Intrusion detection system and method having dynamically loaded signatures
First Claim
1. An intrusion detection system for detecting unauthorized use of a network, the system comprising:
- an analysis object for identifying a signature in network data, the signature associated with an attack on a network vulnerability;
an intrusion detection analysis engine interfaced with the network to accept network data, and interfaced with the analysis object, the intrusion detection analysis engine operable to instanciate the analysis object with network data and to use the instance of the analysis object to detect an attack on the network; and
an application programming interface operable to dynamically interface a new analysis object with the intrusion detection analysis engine on a runtime basis, wherein the new analysis object comprises an identification of a signature in network data associated with an attack on a new network vulnerability.
1 Assignment
0 Petitions
Accused Products
Abstract
An intrusion detection system and method for detecting unauthorized or malicious use of network resources includes an intrusion detection analysis engine that instanciates one or more analysis objects to detect signatures associated with attacks on network vulnerabilities. As new network vulnerabilities are identified, new analysis objects can be dynamically interfaced on a runtime basis with the intrusion detection analysis engine to detect signatures associated with the new network vulnerabilities. A signature application programming interface supports communication between the intrusion detection analysis engine and the analysis objects. When the instance of an analysis object indicates that an associated signature exists in network data, the intrusion detection analysis engine can provide an alarm.
189 Citations
21 Claims
-
1. An intrusion detection system for detecting unauthorized use of a network, the system comprising:
-
an analysis object for identifying a signature in network data, the signature associated with an attack on a network vulnerability;
an intrusion detection analysis engine interfaced with the network to accept network data, and interfaced with the analysis object, the intrusion detection analysis engine operable to instanciate the analysis object with network data and to use the instance of the analysis object to detect an attack on the network; and
an application programming interface operable to dynamically interface a new analysis object with the intrusion detection analysis engine on a runtime basis, wherein the new analysis object comprises an identification of a signature in network data associated with an attack on a new network vulnerability. - View Dependent Claims (2, 3)
-
-
4. A method for detecting an attack on a network, the method comprising the steps of:
-
providing network data to an intrusion detection analysis engine;
instanciating an analysis object with the network data;
pre-compiling the analysis object;
dynamically interfacing the analysis object with the intrusion detection analysis engine on a runtime basis; and
detecting an attack on the network with the instance of the analysis object. - View Dependent Claims (5, 6, 7)
determining a new network vulnerability;
creating a new analysis object for detecting a signature associated with the new network vulnerability; and
dynamically interfacing the new analysis object with the intrusion detection analysis engine.
-
-
8. A method for detecting unauthorized use of a network, the method comprising the steps of:
-
determining a signature associated with an attack on a network vulnerability;
creating an analysis object, the analysis object for analyzing network data to detect the signature;
dynamically providing the analysis object to an intrusion detection system through an application programming interface; and
detecting an attack on the network vulnerability with the intrusion detection system using the analysis object to detect the signature. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method for detecting an attack on a network comprising the steps of:
-
collecting network data;
providing the network data to an intrusion detection system;
dynamically interfacing the intrusion detection system with an analysis object using an application programming interface; and
detecting an attack on the network with the intrusion detection system and the analysis object. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
determining a network vulnerability;
creating a new analysis object for detecting an attack on the new network vulnerability;
using the application programming interface to dynamically interface the new analysis object with the intrusion detection system; and
detecting an attack on the new network vulnerability with the intrusion detection system and the new analysis object.
-
-
21. The method of claim 14 wherein using the application programming interface step further comprises the steps of:
-
precompiling the new analysis object into binary code; and
dynamically interfacing the new analysis object with the intrusion detection system at runtime.
-
Specification