Method and apparatus for distributed intrusion protection system for ultra high bandwidth networks

US 8,561,189 B2
Filed: 06/23/2006
Issued: 10/15/2013
Est. Priority Date: 06/23/2006
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

examining a data stream on a network, the data stream comprising a plurality of portions of data, to determine the presence of one or more predetermined characteristics associated with at least one of the portions of data;

characterizing at least one of the portions of data based upon the at least one of the portions of data exhibiting a predetermined combination of the predetermined characteristics, the predetermined combination of the predetermined characteristics being related to the level of sensitivity of the at least one of the portions of data; and

distributing the portions of the data stream into a plurality of different channels based on the characterizing, selection of said channels in which to distribute the portions of the data stream being determined by tags attached to at least one of the portions of data, the tags including at least one or more of the following;

802.1 VLAN, GMPLS, MPLS, light tags, data tags, overall level of trust tags, protocol tags, sensitivity tags, data value tags, or component specific tags.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing security to a network having a data stream with a plurality of portions of data, each having differing levels of sensitivity. The data stream is interrogated to determine the presence of predetermined characteristics associated with at least one of the portions of data within the data stream. At least one of the portions of data is then characterized, based upon the portion of data exhibiting a predetermined combination of characteristics, wherein the predetermined combination of characteristics is related to the sensitivity of the portion of data. The portions of the data stream are then distributed into a plurality of different channels, each of the channels associated with different level of sensitivity.

26 Citations

View as Search Results

35 Claims

1. A method, comprising:
- examining a data stream on a network, the data stream comprising a plurality of portions of data, to determine the presence of one or more predetermined characteristics associated with at least one of the portions of data;
  
  characterizing at least one of the portions of data based upon the at least one of the portions of data exhibiting a predetermined combination of the predetermined characteristics, the predetermined combination of the predetermined characteristics being related to the level of sensitivity of the at least one of the portions of data; and
  
  distributing the portions of the data stream into a plurality of different channels based on the characterizing, selection of said channels in which to distribute the portions of the data stream being determined by tags attached to at least one of the portions of data, the tags including at least one or more of the following;
  
  802.1 VLAN, GMPLS, MPLS, light tags, data tags, overall level of trust tags, protocol tags, sensitivity tags, data value tags, or component specific tags.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein the combination of characteristics is determined statically.
  - 3. The method of claim 1 wherein the combination is dynamically constructed based on feedback about the portions of data generated downstream of the channels.
  - 4. The method of claim 3 wherein the dynamic construction of the combination of characteristics includes self learning systems.
  - 5. The method of claim 3 wherein the feedback is provided by at least one or more of the following:
    - sensors, external data feeds, or changes in risk tolerance.
  - 6. The method of claim 1 wherein one of the plurality of channels is a quarantine channel.
  - 7. The method of claim 1 wherein said channels are different wavelengths of light in an optical transmission medium.
  - 8. The method of claim 1 wherein the method is performed using at least one appliance interfaced with the network.
  - 9. The method of claim 1 wherein the characteristics include at least one or more of the following:
    - trusted source, trusted destination, protocol type, conversation behavior, system history, data flow sensitivity, or value of data flow.

10. One or more computer-readable storage media encoded with digital instructions for providing security to a network, the instructions comprising:
- instructions for interrogating a data stream on said network, the data stream including a plurality of portions of data, to determine the presence of one or more predetermined characteristics associated with at least one of the portions of data within the data stream;
  
  instructions for characterizing at least one of the portions of data based upon the at least one of the portions of data exhibiting a predetermined combination of the predetermined characteristics, and, based on the characterizing, adding, removing, and/or modifying one or more tags on a data package comprising at least one of the portions of the data, the tags including at least one or more of the following;
  
  802.1 VLAN, GMPLS, MPLS, light tags, data tags, overall level of trust tags, protocol tags, sensitivity tags, data value tags, or component specific tags; and
  
  instructions for distributing the portions of the data stream into a plurality of different channels based on at least one of the tags.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The media of claim 10 wherein the combination of characteristics is determined statically.
  - 12. The media of claim 10 wherein the combination is dynamically constructed based on feedback about portions of data generated downstream of the channels.
  - 13. The media of claim 12 wherein the dynamic construction of the combination of characteristics includes self learning systems.
  - 14. The media of claim 13 wherein the feedback is provided by at least one or more of the following:
    - sensors, external data feeds, or changes in risk tolerance.
  - 15. The media of claim 10 wherein one of the plurality of channels is a quarantine channel.
  - 16. The media of claim 10 wherein said channels are different wavelengths of light in an optical transmission medium.
  - 17. The media of claim 10 wherein the method is performed using at least one appliance interfaced with the network.
  - 18. The media of claim 10 wherein the characteristics include at least one or more of the following:
    - trusted source, trusted destination, protocol type, conversation behavior, system history, data flow sensitivity, or value of data flow.

19. An appliance configured to provide security to a network comprising:
- a memory or storage device storing instructions that when executed by the appliance cause the appliance to perform a method, the method comprising;
  
  interrogating a data stream on said network to determine the presence of one or more predetermined characteristics associated with one or more portions of data within the data stream,characterizing at least one of the portions of data, based on a predetermined combination of the predetermined characteristics, the predetermined combination being related to the sensitivity of one or more of the portions of data,based on the characterizing, attaching one or more tags to at least one data packages, the tags including at least one or more of the following;
  
  802.1 VLAN, GMPLS, MPLS, light tags, data tags, overall level of trust tags, protocol tags, sensitivity tags, data value tags, or component specific tags, anddistributing the at least one data package into a selected channel of a plurality of different channels, the selected channel defined by the attached tags.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The appliance of claim 19 wherein the combination of characteristics is determined statically.
  - 21. The appliance of claim 19 wherein the combination is dynamically constructed based on feedback about portions of data generated downstream of the channels.
  - 22. The appliance of claim 21 wherein the dynamic construction of the combination of characteristics includes self learning systems.
  - 23. The appliance claim 22 wherein the feedback is provided by at least one or more of the following:
    - sensors, external data feeds, or changes in risk tolerance.
  - 24. The appliance of claim 19 wherein one of the plurality of channels is a quarantine channel.
  - 25. The appliance of claim 19 wherein said channels are different wavelengths of light in an optical transmission medium.
  - 26. The appliance of claim 19 wherein the appliance is interfaced with the network.
  - 27. The appliance of claim 19 wherein the characteristics include at least one or more of the following:
    - trusted source, trusted destination, protocol type, conversation behavior, system history, data flow sensitivity, or value of data flow.

28. An appliance configured to provide security to a network comprising:
- a memory or storage device storing instructions that when executed by the appliance cause the appliance to perform a method, the method comprising;
  
  interrogating a data stream on said network to determine the presence of one or more predetermined characteristics associated with one or more portions of data within the data stream,characterizing at least one of the portions of data, based on a predetermined combination of the predetermined characteristics, the predetermined combination being related to the sensitivity of one or more of the portions of data, anddistributing the portions of the data stream into a plurality of different channels based on the characterizing, wherein said plurality of channels are different wavelengths of light in an optical transmission medium.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35)
- - 29. The appliance of claim 28 wherein the combination of characteristics is determined dynamically.
  - 30. The appliance of claim 29 wherein the combination is dynamically constructed based on feedback about portions of data generated downstream of the channels.
  - 31. The appliance of claim 30 wherein the dynamic construction of the combination of characteristics includes self learning systems.
  - 32. The appliance claim 31 wherein the feedback is provided by at least one or more of the following:
    - sensors, external data feeds, or changes in risk tolerance.
  - 33. The appliance of claim 28 wherein one of the plurality of channels is a quarantine channel.
  - 34. The appliance of claim 28 wherein the appliance is interfaced with the network.
  - 35. The appliance of claim 28 wherein the characteristics include at least one or more of the following:
    - trusted source, trusted destination, protocol type, conversation behavior, system history, data flow sensitivity, or value of data flow.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Battelle Memorial Institute
Original Assignee
Battelle Memorial Institute
Inventors
Goranson, Craig A., Burnette, John R., Greitzer, Frank L., McMillan, Bryan H.
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
Almamun, Abdullah

Application Number

US11/473,634
Publication Number

US 20070300298A1
Time in Patent Office

2,671 Days
Field of Search

726/11, 726/22, 726/23, 726/25, 726/30, 709/224, 709/238, 713/87, 713/88, 713/89
US Class Current

726/23
CPC Class Codes

H04L 63/0218 Distributed architectures, ...

H04L 63/1416 Event detection, e.g. attac...

Method and apparatus for distributed intrusion protection system for ultra high bandwidth networks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for distributed intrusion protection system for ultra high bandwidth networks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links