Method and system for mapping a network for system security
First Claim
1. A system for mapping a network domain for use in intrusion detection of a network interfaced with one or more network devices each having network information, the system comprising:
- a device operable to detect an attack signature in network traffic directed to the network; and
a domain mapping device operable to;
interface with the network;
receive and store network information from the one of more network devices; and
provide the received and stored information to the device operable to detect an attack signature in network traffic directed to the network.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for mapping a network domain provides a centralized repository for network information to support network devices, including an intrusion detection system. A domain mapping device includes an acquisition engine for acquiring network information, hypercube storage for storing network information, and a query engine for responding to queries from network devices for network information. The acquisition engine acquires network information by active scanning of network devices, passive scanning of network devices, polling of network devices, or receiving network information pushed from network devices. The network information includes device type, operating system, service and vulnerability information. The query engine provides network information in response to queries from network devices, such as intrusion detection devices that use the data to detect attacks on the vulnerabilities of the network.
64 Citations
52 Claims
-
1. A system for mapping a network domain for use in intrusion detection of a network interfaced with one or more network devices each having network information, the system comprising:
-
a device operable to detect an attack signature in network traffic directed to the network; and a domain mapping device operable to; interface with the network; receive and store network information from the one of more network devices; and provide the received and stored information to the device operable to detect an attack signature in network traffic directed to the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for use in intrusion detection of a network interfaced with one or more network devices each having network information, the system comprising:
a domain mapping device operable to interface with the network and further operable when interfaced with the network to; receive network information from the one or more devices interfaced with the network, the received network information at least indicating a potential vulnerability associated with at least one of the one or more network devices each having network information; and provide the potential vulnerability to an intrusion detection system interfaced with the network, the intrusion detection system operable to detect an attack signature in network traffic directed to the network. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
27. A method for use in intrusion detection of a network comprising:
-
acquiring network information for one or more network devices, the one or more network devices associated with the network, the acquired network information at least indicating a potential vulnerability associated with at least one of the network devices; and providing the potential vulnerability to an intrusion detection system associated with the network, the intrusion detection system operable to detect an attack signature in network traffic directed to the network. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A method for mapping a network domain for use in intrusion detection comprising:
-
acquiring network information from one or more devices, the one or more devices associated with the network domain; storing the network information; and providing the stored information to a network security device associated with the one or more devices, the network security device operable to detect an attack signature in network traffic directed to the network domain. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51)
-
-
52. A system for use in network intrusion detection of a network interfaced with one or more network devices each having network information, the system comprising:
-
a network intrusion detection means for detecting an attack signature in network traffic directed to the network; and a means for acquiring the network information from the one or more devices, storing the network information, and providing the stored network information to the network intrusion detection means.
-
Specification