Method and apparatus for providing network and computer system security
First Claim
1. A computer program product for triggering responses based on computer data transmissions received at a computer network node, the computer program product comprising:
- a computer-readable, tangible storage device;
first program instructions to determine type, destination, and origin of data contained in the computer data transmissions;
second program instructions to modify variable for triggering responses based on the type, destination, and origin of the data contained in the computer data transmissions originating from one or more suspect computer nodes comprising workstations;
third program instructions to trigger a first response in response to said modified variable equaling or exceeding a first predetermined threshold level; and
fourth program instructions to trigger a second response in response to said modified variable equaling or exceeding a second predetermined threshold level,wherein the first, second, third, and fourth program instructions are stored on the computer-readable, tangible storage device.
2 Assignments
0 Petitions
Accused Products
Abstract
An improved network intrusion detection and response system and method is disclosed for detecting and preventing misuse of network resources. More particularly, the system and method dynamically self-adjusts to changes in network activity using a plurality of alert levels wherein each successively higher alert level triggers a corresponding heightened security response from the networked computer being misused. These heightened alert levels are integrated on both the system (individual node) and the network level. The disclosed intrusion detection and response system is also implemented at low cost using currently-existing hardware and software (i.e., network computers).
312 Citations
35 Claims
-
1. A computer program product for triggering responses based on computer data transmissions received at a computer network node, the computer program product comprising:
-
a computer-readable, tangible storage device; first program instructions to determine type, destination, and origin of data contained in the computer data transmissions; second program instructions to modify variable for triggering responses based on the type, destination, and origin of the data contained in the computer data transmissions originating from one or more suspect computer nodes comprising workstations; third program instructions to trigger a first response in response to said modified variable equaling or exceeding a first predetermined threshold level; and fourth program instructions to trigger a second response in response to said modified variable equaling or exceeding a second predetermined threshold level, wherein the first, second, third, and fourth program instructions are stored on the computer-readable, tangible storage device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 28)
-
-
20. A computer program product for triggering a response based on computer data transmissions comprising non-voice based data received at a computer network node, the computer program product comprising:
a computer-readable, tangible storage device; first program instructions to determine type and origin of data contained in the computer data transmissions; second program instructions to modify a first variable for triggering one or more responses based on the type and origin of the data contained in computer data transmissions originating from a first suspect computer node comprising a first workstation; third program instructions to modify a second variable for triggering one or more responses based on the type and origin of the data contained in computer data transmissions originating from a second suspect computer node comprising a second workstation different than the first workstation; and fourth program instructions to trigger a response in response to either of said modified first or second variables equaling or exceeding a predetermined threshold level, wherein the first, second, third, and fourth program instructions are stored on the computer-readable, tangible storage device. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 29, 30)
-
31. A computer system for triggering a network response, the computer system comprising:
a CPU, a computer-readable memory, and a computer-readable, tangible storage device; first program instructions to store a plurality of first variables for a plurality of computer network nodes comprising workstations; second program instructions to modify a second variable based on the value of each of said plurality of first variables; and third program instructions to trigger a network response said second variable equaling or exceeding a predetermined threshold level, wherein the network response comprises notifying each of the plurality of computer network nodes that they should each increase their suspect-specific alert variable towards a particular suspect computer network node and initiating an active scan of the particular suspect computer network node, wherein the first, second, and third program instructions are stored on the computer-readable, tangible storage device for execution by the CPU via the computer-readable memory. - View Dependent Claims (32, 33, 34, 35)
Specification