Intrusion detection and vulnerability assessment system, method and computer program product

US 7,424,746 B1
Filed: 04/02/2003
Issued: 09/09/2008
Est. Priority Date: 11/30/2001
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

monitoring network communications for violations of policies where the policies are defined to detect potential attacks in the network communications, utilizing an intrusion detection system;

performing a vulnerability assessment scan for identifying vulnerabilities utilizing a vulnerability assessment system coupled to the intrusion detection system;

determining whether the network communications exploit at least one of a plurality of known vulnerabilities;

executing a remedying event if it is determined that the network communications exploit at least one of the plurality of known vulnerabilities; and

updating a database of known vulnerabilities based on the vulnerability assessment scan;

wherein the intrusion detection system and the vulnerability assessment system are integrated in a single module;

wherein the remedying event includes extracting harmful information from infected network communications.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and associated method/computer program product are provided including an intrusion detection tool for determining whether network communications violate at least one of a plurality of policies. Such policies are defined to detect potential attacks in the network communications. Further included is a vulnerability assessment scanning tool coupled to the intrusion detection tool. The vulnerability assessment scanning tool is adapted for performing a vulnerability assessment scan for identifying vulnerabilities.

46 Citations

View as Search Results

16 Claims

1. A method, comprising:
- monitoring network communications for violations of policies where the policies are defined to detect potential attacks in the network communications, utilizing an intrusion detection system;
  
  performing a vulnerability assessment scan for identifying vulnerabilities utilizing a vulnerability assessment system coupled to the intrusion detection system;
  
  determining whether the network communications exploit at least one of a plurality of known vulnerabilities;
  
  executing a remedying event if it is determined that the network communications exploit at least one of the plurality of known vulnerabilities; and
  
  updating a database of known vulnerabilities based on the vulnerability assessment scan;
  
  wherein the intrusion detection system and the vulnerability assessment system are integrated in a single module;
  
  wherein the remedying event includes extracting harmful information from infected network communications.
- View Dependent Claims (2, 3, 4, 11, 12, 13, 14, 15, 16)
- - 2. The method as recited in claim 1, wherein the policies are user-defined.
  - 3. The method as recited in claim 1, and further comprising executing the remedying event based on the vulnerability assessment scan.
  - 4. The method as recited in claim 1, wherein the database of known vulnerabilities is utilized for the determining of whether the network communications exploit at least one of the plurality of known vulnerabilities.
  - 11. The method as recited in claim 1, wherein the remedying event includes executing a risk assessment scan.
  - 12. The method as recited in claim 1, wherein the remedying event includes reporting a problem.
  - 13. The method as recited in claim 1, wherein the remedying event includes quarantining the infected network communications.
  - 14. The method as recited in claim 1, wherein the intrusion detection system initiates the vulnerability assessment scan.
  - 15. The method as recited in claim 1, wherein feedback is provided between the vulnerability assessment system and the intrusion detection system.
  - 16. The method as recited in claim 1, wherein the database of known vulnerabilities is updated based on results of the vulnerability assessment scan, and the updated database of known vulnerabilities is subsequently utilized by the intrusion detection system.

5. A computer program product embodied on a tangible computer readable medium comprising:
- computer code for monitoring network communications for violations of policies where the policies are defined to detect potential attacks in the network communications, utilizing an intrusion detection system;
  
  computer code for performing a vulnerability assessment scan for identifying vulnerabilities, utilizing a vulnerability assessment system coupled to the intrusion detection system;
  
  computer code for determining whether the network communication exploit at least one of a plurality of known vulnerabilities;
  
  computer code for executing a remedying event if it is determined that the network communications exploit at least on of the plurality of known vulnerabilities; and
  
  computer code for updating a database of known vulnerabilities based on the vulnerability assessment scan;
  
  wherein the intrusion detection system and the vulnerability assessment system are integrated in a single module;
  
  wherein the remedying event includes code for extracting harmful information from infected network communications.
- View Dependent Claims (6, 7, 8)
- - 6. The computer program product as recited in claim 5, wherein the policies are user-defined.
  - 7. The computer program product as recited in claim 5, further comprising computer code for executing the remedying event based on the vulnerability assessment scan.
  - 8. The computer program product as recited in claim 5, wherein the database of known vulnerabilities is utilized for the determining of whether the network communications exploit at least one of the plurality of known vulnerabilities.

9. A system including a tangible computer readable medium, the system for scanning network communications, comprising:
- intrusion detection means for monitoring network communications for violations of policies where the policies are defined to detect potential attacks in the network communications, determining whether the network communications exploit at least one of a plurality of known vulnerabilities, and executing a remedying event if it is determined that the network communications exploit at least one of the plurality of known vulnerabilities; and
  
  vulnerabilities assessment means for performing a vulnerability assessment scan for identifying vulnerabilities, and updating a database of known vulnerabilities based on the vulnerability assessment scan;
  
  wherein the intrusion detection means and the vulnerability assessment means are integrated in a single module;
  
  wherein the remedying event includes extracting harmful information from infected network communications.

10. A system including a tangible computer readable medium, comprising:
- an intrusion detection tool for determining whether network communications violate at least one of a plurality of policies where the policies are defined to detect potential attacks in the network communications, determining whether the network communications exploit at least one of a plurality of known vulnerabilities, executing a remedying event if it is determined that the network communications exploit at least one of the plurality of known vulnerabilities; and
  
  a risk assessment scanning tool coupled to the intrusion detection tool, the risk assessment scanning tool adapted for performing a risk assessment scan for identifying vulnerabilities, and updating a database of known vulnerabilities based on the risk assessment scan;
  
  wherein the remedying event includes extracting harmful information from infected network communications;
  
  wherein the intrusion detection tool and the risk assessment scanning tool are embodied on the tangible computer readable medium.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
McDonald, John R., Rahmanovic, Tarik, Magdych, James S., Tellier, Brock E.
Primary Examiner(s)
Sheikh; Ayaz
Assistant Examiner(s)
Doan; Trang

Application Number

US10/406,710
Time in Patent Office

1,987 Days
Field of Search

726/1, 726 22- 25, 713/188, 709223-224
US Class Current

726/25
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

H04L 63/14   for detecting or protecting...

H04L 63/1433   Vulnerability analysis

Intrusion detection and vulnerability assessment system, method and computer program product

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

46 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Intrusion detection and vulnerability assessment system, method and computer program product

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links