Method and system for packet acquistion, analysis and intrusion detection in field area networks
First Claim
1. A method for monitoring a field area network, the method comprising:
- backhauling by a packet intercept system on a field area network, to at least one additional network, a traffic data stream intercepted by the packet intercept system from the field area network,wherein the field area network comprises a plurality of network nodes,wherein the packet intercept system is comprised of a plurality of probes along the field area network,wherein the at least one additional network is distinct from the field area network, andwherein the traffic data stream comprises at least one of;
individual packets, packet detail or metadata generated by at least one probe of the plurality of probes, based on processing at least one intercepted packet from the field area network;
obtaining, by a processor, communicatively coupled to the at least one additional network, the traffic data stream, and processing the traffic data stream into a processed live traffic data stream; and
analyzing, by the processor, the processed live traffic data stream.
6 Assignments
0 Petitions
Accused Products
Abstract
A system for intrusion detection in a field area network where data is transmitted via packets, includes a processor for analyzing the packets to ascertain whether the packets conform to a sets of rules indicating an intrusion, and a database for storing an alert indicating an intrusion if the packets conform to at least one rule in the sets. The sets of rules are for field network layer data, internet protocol traffic data and field area application traffic data. A method for detecting intrusion in a field area network where data is transmitted via packets, including analyzing the packets to ascertain whether the packets conform to the sets of rules, and storing an alert indicating an intrusion if the packets conform to at least one rule in the sets of rules.
-
Citations
20 Claims
-
1. A method for monitoring a field area network, the method comprising:
-
backhauling by a packet intercept system on a field area network, to at least one additional network, a traffic data stream intercepted by the packet intercept system from the field area network, wherein the field area network comprises a plurality of network nodes, wherein the packet intercept system is comprised of a plurality of probes along the field area network, wherein the at least one additional network is distinct from the field area network, and wherein the traffic data stream comprises at least one of;
individual packets, packet detail or metadata generated by at least one probe of the plurality of probes, based on processing at least one intercepted packet from the field area network;obtaining, by a processor, communicatively coupled to the at least one additional network, the traffic data stream, and processing the traffic data stream into a processed live traffic data stream; and analyzing, by the processor, the processed live traffic data stream. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer system for monitoring a field area network, the computer system comprising:
-
a memory; and a processor in communications with the memory, wherein the computer system is configured to perform a method, said method comprising; backhauling by a packet intercept system on a field area network, to at least one additional network, a traffic data stream intercepted by the packet intercept system from the field area network, wherein the field area network comprises a plurality of network nodes, wherein the packet intercept system is comprised of a plurality of probes along the field area network, wherein the at least one additional network is distinct from the field area network, and wherein the traffic data stream comprises at least one of;
individual packets, packet detail or metadata generated by at least one probe of the plurality of probes, based on processing at least one intercepted packet from the field area network;obtaining, by a processor, communicatively coupled to the at least one additional network, the traffic data stream, and processing the traffic data stream into a processed live traffic data stream; and analyzing, by the processor, the processed live traffic data stream. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product for monitoring a field area network, the computer program product comprising:
a non-transitory computer readable storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method comprising; backhauling by a packet intercept system on a field area network, to at least one additional network, a traffic data stream intercepted by the packet intercept system from the field area network, wherein the field area network comprises a plurality of network nodes, wherein the packet intercept system is comprised of a plurality of probes along the field area network, wherein the at least one additional network is distinct from the field area network, and wherein the traffic data stream comprises at least one of;
individual packets, packet detail or metadata generated by at least one probe of the plurality of probes, based on processing at least one intercepted packet from the field area network;obtaining, by a processor, communicatively coupled to the at least one additional network, the traffic data stream, and processing the traffic data stream into a processed live traffic data stream; and analyzing, by the processor, the processed live traffic data stream. - View Dependent Claims (18, 19, 20)
Specification