Apparatus and a security node for use in determining security attacks

US 8,331,904 B2
Filed: 10/20/2006
Issued: 12/11/2012
Est. Priority Date: 10/20/2006
Status: Active Grant

First Claim

Patent Images

1. Apparatus comprising:

a processor configured to perform at least the following;

monitor said apparatus for security attacks and to store collected security related data comprising a full detail level logging functionality of events;

select and send at least some of the collected security related data from the full detail level logging functionality of events to a network security node, wherein the amount of the collected security related data selected and sent to said security node over the network is dependent on a security level of said apparatus, where said processor is operable in a pull mode of operation in response to a security alarm received from the network security node so as to send over the network, upon request of the network security node, the collected security related data at a requested level of detail, and where in response to a reception of a notification of an increase in security level from an initial security level at a certain point in time, said processor is further configured to operate in a backtracking mode so as to send over the network collected security related data at an increased level of detail both for times subsequent to the point in time and for times preceding the point in time, the increased level of detail relative to a level of detail for the initial security level.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus including functionality configured to monitor said apparatus for security attacks; and a reporter configured to send data to a security node, wherein the data sent to said security node is dependent on a security level of said apparatus.

10 Citations

View as Search Results

26 Claims

1. Apparatus comprising:
- a processor configured to perform at least the following;
  
  monitor said apparatus for security attacks and to store collected security related data comprising a full detail level logging functionality of events;
  
  select and send at least some of the collected security related data from the full detail level logging functionality of events to a network security node, wherein the amount of the collected security related data selected and sent to said security node over the network is dependent on a security level of said apparatus, where said processor is operable in a pull mode of operation in response to a security alarm received from the network security node so as to send over the network, upon request of the network security node, the collected security related data at a requested level of detail, and where in response to a reception of a notification of an increase in security level from an initial security level at a certain point in time, said processor is further configured to operate in a backtracking mode so as to send over the network collected security related data at an increased level of detail both for times subsequent to the point in time and for times preceding the point in time, the increased level of detail relative to a level of detail for the initial security level.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. Apparatus as claimed in claim 1, wherein said security level is dependent on information received from said security node.
  - 3. Apparatus as claimed in claim 1, wherein said security level is dependent on an output of said monitor operation.
  - 4. Apparatus as claimed in claim 1, wherein more data is sent to said network security node when there is a higher security level than when there is a lower security level.
  - 5. Apparatus as claimed in claim 1, wherein all of the data is sent to the network security node for one security level.
  - 6. Apparatus as claimed in claim 1, comprising a memory arranged to store security data.
  - 7. Apparatus as claimed in claim 6, wherein said sent data comprises at least some of said security data.
  - 8. Apparatus as claimed in claim 6, wherein said memory is configured such that oldest security data is overwritten by newest security data.
  - 9. Apparatus as claimed in claim 1, wherein said processor is configured to detect a potential security attack and in response to said detection to cause a transmission of information to said security node.
  - 10. Apparatus as claimed in claim 1, wherein said processor is configured to detect potential security attacks and in response to said detection, to cause a change of security level.
  - 11. Apparatus as claimed in claim 1, wherein said apparatus is configured to have at least two security levels.
  - 12. Apparatus as claimed in claim 1, wherein said processor is at least one of rule based or behavior profile-based.
  - 13. Apparatus as claimed in claim 1, wherein said apparatus is a mobile device.
  - 14. The apparatus as claimed in claim 1, wherein the level of detail comprises both amount of collected security related data and an interval between when a first set of collected security related data is sent and a second set of collected security related data is sent.

15. An apparatus comprising:
- a processor configured to perform at least the following;
  
  receive collected security related data from a plurality of devices, the amount of collected security related data received being dependent on a security level of each device and comprising a portion of a full detail level logging functionality of events stored by each of the plurality of devices;
  
  correlate said received collected security related data to filter said received collected security related data; and
  
  determine security attacks from said received collected security related data and to send information to configure the security level of the plurality of devices;
  
  where said processor is further configured to operate at least one of the plurality of devices in a pull mode of operation, in response to a security alarm sent to the at least one device, so as to receive over a network, upon request of the apparatus, the collected security related data at a requested level of detail, and where said processor is further configured, in response to a determined increase in security level from an initial security level at a certain point in time, to cause selected at least one of the plurality of devices to operate in a backtracking mode so as to cause the selected at least one device to send over the network and to the apparatus collected security related data at an increased level of detail both for times subsequent to the point in time and for times preceding the point in time, the increased level of detail relative to a level of detail for the initial security level.
- View Dependent Claims (16, 17, 18)
- - 16. An apparatus as claimed in claim 15, wherein said processor is configured to monitor at least one of traffic to or traffic from said devices.
  - 17. An apparatus as claimed in claim 15, wherein said processor is configured to send information to at least one device, said information defining a security level for said device.
  - 18. The apparatus as claimed in claim 15, wherein the level of detail comprises both amount of collected security related data and an interval between when a first set of collected security related data is sent by said selected at least one device and a second set of collected security related data is sent by said selected at least one device.

19. A method comprising:
- collecting with a processor security related data comprising a full detail level logging functionality of events;
  
  storing the collected security related data;
  
  selecting at least some of the collected security related data from the full detail level logging functionality of events; and
  
  sending at least some of said collected security related data to a security node in a network, the amount of the collected security related data selected and sent over the network being dependent on a security level, where in a pull mode of operation initiated in response to a security alarm received from the security node, sending the at least some of said collected security related data is performed upon request of the security node, and where in response to a reception of a notification of an increase in security level from an initial security level at a certain point in time, said processor is further configured to operate in a backtracking mode so as to send over the network collected security related data at an increased level of detail both for times subsequent to the point in time and for times preceding the point in time, the increased level of detail relative to a level of detail for the initial security level.
- View Dependent Claims (20)
- - 20. The method as claimed in claim 19, wherein the level of detail comprises both amount of collected security related data and an interval between when a first set of collected security related data is sent and a second set of collected security related data is sent.

21. A method comprising:
- receiving collected security related data from a plurality of devices, the amount of collected security related data received being dependent on a security level of each device and comprising a portion of a full detail level logging functionality of events stored by each of the plurality of devices;
  
  correlating said received collected security related data to filter said received collected data;
  
  determining security attacks from said received collected security related data;
  
  sending information to set the security level of the plurality of devices, where in a pull mode of operation the receiving of the collected security related data from at least one of the plurality of devices is in response to sending a security alarm to the at least one device, and in response to a request that is sent to the at least one device to send the collected security related information; and
  
  in response to a determined increase in security level from an initial security level at a certain point in time, causing selected at least one of the plurality of devices to operate in a backtracking mode so as to cause the selected at least one device to send over the network collected security related data at an increased level of detail both for times subsequent to the point in time and for times preceding the point in time, the increased level of detail relative to a level of detail for the initial security level; and
  
  receiving said collected security related data at said increased level of detail.
- View Dependent Claims (22)
- - 22. The method as claimed in claim 21, wherein the level of detail comprises both amount of collected security related data and an interval between when a first set of collected security related data is sent by said selected at least one device and a second set of collected security related data is sent by said selected at least one device.

23. A computer program, embodied on a non-transitory computer readable medium, the computer program configured to control a processor to perform a method comprising:
- collecting security related data comprising a full detail level logging functionality of events;
  
  storing the collected security related data,selecting at least some of the collected security related data;
  
  sending at least some of said collected security related data from the full detail level logging functionality of events to a network security node, the amount of the collected security related data selected and sent over the network being dependent on a security level, where in a pull mode of operation initiated in response to a security alarm received from the security node, sending the at least some of said collected security related data is performed upon request of the security node; and
  
  where in response to a reception of a notification from the security node of an increase in security level from an initial security level at a certain point in time, operating in a backtracking mode so as to send over the network collected security related data at an increased level of detail both for times subsequent to the point in time and for times preceding the point in time, the increased level of detail relative to a level of detail for the initial security level.
- View Dependent Claims (24)
- - 24. The computer program of claim 23, wherein the level of detail comprises both amount of collected security related data and an interval between when a first set of collected security related data is sent and a second set of collected security related data is sent.

25. A computer program embodied on a non-transitory computer readable medium, the computer program configured to control a processor to perform a method comprising:
- receiving collected security related data from a plurality of devices, the amount of collected security related data received being dependent on a security level of each device and comprising a portion of a full detail level logging functionality of events stored by each of the plurality of devices;
  
  correlating said received collected security related data to filter said received collected security related data; and
  
  determining security attacks from said received collected security related data; and
  
  sending information to set the security level of the plurality of devices, where in a pull mode of operation the receiving of the collected security related data from at least one of the plurality of devices is in response to sending a security alarm to the at least one device, and in response to a request that is sent to the at least one device to send the collected security related information;
  
  in response to a determined increase in security level from an initial security level at a certain point in time, causing selected at least one of the plurality of devices to operate in a backtracking mode so as to cause the selected at least one device to send over the network collected security related data at an increased level of detail both for times subsequent to the point in time and for times preceding the point in time, the increased level of detail relative to a level of detail for the initial security level; and
  
  receiving said collected security related data at said increased level of detail.
- View Dependent Claims (26)
- - 26. The computer program of claim 25, wherein the level of detail comprises both amount of collected security related data and an interval between when a first set of collected security related data is sent by said selected at least one device and a second set of collected security related data is sent by said selected at least one device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Miettinen, Markus, Hatonen, Kimmo
Primary Examiner(s)
Afshar, Kamran
Assistant Examiner(s)
ROD, YOUSEF R

Application Number

US11/584,052
Publication Number

US 20080096526A1
Time in Patent Office

2,244 Days
Field of Search

455/410, 455/411, 726/13, 726 22- 25, 709/224, 709/22, 709/23, 709/24, 709/14
US Class Current

455/410
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 41/046   comprising network manageme...

H04L 41/048   mobile agents

H04L 41/16   using machine learning or a...

H04L 43/00   Arrangements for monitoring...

H04L 63/1408   by monitoring network traff...

Apparatus and a security node for use in determining security attacks

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and a security node for use in determining security attacks

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links