System and method for real-time insertion of data into a multi-dimensional database for network intrusion detection and vulnerability assessment

US 6,282,546 B1
Filed: 06/30/1998
Issued: 08/28/2001
Est. Priority Date: 06/30/1998
Status: Expired due to Term

First Claim

Patent Images

1. A system for real-time insertion of data into a multi-dimensional database, comprising:

a multi-dimensional database;

a user interface operable to access and provide views into the multi-dimensional database, wherein the views comprise any of a slice, a pivot or a zoom view; and

a data insertion engine coupled to and operable to access the multi-dimensional database;

the data insertion engine further operable to receive a real-time data feed provided by a network intrusion detection system, to process the real-time data feed and to insert data into the multi-dimensional database responsive to processing of the real-time data feed.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are disclosed for real-time insertion of data into a multi-dimensional database. The system includes a multi-dimensional database and a user interface operable to access and provide views into the multi-dimensional database. A data insertion engine is coupled to and operable to access the multi-dimensional database. The data insertion engine is further operable to receive and process a real-time data feed and to insert data into the multi-dimensional database responsive to processing of the real-time data feed. In one embodiment, the real-time data feed can represent exploited network vulnerabilities, and the system can be used for network intrusion detection and vulnerability assessment. The method includes receiving a real-time data feed representing detection of an event and processing the event against the multi-dimensional database. Cells associated with the event are identified in the multi-dimensional database and appropriate vectors to the identified cells are created. Data representing the event is then inserted at the identified cells. Visibility to the inserted data is provided through a user interface to the multi-dimensional database. In one embodiment, the event can be an exploited network vulnerability, and the method can be used for intrusion detection and vulnerability assessment.

Citations

25 Claims

1. A system for real-time insertion of data into a multi-dimensional database, comprising:
- a multi-dimensional database;
  
  a user interface operable to access and provide views into the multi-dimensional database, wherein the views comprise any of a slice, a pivot or a zoom view; and
  
  a data insertion engine coupled to and operable to access the multi-dimensional database;
  
  the data insertion engine further operable to receive a real-time data feed provided by a network intrusion detection system, to process the real-time data feed and to insert data into the multi-dimensional database responsive to processing of the real-time data feed.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the real-time data feed represents detection of an event.
  - 3. The system of claim 2, wherein the multi-dimensional database stores data representing a configuration of a network environment.
  - 4. The system of claim 3, wherein the configuration of the network environment includes network vulnerability information.
  - 5. The system of claim 4, wherein the event is an exploited vulnerability within the network environment.
  - 6. The system of claim 5, wherein the user interface is further operable to actively alert a system administrator responsive to the exploited vulnerability.
  - 7. The system of claim 5, wherein dimensions of the multi-dimensional database comprise host address, operating system, ports, and services.
  - 8. The system of claim 7, wherein the dimensions further comprise confirmed vulnerabilities, potential vulnerabilities and exploited vulnerabilities.
  - 9. The system of claim 1, wherein the user interface is further operable to provide views that comprise drill down views.

10. A method for real-time insertion of data into a multi-dimensional database, comprising:
- receiving a real-time data feed representing detection of an event, the real-time data feed being provided by a network intrusion detection system;
  
  processing the event against the multi-dimensional database;
  
  identifying cells in the multi-dimensional database that are associated with the event;
  
  creating appropriate vectors to the identified cells;
  
  inserting data representing the event at the identified cells; and
  
  providing visibility to the inserted data through a user interface, wherein providing visibility includes providing views that comprise any of a slice, a pivot or a zoom view.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10, wherein the multi-dimensional database stores data representing a configuration of a network environment.
  - 12. The method of claim 11, wherein the configuration of the network environment includes network vulnerability information.
  - 13. The method of claim 12, wherein the event is an exploited vulnerability within the network environment.
  - 14. The method of claim 13, further comprising actively alerting a system administrator responsive to the exploited vulnerability.
  - 15. The method of claim 14, wherein dimensions of the multi-dimensional database comprise host address, operating system, ports, and services.
  - 16. The method of claim 15, wherein the dimensions further comprise confirmed vulnerabilities, potential vulnerabilities and exploited vulnerabilities.
  - 17. The method of claim 10, wherein the views further comprise drill down views.

18. A system for real-time insertion of data into a multi-dimensional database, comprising:
- a storage device;
  
  an application stored on the storage device, the application operable to;
  
  receive a real-time data feed representing detection of an event, the real-time data feed being provided by a network intrusion detection system;
  
  process the event against the multi-dimensional database;
  
  identify cells in the multi-dimensional database that are associated with the event;
  
  create appropriate vectors to the identified cells;
  
  insert data representing the event at the identified cells; and
  
  provide visibility to the inserted data through a user interface, wherein providing visibility includes providing views that comprise any of a slice, a pivot or a zoom view.
- View Dependent Claims (19, 20, 21)
- - 19. The system of claim 18, wherein the event is an exploited vulnerability within the network environment.
  - 20. The system of claim 18, wherein dimensions of the multi-dimensional database comprise host address, operating system, ports, and services.
  - 21. The system of claim 20, wherein the dimensions further comprise confirmed vulnerabilities, potential vulnerabilities and exploited vulnerabilities.

22. A system for real-time insertion of data into a multi-dimensional database, comprising:
- means for receiving a real-time data feed representing detection of an event, the real-time data feed being provided by a network intrusion detection system;
  
  means for processing the event against the multi-dimensional database;
  
  means for identifying cells in the multi-dimensional database that are associated with the event;
  
  means for creating appropriate vectors to the identified cells;
  
  means for inserting data representing the event at the identified cells; and
  
  means for providing visibility to the inserted data through a user interface, wherein providing visibility includes providing views that comprise any of a slice, a pivot or a zoom view.
- View Dependent Claims (23, 24, 25)
- - 23. The system of claim 22, wherein the event is an exploited vulnerability within the network environment.
  - 24. The system of claim 22, wherein dimensions of the multi-dimensional database comprise host address, operating system, ports, and services.
  - 25. The system of claim 24, wherein the dimensions further comprise confirmed vulnerabilities, potential vulnerabilities and exploited vulnerabilities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Gleichauf, Robert, Shanklin, Steven
Primary Examiner(s)
Von Buhr, Maria N.

Application Number

US09/107,790
Time in Patent Office

1,155 Days
Field of Search

707/4, 707/6, 707/10, 707/102, 707/104, 345/355-357, 709/318, 713/200-202
US Class Current

726/25
CPC Class Codes

G06F 16/24568   Data stream processing; Con...

G06F 16/283   Multi-dimensional databases...

G06F 21/604   Tools and structures for ma...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

Y10S 707/957   Multidimensional

Y10S 707/959   Network

Y10S 707/99936   Pattern matching access

Y10S 707/99943   Generating database or data...

System and method for real-time insertion of data into a multi-dimensional database for network intrusion detection and vulnerability assessment

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for real-time insertion of data into a multi-dimensional database for network intrusion detection and vulnerability assessment

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links