising the steps of:
-
(a) receiving all data transmitted through said data network to said data processors connected into said data network; (b) examining all said data transmitted through said data network for an attempted intrusion; (c) providing an event indication of said attempted intrusion from a source data processor; (d) incident analyzing and reporting responsive to a said step of event indication, for providing an identifying indication of said source data processor; and (e) responsive to said step identifying said source data processor, the step of identifying subsequent attempted intrusions from said source data processor. - View Dependent Claims (29, 30, 31, 32)
-
-
33. A Network Surveillance System, connected into a data network for transmission of selectively addressed data to respective data processors connected into the data network said data processors having respective addresses corresponding to the selectively addressed data for selective receipt of the data and processing of the data by said respective data processors, comprising:
-
(a) intrusion detection means connected into a data network for receiving all data transmitted through said data network to data processors connected to said data network; (b) said intrusion detection means including means for examining said data for an attempted intrusion and for providing an event indication of said attempted intrusion; (c) incident analyzing and reporting means including identifying means responsive to a said event indication, for providing an identifying indication of said attempted intrusion; (d) and wherein said identifying indication is provided without transmitting any data indicative of the identity of said Network Surveillance System, to said data network.
-
-
34. A method for network surveillance of a data network for transmitting selectively addressed data to respective data processors connected into the data network, said data processors having respective addresses corresponding to the selectively addressed data for selective receipt of the data and processing of the data by said respective data processors comprising the steps of:
-
(a) intrusion detection for examining said received data for an attempted intrusion into said network and, responsive to an attempted intrusion, providing an event indication of an attempted intrusion into said network; (b) incident analyzing for providing an identifying indication of said event responsive to said step of event indication; (c) and wherein said step of providing an identifying indication provides said identifying indication without transmitting any identifying data of the Network Surveillance System.
-
Specification