Method and system for protecting computer networks by altering unwanted network data traffic
First Claim
1. A computer-implemented method for protecting a computer network, comprising the steps of:
- a network security device monitoring network data carried by the computer network;
the network security device analyzing first byte information of the network data to determine whether the network data comprises one of a plurality of intrusion events; and
in response to detecting one of the plurality of intrusion events in the network data, the network security device forwarding the network data to an intended destination on the computer network, the network security device predicting additional network data associated with the detected intrusion event, the network security device altering at least a portion of second byte information of the predicted additional network data and the network security device forwarding the altered second byte information of the predicted additional network data to the intended destination on the computer network prior to arrival of actual additional network data corresponding to the predicted additional network data at the intended destination, thereby causing the actual additional network data to be discarded,otherwise, the network security device passing the first byte information without alteration to the destination in the absence of detecting one of the plurality of intrusion events in the network data.
4 Assignments
0 Petitions
Accused Products
Abstract
Protecting computer networks by altering unwanted network data traffic. An Intrusion Protection System (IPS) or an Intrusion Detection System (IDS) can monitor network data traffic comprising byte information. This network security device analyzes network data traffic at the byte level to determine whether an intrusion event is present in the network data traffic. If an intrusion event is detected, the network security device alters at least a portion of the relevant byte information to prevent the occurrence of a successful intrusion event at the intended destination. This altered byte information is then passed to the destination by the network security device. If an intrusion event is not present, the network security device passes the byte information without alteration to the destination.
-
Citations
14 Claims
-
1. A computer-implemented method for protecting a computer network, comprising the steps of:
-
a network security device monitoring network data carried by the computer network; the network security device analyzing first byte information of the network data to determine whether the network data comprises one of a plurality of intrusion events; and in response to detecting one of the plurality of intrusion events in the network data, the network security device forwarding the network data to an intended destination on the computer network, the network security device predicting additional network data associated with the detected intrusion event, the network security device altering at least a portion of second byte information of the predicted additional network data and the network security device forwarding the altered second byte information of the predicted additional network data to the intended destination on the computer network prior to arrival of actual additional network data corresponding to the predicted additional network data at the intended destination, thereby causing the actual additional network data to be discarded, otherwise, the network security device passing the first byte information without alteration to the destination in the absence of detecting one of the plurality of intrusion events in the network data. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented method for protecting a computer network, comprising the steps of:
-
a network security device monitoring network data carried by the computer network; the network security device analyzing first byte information of the network data to determine whether the network data comprises one of a plurality of intrusion events; in response to detecting one of the plurality of intrusion events in the network data, the network security device forwarding the network data to an intended destination on the computer network, the network security device predicting additional network data associated with the detected intrusion event, the network security device altering at least a portion of second byte information of the predicted additional network data, the second byte information of the predicted additional network data comprising a plurality of bytes, the altering step comprising; the network security device determining the location of the detected intrusion event within the predicted additional network data, inspecting each of the plurality of bytes at the location of the detected intrusion event, the network security device identifying each of the plurality bytes that requires alteration to prevent a successful occurrence of the detected intrusion event at the destination, the alteration defined by a response plan associated with the detected intrusion event, and the network security device completing the alteration of each identified byte in accordance with the response plan; the network security device forwarding the altered second byte information of the predicted additional network data to the intended destination on the computer network prior to arrival of actual additional network data corresponding to the predicted additional network data at the intended destination, thereby causing the actual additional network data to be discarded; and in the absence of detecting one of the plurality of intrusion events, the network security device passing the first byte information without alteration to the destination.
-
-
9. A computer system for protecting a computer network from intrusion by an unauthorized user, the system comprising:
-
a network security device communicably coupled to the computer network; first program instructions to analyze network data transported by the computer network to determine whether the network data comprises one of a plurality of intrusion events and, in the absence of identifying one of the plurality of intrusion events, passing the network data to an intended destination on the computer network; and second program instructions to respond to the detection of one of the plurality of intrusion events by predicting additional network data associated with the detected intrusion event and altering at least a portion of byte-level information of the predicted additional network data corresponding to the detected intrusion event and forwarding the altered portion of the predicted additional network data to the intended destination on the computer network prior to arrival of actual additional network data corresponding to the predicted additional network data at the intended destination, thereby causing the actual additional network data to be discarded, wherein the first and second program instructions are stored on the network security device for execution by the network security device. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A computer-implemented method for protecting a computer network, comprising the steps of:
-
a network security device monitoring network data carried by the computer network; the network security device analyzing the network data to determine whether the network data comprises one of a plurality of intrusion events; and in the event that the network data fails to comprise one of the plurality of intrusion events, the network security device passing the network data to a destination coupled to the computer network; in the event that the network data comprises one of the plurality of intrusion events, the network security device forwarding the network data to the destination, the network security device predicting additional network data associated with the detected intrusion event, the network security device altering at least a portion of the predicted additional network data associated with the detected intrusion event and the network security device forwarding the predicted additional network data comprising the portion of altered network data and any remainder of unaltered network data to the destination prior to arrival of actual additional network data corresponding to the predicted additional network data at the destination, thereby preventing the occurrence of the detected intrusion event at the destination.
-
Specification