Stateful and cross-protocol intrusion detection for voice over IP
First Claim
1. A method comprising generating an intrusion alert based on the state of a first protocol and the state of a second protocol.
23 Assignments
0 Petitions
Accused Products
Abstract
A method for detecting intrusions that employ messages of two or more protocols is disclosed. Such intrusions might occur in Voice over Internet Protocol (VoIP) systems, as well as in systems in which two or more protocols support some service other than VoIP. In the illustrative embodiment of the present invention, a stateful intrusion-detection system is capable of employing rules that have cross-protocol pre-conditions. The illustrative embodiment can use such rules to recognize a variety of VoIP-based intrusion attempts, such as call hijacking, BYE attacks, etc. In addition, the illustrative embodiment is capable of using such rules to recognize other kinds of intrusion attempts in which two or more protocols support a service other than VoIP. The illustrative embodiment also comprises a stateful firewall that is capable of employing rules with cross-protocol pre-conditions.
17 Citations
20 Claims
- 1. A method comprising generating an intrusion alert based on the state of a first protocol and the state of a second protocol.
- 9. A method comprising generating an intrusion alert when the state of a first protocol and the state of a second protocol match a rule in a rule base.
-
17. An intrusion-detection system comprising:
-
a message processor for inspecting incoming messages; and a rule base comprising a rule; wherein said rule specifies a condition concerning the state of a first protocol and the state of a second protocol. - View Dependent Claims (18, 19, 20)
-
Specification