System and method for preventing network misuse
First Claim
Patent Images
1. A computer-implemented method comprising:
- identifying a plurality of data signatures relevant to computer security;
designating an alert condition value for each data signature based on each data signature itself and contextual information associated with a respective data signature, each alert condition value comprising a ranked value that is unique to each combination of data signature and contextual information associated with a particular data signature, the contextual information comprising at least one of an application layer data field type used to encapsulate the data signature and an application layer protocol type used to transmit the data signature, the alert condition value indicating a security risk level relative to different data signatures and relative to other identical data signatures associated with different contextual information; and
creating a table comprising the contextual information, the data signatures, and the alert condition values.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for preventing misuse conditions on a data network are described. Embodiments of the system and method evaluate potential network misuse signatures by analyzing variables such as the state of the network and/or target, the context in which the potential misuse signatures are detected, the response/reaction of the target and/or the fingerprint of the target. These and other variables may be factored in to the misuse determination, either alone, or in combination.
-
Citations
20 Claims
-
1. A computer-implemented method comprising:
-
identifying a plurality of data signatures relevant to computer security; designating an alert condition value for each data signature based on each data signature itself and contextual information associated with a respective data signature, each alert condition value comprising a ranked value that is unique to each combination of data signature and contextual information associated with a particular data signature, the contextual information comprising at least one of an application layer data field type used to encapsulate the data signature and an application layer protocol type used to transmit the data signature, the alert condition value indicating a security risk level relative to different data signatures and relative to other identical data signatures associated with different contextual information; and creating a table comprising the contextual information, the data signatures, and the alert condition values. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented method comprising:
-
designating an alert condition value for each of a plurality of data signatures based on each data signature itself and contextual information associated with a particular data signature, each alert condition value comprising a ranked value that is unique to each combination of data signature and contextual information associated with a particular data signature, the contextual information comprising at least one of an application layer data field type used to encapsulate the data signature and an application layer protocol type used to transmit the data signature, the alert condition value indicating a security risk level relative to different data signatures and relative to other identical data signatures associated with different contextual information; and creating a table comprising the columns of data signatures, contextual information, and alert condition values. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A machine-readable physical medium having program code stored thereon which, when executed by a machine, causes said machine to perform the operations of:
-
designating a relative alert condition value to each data signature of a plurality of data signatures based on each data signature itself and contextual information associated with a respective data signature, each alert condition value comprising a ranked value that is unique to each combination of data signature and contextual information associated with a particular data signature, the contextual information comprising at least one of an application layer data field type used to encapsulate the data signature and an application layer protocol type used to transmit the data signature, the relative alert condition value indicating a security risk level relative to different data signatures and relative to other identical data signatures associated with different contextual information; creating a table comprising the contextual information, the data signatures, and the relative alert condition values; and evaluating contextual information related to a detected data signature by comparing contextual information associated with the detected data signature to the table in order to determine a likelihood that a target is under attack. - View Dependent Claims (18, 19, 20)
-
Specification