System and method for identification and blocking of unwanted network traffic
First Claim
1. A method comprising:
- receiving at a network protection system an alert from an intrusion detection system associated with a protected network, wherein the alert is triggered by network traffic that is evaluated by the intrusion detection system and that is determined to match a signature that is associated with undesired network behavior;
determining a source of the network traffic that triggered the alert;
grouping at the network protection system the alert into an alert group;
assigning a determination to the alert group, the determination indicating a threat level associated with the alert group;
generating an entry in an undesired source database based on the alert group, the entry including a first Internet Protocol (IP) address associated with the alert; and
providing the undesired source database to the intrusion detection system, such that the intrusion detection system is configured to block network traffic that originates from the first IP address.
0 Assignments
0 Petitions
Accused Products
Abstract
Network traffic can be prevented from entering a protected network. An alert can be received that can be triggered by network traffic that matches at least one signature that is associated with undesired network behavior. A source of the network traffic that triggered the alert can be determined, and network traffic that originates from the source can be blocked. Blocking the source can include assigning a determination to the alert. It can then be determined whether network traffic from the source should be blocked based on the determination. The source can then be provided to the protected network such that a network device coupled to the protected network can be configured to block network traffic that originates from the source.
51 Citations
16 Claims
-
1. A method comprising:
-
receiving at a network protection system an alert from an intrusion detection system associated with a protected network, wherein the alert is triggered by network traffic that is evaluated by the intrusion detection system and that is determined to match a signature that is associated with undesired network behavior; determining a source of the network traffic that triggered the alert; grouping at the network protection system the alert into an alert group; assigning a determination to the alert group, the determination indicating a threat level associated with the alert group; generating an entry in an undesired source database based on the alert group, the entry including a first Internet Protocol (IP) address associated with the alert; and providing the undesired source database to the intrusion detection system, such that the intrusion detection system is configured to block network traffic that originates from the first IP address. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer-readable medium encoded with computer-executable instructions for performing a method, the method comprising:
-
receiving at a network protection system an alert from an intrusion detection system associated with a protected network, wherein the alert is triggered by network traffic that is evaluated by the intrusion detection system and that is determined to match a signature that is associated with undesired network behavior; determining a source of the network traffic that triggered the alert; grouping at the network protection system the alert into an alert group; assigning a determination to the alert group, the determination indicating a threat level associated with the alert group; generating an entry in an undesired source database based on the alert group, the entry including a first Internet Protocol (IP) address associated with the alert; and providing the undesired source database to the intrusion detection system, such that the intrusion detection system is configured to block network traffic that originates from the first IP address. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification