Network security apparatus, network security control method and network security system

US 8,544,063 B2
Filed: 01/27/2006
Issued: 09/24/2013
Est. Priority Date: 09/29/2005
Status: Active Grant

First Claim

Patent Images

1. A network security apparatus for monitoring telecommunication information flowing through a network and carrying out detection of, and/or protection from, an illegitimate intrusion to the network, comprising:

a first port connected to the network, to import first telecommunication information currently from the network;

a second port connected to a telecommunication information accumulation apparatus, to import second telecommunication information accumulated by the telecommunication information accumulation apparatus historically; and

a processor configuredto judge a presence or absence of an abnormality of the first and the second telecommunication information based on judgment reference information by using a statistical method,to create and update the judgment reference information by learning the presence or absence of the abnormality,to decrease a replay rate, which represents an input speed of the second telecommunication information in the telecommunication information accumulation apparatus to the second port, when a magnitude of a processing load at the network security apparatus is high,to increase the replay rate for allocating a spare resource of the network security apparatus to learning the second telecommunication information when the magnitude of the processing load is lowto synchronize the operation of the second telecommunication information with the changed replay rate,to allocate the first and second telecommunication information taken in respectively from the first and second ports to the processor, to categorize the first and second telecommunication information into a time independent item and a time dependent item, simply to multiplex the time independent item included in the first and second telecommunication information, and to make the time dependent item of the second telecommunication information conform to a processing speed of the time dependent item of the first telecommunication information based on timing information at the time of picking up the second telecommunication information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a network security apparatus for monitoring telecommunication information flowing through a network and carrying out detection of, and/or protection from, an illegitimate intrusion to the network, comprising: an anomaly judgment unit for judging a presence or absence of an abnormality of the telecommunication information based on judgment reference information by using a statistical method; a learning unit for creating the judgment reference information from the telecommunication information; a first port for importing first telecommunication information currently from the network; a second port for importing second telecommunication information accumulated by a telecommunication information accumulation apparatus historically; and a telecommunication information allocation unit for allocating the first and second telecommunication information taken in respectively from the first and second ports to the anomaly judgment unit and the learning unit, wherein the learning unit creates the judgment reference information by learning the first and/or second telecommunication information.

11 Citations

View as Search Results

10 Claims

1. A network security apparatus for monitoring telecommunication information flowing through a network and carrying out detection of, and/or protection from, an illegitimate intrusion to the network, comprising:
- a first port connected to the network, to import first telecommunication information currently from the network;
  
  a second port connected to a telecommunication information accumulation apparatus, to import second telecommunication information accumulated by the telecommunication information accumulation apparatus historically; and
  
  a processor configuredto judge a presence or absence of an abnormality of the first and the second telecommunication information based on judgment reference information by using a statistical method,to create and update the judgment reference information by learning the presence or absence of the abnormality,to decrease a replay rate, which represents an input speed of the second telecommunication information in the telecommunication information accumulation apparatus to the second port, when a magnitude of a processing load at the network security apparatus is high,to increase the replay rate for allocating a spare resource of the network security apparatus to learning the second telecommunication information when the magnitude of the processing load is lowto synchronize the operation of the second telecommunication information with the changed replay rate,to allocate the first and second telecommunication information taken in respectively from the first and second ports to the processor, to categorize the first and second telecommunication information into a time independent item and a time dependent item, simply to multiplex the time independent item included in the first and second telecommunication information, and to make the time dependent item of the second telecommunication information conform to a processing speed of the time dependent item of the first telecommunication information based on timing information at the time of picking up the second telecommunication information.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The network security apparatus according to claim 1, whereinthe processor is further configuredto recognize third telecommunication information which is mixed in the second telecommunication information coming in from the telecommunication information accumulation apparatus and includes information indicating the replay rate of the second telecommunication information therein.
  - 3. The network security apparatus according to claim 1, whereinthe second port is logically multi-functioned with an apparatus management port to manage externally the aforementioned network security apparatus.
  - 4. The network security apparatus according to claim 1, whereinthe processor is further configuredto intervene between the telecommunication information accumulation apparatus and the network security apparatus,to input the second telecommunication information to the second port at the replay rate instructed by the network security apparatus, andto make third telecommunication information, which indicates the replay rate of the second telecommunication information in the telecommunication information accumulation apparatus, mixed in the second telecommunication information.
  - 5. The network security apparatus according to claim 1, whereinthe processor is further configuredto carry out a detection and protection processing for the second telecommunication information based on the same security policy as the first telecommunication information, andto allocate the first and second telecommunication information taken in respectively from the first and second ports to the processor.

6. A control method for use in a network security apparatus for monitoring telecommunication information flowing through a network and carrying out detection of, and/or protection from, an illegitimate intrusion to the network, comprising:
- accumulating second telecommunication information which flowed through the network historically in a telecommunication information accumulation apparatus;
  
  inputting first telecommunication information currently flowing through the network from a first port and the second telecommunication information from a second port in parallel;
  
  judging a presence or absence of an abnormality of the first and the second telecommunication information based on judgment reference information;
  
  creating and updating the judgment reference information by learning an illegitimate intrusion pattern judged by the judging;
  
  decreasing a replay rate, which represents an input speed of the second telecommunication information in the telecommunication information accumulation apparatus to the second port, when a magnitude of a processing load at the network security apparatus is high;
  
  increasing the replay rate for allocating a spare resource of the network security apparatus to learning the second telecommunication information when the magnitude of the processing load is low; and
  
  synchronizing the operation of the second telecommunication information with the changed replay rate,wherein the network security apparatus includesthe first port connected to the network, andthe second port connected to the telecommunication information accumulation apparatus,and wherein the control method further comprises;
  
  allocating the first and second telecommunication information taken in respectively from the first and second ports, and categorizing the first and second telecommunication information into a time independent item and a time dependent item, simply to multiplex the time independent item included in the first and second telecommunication information, and to make the time dependent item of the second telecommunication information conform to a processing speed of the time dependent item of the first telecommunication information based on timing information at the time of picking up the second telecommunication information.
- View Dependent Claims (7, 8)
- - 7. The control method for use in a network security apparatus according to claim 6, whereinthe inputting performs a detection and protection processing for the second telecommunication information based on the same security policy as the first telecommunication information.
  - 8. The control method for use in a network security apparatus according to claim 7, whereinthe creating and updating categorize the first and second telecommunication information into a time independent item and a time dependent item, simply multiplexes the time independent item included in the first and second telecommunication information, and makes the time dependent item of the second telecommunication information conform to a processing speed of the time dependent item of the first telecommunication information based on timing information at the time of picking up the second telecommunication information.

9. A network security system, including:
- a network security apparatus comprising;
  
  a first port connected to a network as the subject of monitoring, to import first telecommunication information currently flowing through the network;
  
  a second port to import second telecommunication information of the network historically which is accumulated in a telecommunication information accumulation apparatus;
  
  a processor configuredto judge a presence or absence of an abnormality of the first and the second telecommunication information based on judgment reference information by using a statistical method,to create and update the judgment reference information by learning the presence or absence of the abnormality;
  
  to allocate the first and second telecommunication information taken in respectively from the first and second ports to the processor, and to categorize the first and second telecommunication information into a time independent item and a time dependent item, simply to multiplex the time independent item included in the first and second telecommunication information, and to make the time dependent item of the second telecommunication information conform to a processing speed of the time dependent item of the first telecommunication information based on timing information at the time of picking up the second telecommunication information; and
  
  a replay rate control apparatus, existing between the network security apparatus and the telecommunication information accumulation apparatus,to decrease a replay rate, which represents an input speed of the second telecommunication information in the telecommunication information accumulation apparatus to the second port, when a magnitude of a processing load at the network security apparatus is high;
  
  to increase the replay rate for allocating a spare resource of the network security apparatus to learning the second telecommunication information when the magnitude of the processing load is low; and
  
  to synchronize the operation of the second telecommunication information with the changed replay rate.

10. A method comprising:
- using a network monitored by a network security apparatus for monitoring telecommunication information flowing through the network and carrying out detection of, and/or protection from, an illegitimate intrusion to the network, wherein the network security apparatus comprises;
  
  a first port connected to the network, to import first telecommunication information currently from the network;
  
  a second port connected to a telecommunication information accumulation apparatus, to import second telecommunication information accumulated by the telecommunication information accumulation apparatus historically; and
  
  a processor configuredto judge a presence or absence of an abnormality of the first and the second telecommunication information based on judgment reference information by using a statistical method,to create and update the judgment reference information by learning the presence or absence of the abnormality,to decrease a replay rate, which represents an input speed of the second telecommunication information in the telecommunication information accumulation apparatus to the second port, when a magnitude of a processing load at the network security apparatus is high,to increase the replay rate for allocating a spare resource of the network security apparatus to learning the second telecommunication information when the magnitude of the processing load is low,to synchronize the operation of the second telecommunication information with the changed replay rate,to allocate the first and second telecommunication information taken in respectively from the first and second ports to the processor, andto categorize the first and second telecommunication information into a time independent item and a time dependent item, simply to multiplex the time independent item included in the first and second telecommunication information, and to make the time dependent item of the second telecommunication information conform to a processing speed of the time dependent item of the first telecommunication information based on timing information at the time of picking up the second telecommunication information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Watanabe, Naotoshi
Primary Examiner(s)
Mehedi, Morshead
Assistant Examiner(s)
Jeudy, Josnel

Application Number

US11/341,312
Publication Number

US 20070074272A1
Time in Patent Office

2,797 Days
Field of Search

379/111, 379/114, 379/37, 379/39, 379/44, 455/403, 455/410, 455/411, 455/418, 455/419, 726/2, 726/3, 726 22- 25, 713187-188, 713193-194, 709223-227
US Class Current

726/3
CPC Class Codes

H04L 63/1408 by monitoring network traff...

Network security apparatus, network security control method and network security system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

11 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Network security apparatus, network security control method and network security system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links