DE60334368D1 - Verfahren und system zur verringerung der falschalarmrate von netzwerk-eindringdetektionssystemen - Google Patents
Verfahren und system zur verringerung der falschalarmrate von netzwerk-eindringdetektionssystemenInfo
- Publication number
- DE60334368D1 DE60334368D1 DE60334368T DE60334368T DE60334368D1 DE 60334368 D1 DE60334368 D1 DE 60334368D1 DE 60334368 T DE60334368 T DE 60334368T DE 60334368 T DE60334368 T DE 60334368T DE 60334368 D1 DE60334368 D1 DE 60334368D1
- Authority
- DE
- Germany
- Prior art keywords
- detection systems
- network
- false alarm
- importer
- operating system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
- 238000001514 detection method Methods 0.000 title abstract 2
- 238000000034 method Methods 0.000 title abstract 2
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US31915902P | 2002-03-29 | 2002-03-29 | |
PCT/US2003/009665 WO2003084181A1 (en) | 2002-03-29 | 2003-03-28 | Method and system for reducing the false alarm rate of network intrusion detection systems |
Publications (1)
Publication Number | Publication Date |
---|---|
DE60334368D1 true DE60334368D1 (de) | 2010-11-11 |
Family
ID=28675210
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
DE60334368T Expired - Lifetime DE60334368D1 (de) | 2002-03-29 | 2003-03-28 | Verfahren und system zur verringerung der falschalarmrate von netzwerk-eindringdetektionssystemen |
Country Status (8)
Country | Link |
---|---|
US (1) | US7886357B2 (de) |
EP (1) | EP1491019B1 (de) |
CN (1) | CN1643876B (de) |
AT (1) | ATE483310T1 (de) |
AU (2) | AU2003220582A1 (de) |
CA (1) | CA2479504C (de) |
DE (1) | DE60334368D1 (de) |
WO (1) | WO2003084181A1 (de) |
Families Citing this family (43)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7073198B1 (en) * | 1999-08-26 | 2006-07-04 | Ncircle Network Security, Inc. | Method and system for detecting a vulnerability in a network |
US6957348B1 (en) | 2000-01-10 | 2005-10-18 | Ncircle Network Security, Inc. | Interoperability of vulnerability and intrusion detection systems |
US7181769B1 (en) | 2000-08-25 | 2007-02-20 | Ncircle Network Security, Inc. | Network security system having a device profiler communicatively coupled to a traffic monitor |
US7506374B2 (en) * | 2001-10-31 | 2009-03-17 | Computer Associates Think, Inc. | Memory scanning system and method |
WO2003084181A1 (en) | 2002-03-29 | 2003-10-09 | Cisco Technology, Inc. | Method and system for reducing the false alarm rate of network intrusion detection systems |
EP1504323B8 (de) * | 2002-05-14 | 2010-05-19 | Cisco Technology, Inc. | Verfahren und system zum analysieren und adressieren von alarmen aus netzwerkeindringdetektionssystemen |
US7885190B1 (en) | 2003-05-12 | 2011-02-08 | Sourcefire, Inc. | Systems and methods for determining characteristics of a network based on flow analysis |
BR0318459A (pt) * | 2003-08-11 | 2006-09-12 | Telecom Italia Spa | sistema de detecção de intrusão e método para detectar uso não autorizado de uma rede de comunicação |
US7805762B2 (en) * | 2003-10-15 | 2010-09-28 | Cisco Technology, Inc. | Method and system for reducing the false alarm rate of network intrusion detection systems |
WO2005053230A2 (en) * | 2003-11-28 | 2005-06-09 | Insightix Ltd. | Methods and systems for collecting information relating to a communication network and for collecting information relating to operating systems operating on nodes in a communication network |
US20070297349A1 (en) * | 2003-11-28 | 2007-12-27 | Ofir Arkin | Method and System for Collecting Information Relating to a Communication Network |
US7895448B1 (en) * | 2004-02-18 | 2011-02-22 | Symantec Corporation | Risk profiling |
US20050229250A1 (en) * | 2004-02-26 | 2005-10-13 | Ring Sandra E | Methodology, system, computer readable medium, and product providing a security software suite for handling operating system exploitations |
FR2868227B1 (fr) * | 2004-03-26 | 2006-05-26 | Radiotelephone Sfr | Procede de supervision de la securite d'un reseau |
US7904960B2 (en) | 2004-04-27 | 2011-03-08 | Cisco Technology, Inc. | Source/destination operating system type-based IDS virtualization |
US7539681B2 (en) | 2004-07-26 | 2009-05-26 | Sourcefire, Inc. | Methods and systems for multi-pattern searching |
CN100435513C (zh) * | 2005-06-30 | 2008-11-19 | 杭州华三通信技术有限公司 | 网络设备与入侵检测系统联动的方法 |
CN100386993C (zh) * | 2005-09-05 | 2008-05-07 | 北京启明星辰信息技术有限公司 | 网络入侵事件风险评估方法及系统 |
US7733803B2 (en) | 2005-11-14 | 2010-06-08 | Sourcefire, Inc. | Systems and methods for modifying network map attributes |
US8046833B2 (en) * | 2005-11-14 | 2011-10-25 | Sourcefire, Inc. | Intrusion event correlation with network discovery information |
US7948988B2 (en) | 2006-07-27 | 2011-05-24 | Sourcefire, Inc. | Device, system and method for analysis of fragments in a fragment train |
US7701945B2 (en) * | 2006-08-10 | 2010-04-20 | Sourcefire, Inc. | Device, system and method for analysis of segments in a transmission control protocol (TCP) session |
US8458308B1 (en) * | 2006-08-23 | 2013-06-04 | Infoblox Inc. | Operating system fingerprinting |
US8069352B2 (en) * | 2007-02-28 | 2011-11-29 | Sourcefire, Inc. | Device, system and method for timestamp analysis of segments in a transmission control protocol (TCP) session |
US8127353B2 (en) | 2007-04-30 | 2012-02-28 | Sourcefire, Inc. | Real-time user awareness for a computer network |
US8839460B2 (en) * | 2008-03-07 | 2014-09-16 | Qualcomm Incorporated | Method for securely communicating information about the location of a compromised computing device |
US8850568B2 (en) | 2008-03-07 | 2014-09-30 | Qualcomm Incorporated | Method and apparatus for detecting unauthorized access to a computing device and securely communicating information about such unauthorized access |
US8474043B2 (en) | 2008-04-17 | 2013-06-25 | Sourcefire, Inc. | Speed and memory optimization of intrusion detection system (IDS) and intrusion prevention system (IPS) rule processing |
US8272055B2 (en) | 2008-10-08 | 2012-09-18 | Sourcefire, Inc. | Target-based SMB and DCE/RPC processing for an intrusion detection system or intrusion prevention system |
WO2011130510A1 (en) | 2010-04-16 | 2011-10-20 | Sourcefire, Inc. | System and method for near-real time network attack detection, and system and method for unified detection via detection routing |
US8433790B2 (en) | 2010-06-11 | 2013-04-30 | Sourcefire, Inc. | System and method for assigning network blocks to sensors |
US8671182B2 (en) | 2010-06-22 | 2014-03-11 | Sourcefire, Inc. | System and method for resolving operating system or service identity conflicts |
RU2657170C2 (ru) * | 2010-07-01 | 2018-06-08 | Онапсис, Инк. | Автоматизированная оценка безопасности критически важных для бизнеса компьютерных систем и ресурсов |
US8499173B2 (en) * | 2010-11-23 | 2013-07-30 | Lockheed Martin Corporation | Apparatus and method for protection of circuit boards from tampering |
US8601034B2 (en) | 2011-03-11 | 2013-12-03 | Sourcefire, Inc. | System and method for real time data awareness |
US9055090B2 (en) * | 2012-06-12 | 2015-06-09 | Verizon Patent And Licensing Inc. | Network based device security and controls |
CN104038372B (zh) * | 2014-05-30 | 2016-03-09 | 国家电网公司 | 电力广域网流量监控方法 |
US9680855B2 (en) * | 2014-06-30 | 2017-06-13 | Neo Prime, LLC | Probabilistic model for cyber risk forecasting |
US9710364B2 (en) | 2015-09-04 | 2017-07-18 | Micron Technology Licensing, Llc | Method of detecting false test alarms using test step failure analysis |
US10999307B2 (en) * | 2016-05-19 | 2021-05-04 | Infinite Group, Inc. | Network assessment systems and methods thereof |
CN107506443A (zh) * | 2017-08-25 | 2017-12-22 | 国网辽宁省电力有限公司 | 一种跨平台的智能数据传输方法 |
CN111565203B (zh) * | 2020-07-16 | 2020-10-23 | 腾讯科技(深圳)有限公司 | 业务请求的防护方法、装置、系统和计算机设备 |
CN112019538B (zh) * | 2020-08-26 | 2023-05-26 | 国网山东省电力公司滨州供电公司 | 一种安全设备远程智能告警系统、方法及存储介质 |
Family Cites Families (48)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0742662B1 (de) * | 1995-05-08 | 2002-09-18 | Koninklijke KPN N.V. | Anordnung und Methode für Protokollumsetzung |
US5991881A (en) | 1996-11-08 | 1999-11-23 | Harris Corporation | Network surveillance system |
US5919257A (en) | 1997-08-08 | 1999-07-06 | Novell, Inc. | Networked workstation intrusion detection system |
US5961644A (en) | 1997-09-19 | 1999-10-05 | International Business Machines Corporation | Method and apparatus for testing the integrity of computer security alarm systems |
US6148407A (en) * | 1997-09-30 | 2000-11-14 | Intel Corporation | Method and apparatus for producing computer platform fingerprints |
US6070244A (en) | 1997-11-10 | 2000-05-30 | The Chase Manhattan Bank | Computer network security management system |
US6279113B1 (en) | 1998-03-16 | 2001-08-21 | Internet Tools, Inc. | Dynamic signature inspection-based network intrusion detection |
US6408391B1 (en) | 1998-05-06 | 2002-06-18 | Prc Inc. | Dynamic system defense for information warfare |
US6275942B1 (en) | 1998-05-20 | 2001-08-14 | Network Associates, Inc. | System, method and computer program product for automatic response to computer system misuse using active response modules |
US6182223B1 (en) | 1998-06-10 | 2001-01-30 | International Business Machines Corporation | Method and apparatus for preventing unauthorized access to computer-stored information |
US6282546B1 (en) | 1998-06-30 | 2001-08-28 | Cisco Technology, Inc. | System and method for real-time insertion of data into a multi-dimensional database for network intrusion detection and vulnerability assessment |
US6134664A (en) * | 1998-07-06 | 2000-10-17 | Prc Inc. | Method and system for reducing the volume of audit data and normalizing the audit data received from heterogeneous sources |
DE69817176T2 (de) * | 1998-09-09 | 2004-06-24 | International Business Machines Corp. | Verfahren und Vorrichtung zur Eindringdetektion in Rechnern und Rechnernetzen |
US6460141B1 (en) | 1998-10-28 | 2002-10-01 | Rsa Security Inc. | Security and access management system for web-enabled and non-web-enabled applications and content on a computer network |
US6564216B2 (en) | 1998-10-29 | 2003-05-13 | Nortel Networks Limited | Server manager |
US6301668B1 (en) | 1998-12-29 | 2001-10-09 | Cisco Technology, Inc. | Method and system for adaptive network security using network vulnerability assessment |
US6415321B1 (en) | 1998-12-29 | 2002-07-02 | Cisco Technology, Inc. | Domain mapping method and system |
US6477651B1 (en) | 1999-01-08 | 2002-11-05 | Cisco Technology, Inc. | Intrusion detection system and method having dynamically loaded signatures |
US6839850B1 (en) | 1999-03-04 | 2005-01-04 | Prc, Inc. | Method and system for detecting intrusion into and misuse of a data processing system |
US6725377B1 (en) | 1999-03-12 | 2004-04-20 | Networks Associates Technology, Inc. | Method and system for updating anti-intrusion software |
US6405318B1 (en) | 1999-03-12 | 2002-06-11 | Psionic Software, Inc. | Intrusion detection system |
WO2000070464A1 (en) | 1999-05-14 | 2000-11-23 | L-3 Communications Corporation | Object oriented security analysis tool |
US7073198B1 (en) | 1999-08-26 | 2006-07-04 | Ncircle Network Security, Inc. | Method and system for detecting a vulnerability in a network |
US6647400B1 (en) | 1999-08-30 | 2003-11-11 | Symantec Corporation | System and method for analyzing filesystems to detect intrusions |
US6990591B1 (en) | 1999-11-18 | 2006-01-24 | Secureworks, Inc. | Method and system for remotely configuring and monitoring a communication device |
US6957348B1 (en) * | 2000-01-10 | 2005-10-18 | Ncircle Network Security, Inc. | Interoperability of vulnerability and intrusion detection systems |
CN1310393A (zh) * | 2000-02-24 | 2001-08-29 | 英业达股份有限公司 | 防止计算机病毒传染的方法 |
US7159237B2 (en) * | 2000-03-16 | 2007-01-02 | Counterpane Internet Security, Inc. | Method and system for dynamic network intrusion monitoring, detection and response |
US7574740B1 (en) | 2000-04-28 | 2009-08-11 | International Business Machines Corporation | Method and system for intrusion detection in a computer network |
US7162649B1 (en) | 2000-06-30 | 2007-01-09 | Internet Security Systems, Inc. | Method and apparatus for network assessment and authentication |
AU2001295016A1 (en) | 2000-09-01 | 2002-03-13 | Sri International, Inc. | Probabilistic alert correlation |
US6950845B2 (en) | 2000-10-23 | 2005-09-27 | Amdocs (Israel) Ltd. | Data collection system and method for reducing latency |
CN1295904C (zh) | 2001-01-10 | 2007-01-17 | 思科技术公司 | 计算机安全和管理系统 |
US20030056116A1 (en) | 2001-05-18 | 2003-03-20 | Bunker Nelson Waldo | Reporter |
US7237264B1 (en) * | 2001-06-04 | 2007-06-26 | Internet Security Systems, Inc. | System and method for preventing network misuse |
US6513122B1 (en) | 2001-06-29 | 2003-01-28 | Networks Associates Technology, Inc. | Secure gateway for analyzing textual content to identify a harmful impact on computer systems with known vulnerabilities |
US7444679B2 (en) | 2001-10-31 | 2008-10-28 | Hewlett-Packard Development Company, L.P. | Network, method and computer readable medium for distributing security updates to select nodes on a network |
US7197762B2 (en) | 2001-10-31 | 2007-03-27 | Hewlett-Packard Development Company, L.P. | Method, computer readable medium, and node for a three-layered intrusion prevention system for detecting network exploits |
US6714513B1 (en) | 2001-12-21 | 2004-03-30 | Networks Associates Technology, Inc. | Enterprise network analyzer agent system and method |
US7152105B2 (en) | 2002-01-15 | 2006-12-19 | Mcafee, Inc. | System and method for network vulnerability detection and reporting |
US6941467B2 (en) | 2002-03-08 | 2005-09-06 | Ciphertrust, Inc. | Systems and methods for adaptive message interrogation through multiple queues |
US20030196123A1 (en) | 2002-03-29 | 2003-10-16 | Rowland Craig H. | Method and system for analyzing and addressing alarms from network intrusion detection systems |
WO2003084181A1 (en) | 2002-03-29 | 2003-10-09 | Cisco Technology, Inc. | Method and system for reducing the false alarm rate of network intrusion detection systems |
EP1504323B8 (de) | 2002-05-14 | 2010-05-19 | Cisco Technology, Inc. | Verfahren und system zum analysieren und adressieren von alarmen aus netzwerkeindringdetektionssystemen |
KR100456635B1 (ko) | 2002-11-14 | 2004-11-10 | 한국전자통신연구원 | 분산 서비스 거부 공격 대응 시스템 및 방법 |
US7904960B2 (en) | 2004-04-27 | 2011-03-08 | Cisco Technology, Inc. | Source/destination operating system type-based IDS virtualization |
NO20050564D0 (no) | 2005-02-02 | 2005-02-02 | Tore Lysemose Hansen | Programmonitor for a identifisere uautorisert inntrenging i datasystemer |
WO2007122495A2 (en) | 2006-04-21 | 2007-11-01 | Axalto Sa | A framework for protecting resource-constrained network devices from denial-of-service attacks |
-
2003
- 2003-03-28 WO PCT/US2003/009665 patent/WO2003084181A1/en not_active Application Discontinuation
- 2003-03-28 AU AU2003220582A patent/AU2003220582A1/en not_active Abandoned
- 2003-03-28 DE DE60334368T patent/DE60334368D1/de not_active Expired - Lifetime
- 2003-03-28 CA CA2479504A patent/CA2479504C/en not_active Expired - Fee Related
- 2003-03-28 CN CN038073196A patent/CN1643876B/zh not_active Expired - Lifetime
- 2003-03-28 AT AT03716896T patent/ATE483310T1/de not_active IP Right Cessation
- 2003-03-28 EP EP03716896A patent/EP1491019B1/de not_active Expired - Lifetime
- 2003-03-28 US US10/402,649 patent/US7886357B2/en active Active
-
2008
- 2008-10-09 AU AU2008229835A patent/AU2008229835B2/en not_active Ceased
Also Published As
Publication number | Publication date |
---|---|
WO2003084181A1 (en) | 2003-10-09 |
CA2479504A1 (en) | 2003-10-09 |
EP1491019A1 (de) | 2004-12-29 |
ATE483310T1 (de) | 2010-10-15 |
AU2003220582A1 (en) | 2003-10-13 |
EP1491019B1 (de) | 2010-09-29 |
US7886357B2 (en) | 2011-02-08 |
CN1643876A (zh) | 2005-07-20 |
CA2479504C (en) | 2010-07-13 |
US20030212910A1 (en) | 2003-11-13 |
AU2008229835A1 (en) | 2008-11-06 |
AU2008229835B2 (en) | 2010-12-09 |
CN1643876B (zh) | 2010-09-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE60334368D1 (de) | Verfahren und system zur verringerung der falschalarmrate von netzwerk-eindringdetektionssystemen | |
WO2005041141A3 (en) | Method and system for reducing the false alarm rate of network intrusion detection systems | |
JP2019082989A5 (de) | ||
EP3068095A2 (de) | Überwachungsvorrichtung und -verfahren | |
TW200612278A (en) | Methods, computer program products and data structures for intrusion detection, interusion response and vulnerability remediation across target computer systems | |
US20100175132A1 (en) | Attack-resistant verification of auto-generated anti-malware signatures | |
WO2005048022A3 (en) | Method and system for addressing intrusion attacks on a computer system | |
KR20150124370A (ko) | 악성 프로세스 행동을 검출하기 위한 방법, 장치 및 시스템 | |
US20070204345A1 (en) | Method of detecting computer security threats | |
US9069962B2 (en) | Evaluation of a fast and robust worm detection algorithm | |
GB2532630A (en) | Network intrusion alarm method and system for nuclear power station | |
CN110599732A (zh) | 一种烟雾报警器管理方法、装置及烟雾报警器 | |
WO2016002605A1 (ja) | 検知装置、検知方法及び検知プログラム | |
KR101535529B1 (ko) | Apt 공격 분석을 위한 의심파일 및 추적정보 수집 방법 | |
CN105791250B (zh) | 应用程序检测方法及装置 | |
US10454959B2 (en) | Importance-level calculation device, output device, and recording medium in which computer program is stored | |
KR101308085B1 (ko) | 관계형 공격 패턴을 이용하는 침입 차단 시스템 및 방법 | |
CN111542811B (zh) | 增强网络安全的监视 | |
CN109495424B (zh) | 一种检测入侵流量的方法和装置 | |
JP2017130921A (ja) | 悪意の電子メッセージを検出するための技術 | |
EP1504323B8 (de) | Verfahren und system zum analysieren und adressieren von alarmen aus netzwerkeindringdetektionssystemen | |
US20220407873A1 (en) | Analysis device and analysis method | |
KR20090115496A (ko) | 접근패턴 분석을 통한 개인정보 유출 시도의 실시간 탐지방법 및 시스템 | |
CN111311912A (zh) | 车联网检测数据确定方法、装置及电子设备 | |
KR102538540B1 (ko) | 전자 장치의 사이버 공격 탐지 방법 |