Intelligent feedback loop process control system

US 7,058,976 B1
Filed: 05/17/2000
Issued: 06/06/2006
Est. Priority Date: 05/17/2000
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method for detecting attacks on a network, comprising:

at a gateway, receiving data from a remote source which is destined for a target;

discarding the data based on a predetermined set of rules utilizing a firewall associated with the gateway which is coupled to the remote source, wherein the firewall utilizes the predetermined set of rules to discard the data as a function of a plurality of parameters;

passing remaining data to an intrusion detection system coupled to the firewall associated with the gateway;

intercepting in real time the remaining data utilizing the intrusion detection system;

parsing the remaining data to identify data representing text therein utilizing the intrusion detection system;

comparing the data representing text to a predetermined list of data representing text associated with attacks utilizing the intrusion detection system, wherein the data representing text of the predetermined list refers to different types of attacks;

identifying the data representing text as hostile based on the comparison; and

acting on the data representing text identified as hostile in order to prevent an attack, wherein the data representing text identified as hostile is acted upon differently based on the type of the attack by at least one of blocking the data, alerting an administrator, and disconnecting the remote source.

View all claims

6 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

There is disclosed a system and method for detecting attacks on a site in a communication network and for taking action to reduce or redirect such attacks. A monitor system reviews incoming data packets and sends directions to at least one router to change the data flow in the system. The directions may be sent to other routers. The data packets and the resulting work flow are modified for certain conditions, and for certain conditions within defined time slices, and action is taken when the monitored condition is contrary to expected conditions.

75 Citations

View as Search Results

13 Claims

1. A method for detecting attacks on a network, comprising:
- at a gateway, receiving data from a remote source which is destined for a target;
  
  discarding the data based on a predetermined set of rules utilizing a firewall associated with the gateway which is coupled to the remote source, wherein the firewall utilizes the predetermined set of rules to discard the data as a function of a plurality of parameters;
  
  passing remaining data to an intrusion detection system coupled to the firewall associated with the gateway;
  
  intercepting in real time the remaining data utilizing the intrusion detection system;
  
  parsing the remaining data to identify data representing text therein utilizing the intrusion detection system;
  
  comparing the data representing text to a predetermined list of data representing text associated with attacks utilizing the intrusion detection system, wherein the data representing text of the predetermined list refers to different types of attacks;
  
  identifying the data representing text as hostile based on the comparison; and
  
  acting on the data representing text identified as hostile in order to prevent an attack, wherein the data representing text identified as hostile is acted upon differently based on the type of the attack by at least one of blocking the data, alerting an administrator, and disconnecting the remote source.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method as recited in claim 1 wherein the firewall utilizes the predetermined set of rules to discard the data as a function of a plurality of parameters including the source, the destination, and the port associated with the data.
  - 3. The method as recited in claim 1 wherein the data representing text of the predetermined list refers to different types of attacks including the information gathering attacks, the web server denial of service attack, and the file server remote compromise.
  - 4. The method as recited in claim 1 wherein the predetermined list of data representing text associated with attacks is manually updated.
  - 5. The method as recited in claim 1 further comprising updating the predetermined list of data representing text associated with attacks.
  - 6. The method as recited in claim 1 wherein the firewall and the intrusion detection system are included in a single device.

7. A gateway system for detecting attacks on a network, comprising:
- a firewall for receiving data from a remote source which is destined for a target, and discarding the data based on a predetermined set of rules;
  
  an intrusion detection system coupled to the firewall for intercepting in real time remaining data, parsing the remaining data to identify data representing text therein, and comparing the data representing text to a predetermined list of data representing text associated with attacks, wherein the data representing text of the predetermined list refers to different types of attacks; and
  
  acting on the data representing text identified as hostile in order to prevent an attack, wherein the data representing text identified as hostile is acted upon differently based on the type of the attack by at least one of blocking the data, alerting an administrator, and disconnecting the remote source, the intrusion detection system further capable of updating the predetermined list of data representing text associated with attacks.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The system as recited in claim 7 wherein the firewall and the intrusion detection system are included in a single device.
  - 9. The system as recited in claim 7 wherein the firewall utilizes the predetermined set of rules to discard the data as a function of a plurality of parameters including the source, the destination, and the port associated with the data.
  - 10. The system as recited in claim 7 wherein the data representing text of the predetermined list refers to different types of attacks including the information gathering attacks, the web server denial of service attack, and the file server remote compromise.
  - 11. The system as recited in claim 7 wherein the predetermined list of data representing text associated with attacks is manually updated.

12. A method for detecting attacks on a network, comprising:
- at a gateway, receiving data from a remote source which is destined for a target;
  
  discarding the data based on a predetermined set of rules utilizing a firewall associated with the gateway which is coupled to the remote source, wherein the firewall utilizes the predetermined set of rules to discard the data as a function of a plurality of parameters selected from the group consisting of a source, a destination, and a port associated with the data;
  
  passing remaining data to an intrusion detection system coupled to the firewall associated with the gateway;
  
  intercepting in real time the remaining data utilizing the intrusion detection system;
  
  parsing the remaining data to identify data representing text therein utilizing the intrusion detection system;
  
  comparing the data representing text to a predetermined list of data representing text associated with attacks utilizing the intrusion detection system, wherein the data representing text of the predetermined list refers to different types of attacks selected from the group consisting of information gathering attacks, a web server denial of service attack, and a file server remote compromise;
  
  identifying the data representing text as hostile based on the comparison;
  
  acting on the data representing text identified as hostile in order to prevent an attack, wherein the data representing text identified as hostile is acted upon differently based on the type of the attack by at least one of blocking the data, alerting an administrator, and disconnecting the remote source; and
  
  updating the predetermined list of data representing text associated with attacks;
  
  wherein the firewall and the intrusion detection system are included in a single device.

13. A gateway system for detecting attacks on a network, comprising:
- a firewall for receiving data from a remote source which is destined for a target, and discarding the data based on a predetermined set of rules, wherein the firewall utilizes the predetermined set of rules to discard the data as a function of a plurality of parameters selected from the group consisting of a source, a destination, and a port associated with the data;
  
  an intrusion detection system coupled to the firewall for intercepting in real time remaining data, parsing the remaining data to identify data representing text therein, and comparing the data representing text to a predetermined list of data representing text associated with attacks, wherein the data representing text of the predetermined list refers to different types of attacks, selected from the group consisting of information gathering attacks, a web server denial of service attack and a file server remote compromise, the intrusion detection system further capable of identifying the data representing text as hostile based on the comparison, and acting on the data representing text identified as hostile in order to prevent an attack, wherein the data representing text identified as hostile is acted upon differently based on the type of the attack by at least one of blocking the data, alerting an administrator, and disconnecting the remote source, the intrusion detection system further capable of updating the predetermined list of data representing text associated with attacks;
  
  wherein the firewall and the intrusion detection system are included in a single device.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Trend Micro Inc.
Original Assignee
DeepNines Incorporated
Inventors
Dark, Susan Pittman
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
Arani, Taghi T.

Application Number

US09/572,112
Time in Patent Office

2,211 Days
Field of Search

713/153, 713/168, 713/170, 713/188, 713/200, 713/201, 709/223, 709224-227, 709/229, 709/232, 709/238, 709/249, 709/395.52, 706/13, 706/14, 706/43, 370/338, 370/351, 726/1, 726/12, 726/23
US Class Current

726/23
CPC Class Codes

H04L 43/00   Arrangements for monitoring...

H04L 43/0882   Utilisation of link capacity

H04L 43/16   Threshold monitoring

H04L 63/02   for separating internal fro...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/12   Applying verification of th...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04L 63/1458   Denial of Service

H04L 63/1466   Active attacks involving in...

Intelligent feedback loop process control system

First Claim

6 Assignments

Litigations

0 Petitions

Accused Products

Abstract

75 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Intelligent feedback loop process control system

First Claim

6 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links