Method and system for packet acquistion, analysis and intrusion detection in field area networks

US 9,696,346 B2
Filed: 07/13/2015
Issued: 07/04/2017
Est. Priority Date: 02/17/2012
Status: Active Grant

First Claim

Patent Images

1. A method for monitoring a field area network, the method comprising:

backhauling by a packet intercept system on a field area network, to at least one additional network, a traffic data stream intercepted by the packet intercept system from the field area network,wherein the field area network comprises a plurality of network nodes,wherein the packet intercept system is comprised of a plurality of probes along the field area network,wherein the at least one additional network is distinct from the field area network, andwherein the traffic data stream comprises at least one of;

individual packets, packet detail or metadata generated by at least one probe of the plurality of probes, based on processing at least one intercepted packet from the field area network;

obtaining, by a processor, communicatively coupled to the at least one additional network, the traffic data stream, and processing the traffic data stream into a processed live traffic data stream; and

analyzing, by the processor, the processed live traffic data stream.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for intrusion detection in a field area network where data is transmitted via packets, includes a processor for analyzing the packets to ascertain whether the packets conform to a sets of rules indicating an intrusion, and a database for storing an alert indicating an intrusion if the packets conform to at least one rule in the sets. The sets of rules are for field network layer data, internet protocol traffic data and field area application traffic data. A method for detecting intrusion in a field area network where data is transmitted via packets, including analyzing the packets to ascertain whether the packets conform to the sets of rules, and storing an alert indicating an intrusion if the packets conform to at least one rule in the sets of rules.

38 Citations

View as Search Results

20 Claims

1. A method for monitoring a field area network, the method comprising:
- backhauling by a packet intercept system on a field area network, to at least one additional network, a traffic data stream intercepted by the packet intercept system from the field area network,wherein the field area network comprises a plurality of network nodes,wherein the packet intercept system is comprised of a plurality of probes along the field area network,wherein the at least one additional network is distinct from the field area network, andwherein the traffic data stream comprises at least one of;
  
  individual packets, packet detail or metadata generated by at least one probe of the plurality of probes, based on processing at least one intercepted packet from the field area network;
  
  obtaining, by a processor, communicatively coupled to the at least one additional network, the traffic data stream, and processing the traffic data stream into a processed live traffic data stream; and
  
  analyzing, by the processor, the processed live traffic data stream.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein at least one of the field area network or the at least one network is a wireless network.
  - 3. The method of claim 1, wherein a portion of the plurality of probes are software probes.
  - 4. The method of claim 1, wherein the analyzing comprises applying behavior analytics to the processed live traffic data stream.
  - 5. The method of claim 1, wherein the analyzing the processed live traffic data stream comprises at least one of identifying anomalies, identifying intrusions, identifying events, or validating configurations.
  - 6. The method of claim 1, wherein the processing comprises one or more of:
    - decrypting, decompressing, or descrambling bits in the traffic data stream.
  - 7. The method of claim 1, wherein the processing further comprises:
    - extracting, by the processor, connectivity and routing information from the traffic data, wherein the connectivity and routing information comprises packet information and node information.
  - 8. The method of claim 1, wherein the analyzing the processed live traffic data stream further comprises extracting protocol data units embedded in packets in the live traffic data stream.

9. A computer system for monitoring a field area network, the computer system comprising:
- a memory; and
  
  a processor in communications with the memory, wherein the computer system is configured to perform a method, said method comprising;
  
  backhauling by a packet intercept system on a field area network, to at least one additional network, a traffic data stream intercepted by the packet intercept system from the field area network,wherein the field area network comprises a plurality of network nodes,wherein the packet intercept system is comprised of a plurality of probes along the field area network,wherein the at least one additional network is distinct from the field area network, andwherein the traffic data stream comprises at least one of;
  
  individual packets, packet detail or metadata generated by at least one probe of the plurality of probes, based on processing at least one intercepted packet from the field area network;
  
  obtaining, by a processor, communicatively coupled to the at least one additional network, the traffic data stream, and processing the traffic data stream into a processed live traffic data stream; and
  
  analyzing, by the processor, the processed live traffic data stream.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer system of claim 9, wherein the analyzing comprises applying behavior analytics to the processed live traffic data stream.
  - 11. The computer system of claim 9, wherein at least one of the field area network or the at least one network is a wireless network.
  - 12. The computer system of claim 9, wherein a portion of the plurality of probes are software probes.
  - 13. The computer system of claim 10, wherein the behavior analytics comprise a set of rules, and wherein rules in the set of rules are at least one of:
    - global, region specific, probe specific, fixed, dynamic, node specific, or protocol-specific.
  - 14. The computer system of claim 9, wherein the analyzing the processed live traffic data stream comprises at least one of identifying anomalies, identifying intrusions, identifying events, or validating configurations.
  - 15. The computer system of claim 9, wherein the processing comprises one or more of:
    - decrypting bits in the traffic data stream, decompressing bits in the traffic data stream, descrambling bits in the traffic data stream, or extracting, by the processor, connectivity and routing information from the traffic data, wherein the connectivity and routing information comprises packet information and node information.
  - 16. The computer system of claim 9, wherein the plurality of probes intercept one of:
    - a selection of a pre-determined number of channels, or a full spectrum of channels.

17. A computer program product for monitoring a field area network, the computer program product comprising:
- a non-transitory computer readable storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method comprising;
  
  backhauling by a packet intercept system on a field area network, to at least one additional network, a traffic data stream intercepted by the packet intercept system from the field area network,wherein the field area network comprises a plurality of network nodes,wherein the packet intercept system is comprised of a plurality of probes along the field area network,wherein the at least one additional network is distinct from the field area network, andwherein the traffic data stream comprises at least one of;
  
  individual packets, packet detail or metadata generated by at least one probe of the plurality of probes, based on processing at least one intercepted packet from the field area network;
  
  obtaining, by a processor, communicatively coupled to the at least one additional network, the traffic data stream, and processing the traffic data stream into a processed live traffic data stream; and
  
  analyzing, by the processor, the processed live traffic data stream.
- View Dependent Claims (18, 19, 20)
- - 18. The computer program product of claim 17, wherein a portion of the plurality of probes are software probes.
  - 19. The computer program product of claim 18, wherein the analyzing comprises applying behavior analytics to the processed live traffic data stream.
  - 20. The computer program product of claim 18, wherein at least one of the field area network or the at least one network is a wireless network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Perspecta Labs Inc. (Perspecta, Inc.)
Original Assignee
Vencore Labs, Inc.
Inventors
Pietrowicz, Stanley, Youzwak, Jason, Haluska, John
Primary Examiner(s)
Gee, Jason K

Application Number

US14/797,925
Publication Number

US 20160021059A1
Time in Patent Office

722 Days
Field of Search
US Class Current
CPC Class Codes

G01R 1/20   Modifications of basic elec...

G01R 21/00   Arrangements for measuring ...

G01R 22/063   related to remote communica...

H04L 41/12   Discovery or management of ...

H04L 41/14   Network analysis or design

H04L 41/22   comprising specially adapte...

H04L 43/028   by filtering

H04L 43/06   Generation of reports

H04L 43/12   Network monitoring probes

H04L 63/0254   Stateful filtering

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04W 12/088   using filters or firewalls

Y04S 40/00   Systems for electrical powe...

Y04S 40/20   Information technology spec...

Method and system for packet acquistion, analysis and intrusion detection in field area networks

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for packet acquistion, analysis and intrusion detection in field area networks

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links