Interoperability of vulnerability and intrusion detection systems
First Claim
Patent Images
1. A computer-implemented system for protecting a network, comprising:
- a vulnerability detection system (VDS) for gathering information about the network to determine vulnerabilities of a host from a plurality of hosts on the network; and
an intrusion detection system (IDS), cooperative with the VDS, for examining network traffic responsive to the vulnerabilities of the host from the plurality of hosts as determined by the VDS to detect traffic indicative of malicious activity.
16 Assignments
0 Petitions
Accused Products
Abstract
A system in accordance with an embodiment of the invention includes a vulnerability detection system (VDS) and an intrusion detection system (IDS). The intrusion detection system leverages off of information gathered about a network, such as vulnerabilities, so that it only examines and alerts the user to potential intrusions that could actually affect the particular network. In addition both the VDS and IDS use rules in performing their respective analyses that are query-based and that are easy to construct. In particular these rules are based on a set of templates, which represent various entities or processes on the network.
-
Citations
33 Claims
-
1. A computer-implemented system for protecting a network, comprising:
-
a vulnerability detection system (VDS) for gathering information about the network to determine vulnerabilities of a host from a plurality of hosts on the network; and
an intrusion detection system (IDS), cooperative with the VDS, for examining network traffic responsive to the vulnerabilities of the host from the plurality of hosts as determined by the VDS to detect traffic indicative of malicious activity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-implemented method for protecting a network comprising:
-
gathering information about the network to determine vulnerabilities of a host from a plurality of hosts on the network; and
cooperative with the step of gathering information, examining network traffic responsive to the determined vulnerabilities of the host from the plurality of hosts to detect network traffic indicative of malicious activity. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer program product, comprising:
-
a computer-readable medium having computer program logic embodied therein for protecting a network, the computer logic;
gathering information about the network to determine vulnerabilities of a host from a plurality of hosts on the network; and
cooperative with the step of gathering information, examining network traffic responsive to the determined vulnerabilities of the host from the plurality of hosts to detect network traffic indicative of malicious activity. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification