WO2004015922A3 - Intrusion detection system and network flow director method - Google Patents

Intrusion detection system and network flow director method Download PDF

Info

Publication number
WO2004015922A3
WO2004015922A3 PCT/US2003/024749 US0324749W WO2004015922A3 WO 2004015922 A3 WO2004015922 A3 WO 2004015922A3 US 0324749 W US0324749 W US 0324749W WO 2004015922 A3 WO2004015922 A3 WO 2004015922A3
Authority
WO
WIPO (PCT)
Prior art keywords
detection system
intrusion detection
network flow
flow director
network
Prior art date
Application number
PCT/US2003/024749
Other languages
French (fr)
Other versions
WO2004015922A2 (en
Inventor
Anil Singhal
Dionisio Lobo
Original Assignee
Netscout Systems Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Netscout Systems Inc filed Critical Netscout Systems Inc
Priority to AU2003261445A priority Critical patent/AU2003261445A1/en
Publication of WO2004015922A2 publication Critical patent/WO2004015922A2/en
Publication of WO2004015922A3 publication Critical patent/WO2004015922A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic

Abstract

A system and related methods for detecting the occurrence of an intrusion attack. A network device, such a probe, monitors traffic on a first network and converts the traffic to a format that is suitable for transmission on a second network. The converted traffic is forwarded to an intrusion detection system for further processing. Prior to transmission, the converted data may be filtered to remove data that is not useful in detecting an intrusion attack.
PCT/US2003/024749 2002-08-09 2003-08-08 Intrusion detection system and network flow director method WO2004015922A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2003261445A AU2003261445A1 (en) 2002-08-09 2003-08-08 Intrusion detection system and network flow director method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US40225502P 2002-08-09 2002-08-09
US60/402,255 2002-08-09

Publications (2)

Publication Number Publication Date
WO2004015922A2 WO2004015922A2 (en) 2004-02-19
WO2004015922A3 true WO2004015922A3 (en) 2004-06-24

Family

ID=31715816

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2003/024749 WO2004015922A2 (en) 2002-08-09 2003-08-08 Intrusion detection system and network flow director method

Country Status (3)

Country Link
US (1) US7587762B2 (en)
AU (1) AU2003261445A1 (en)
WO (1) WO2004015922A2 (en)

Families Citing this family (58)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7181560B1 (en) * 2001-12-21 2007-02-20 Joseph Grand Method and apparatus for preserving computer memory using expansion card
US8209756B1 (en) 2002-02-08 2012-06-26 Juniper Networks, Inc. Compound attack detection in a computer network
US7698738B2 (en) * 2003-05-14 2010-04-13 Northrop Grumman Systems Corporation System and method for real-time network-based recovery following an information warfare attack
US7712133B2 (en) * 2003-06-20 2010-05-04 Hewlett-Packard Development Company, L.P. Integrated intrusion detection system and method
US8015604B1 (en) * 2003-10-10 2011-09-06 Arcsight Inc Hierarchical architecture in a network security system
US9027120B1 (en) 2003-10-10 2015-05-05 Hewlett-Packard Development Company, L.P. Hierarchical architecture in a network security system
US7924725B2 (en) * 2003-11-10 2011-04-12 Nortel Networks Limited Ethernet OAM performance management
KR100591540B1 (en) 2004-04-28 2006-06-19 (주)알피에이네트웍스 Apparatus of Test Access Port having the funcfion of remote control
US9407643B1 (en) * 2004-08-03 2016-08-02 Spirent Communications, Inc. System and method for consolidating network streams for network analysis
US20060037077A1 (en) * 2004-08-16 2006-02-16 Cisco Technology, Inc. Network intrusion detection system having application inspection and anomaly detection characteristics
US20060045121A1 (en) * 2004-08-25 2006-03-02 Monk John M Methods and systems for analyzing network transmission events
US7778228B2 (en) * 2004-09-16 2010-08-17 The Boeing Company “Wireless ISLAND” mobile LAN-to-LAN tunneling solution
US7451486B2 (en) * 2004-09-30 2008-11-11 Avaya Inc. Stateful and cross-protocol intrusion detection for voice over IP
US20060089984A1 (en) * 2004-10-22 2006-04-27 International Business Machines Corporation Process and implementation for autonomous probe enablement
US7610375B2 (en) * 2004-10-28 2009-10-27 Cisco Technology, Inc. Intrusion detection in a data center environment
US20060174343A1 (en) * 2004-11-30 2006-08-03 Sensory Networks, Inc. Apparatus and method for acceleration of security applications through pre-filtering
US7937755B1 (en) 2005-01-27 2011-05-03 Juniper Networks, Inc. Identification of network policy violations
US7809826B1 (en) 2005-01-27 2010-10-05 Juniper Networks, Inc. Remote aggregation of network traffic profiling data
US7769851B1 (en) 2005-01-27 2010-08-03 Juniper Networks, Inc. Application-layer monitoring and profiling network traffic
US7810151B1 (en) 2005-01-27 2010-10-05 Juniper Networks, Inc. Automated change detection within a network environment
US7797411B1 (en) * 2005-02-02 2010-09-14 Juniper Networks, Inc. Detection and prevention of encapsulated network attacks using an intermediate device
WO2006098024A1 (en) * 2005-03-16 2006-09-21 Fujitsu Limited Multicast tree monitoring method and system in ip network
US8028160B1 (en) 2005-05-27 2011-09-27 Marvell International Ltd. Data link layer switch with protection against internet protocol spoofing attacks
US7828825B2 (en) * 2005-06-20 2010-11-09 Warsaw Orthopedic, Inc. Multi-level multi-functional spinal stabilization systems and methods
US7757283B2 (en) 2005-07-08 2010-07-13 Alcatel Lucent System and method for detecting abnormal traffic based on early notification
US8079083B1 (en) * 2005-09-02 2011-12-13 Symantec Corporation Method and system for recording network traffic and predicting potential security events
US9747439B2 (en) * 2006-02-06 2017-08-29 Trend Micro Incorporated Dynamic network tuner for the automated correlation of networking device functionality and network-related performance
WO2008098260A1 (en) * 2007-02-09 2008-08-14 Smobile Systems, Inc. Off-line mms malware scanning system and method
US20080295153A1 (en) * 2007-05-24 2008-11-27 Zhidan Cheng System and method for detection and communication of computer infection status in a networked environment
KR100894506B1 (en) * 2007-06-28 2009-04-22 한양대학교 산학협력단 Monitoring system for communication network having a plurality of layers
US8024473B1 (en) 2007-07-19 2011-09-20 Mcafee, Inc. System, method, and computer program product to automate the flagging of obscure network flows as at least potentially unwanted
US7957529B2 (en) * 2007-07-23 2011-06-07 International Business Machines Corporation Procurement and audit of digital rights management event data
US8156541B1 (en) * 2007-10-17 2012-04-10 Mcafee, Inc. System, method, and computer program product for identifying unwanted activity utilizing a honeypot device accessible via VLAN trunking
US8856926B2 (en) * 2008-06-27 2014-10-07 Juniper Networks, Inc. Dynamic policy provisioning within network security devices
US20100205215A1 (en) * 2009-02-11 2010-08-12 Cook Robert W Systems and methods for enforcing policies to block search engine queries for web-based proxy sites
US8695091B2 (en) * 2009-02-11 2014-04-08 Sophos Limited Systems and methods for enforcing policies for proxy website detection using advertising account ID
US20100205297A1 (en) * 2009-02-11 2010-08-12 Gurusamy Sarathy Systems and methods for dynamic detection of anonymizing proxies
US9734125B2 (en) * 2009-02-11 2017-08-15 Sophos Limited Systems and methods for enforcing policies in the discovery of anonymizing proxy communications
US8443075B2 (en) * 2009-10-29 2013-05-14 Fluke Corporation Transaction storage determination via pattern matching
CN102812431A (en) 2010-03-22 2012-12-05 Lrdc系统有限公司 A method of identifying and protecting the integrity of a set of source data
US8789174B1 (en) * 2010-04-13 2014-07-22 Symantec Corporation Method and apparatus for examining network traffic and automatically detecting anomalous activity to secure a computer
EP2664103B8 (en) 2011-01-12 2018-05-23 Assia Spe, Llc Systems and methods for jointly optimizing wan and lan network communications
US10620241B2 (en) 2012-02-17 2020-04-14 Perspecta Labs Inc. Method and system for packet acquisition, analysis and intrusion detection in field area networks
US9733274B2 (en) 2012-02-17 2017-08-15 Vencore Labs, Inc. Multi-function electric meter adapter and method for use
CN102624560B (en) * 2012-03-12 2016-06-29 深圳市天威视讯股份有限公司 A kind of distributed deployment, centerized fusion CATV broadband access system
KR20130126814A (en) * 2012-04-26 2013-11-21 한국전자통신연구원 Traffic flooding attack detection and in-depth analysis devices and method using data mining
JP2016511966A (en) 2013-01-24 2016-04-21 ヴェンコア ラブズ、インク.Vencore Labs, Inc. Method and system for visualizing and analyzing field regional networks
US9319384B2 (en) 2014-04-30 2016-04-19 Fortinet, Inc. Filtering hidden data embedded in media files
JP6409640B2 (en) * 2015-03-23 2018-10-24 日本電気株式会社 Communication device and communication method
US10733167B2 (en) 2015-06-03 2020-08-04 Xilinx, Inc. System and method for capturing data to provide to a data analyser
US10691661B2 (en) 2015-06-03 2020-06-23 Xilinx, Inc. System and method for managing the storing of data
CN105957345B (en) * 2016-06-08 2017-10-31 南京航空航天大学 Vehicle operation data processing method
KR101901738B1 (en) * 2016-10-10 2018-09-28 주식회사 윈스 The Realtime Trail Data Collector apparatus about Network Intrusion Detection and method thereof
US10491613B1 (en) 2019-01-22 2019-11-26 Capital One Services, Llc Systems and methods for secure communication in cloud computing environments
US11621970B2 (en) * 2019-09-13 2023-04-04 Is5 Communications, Inc. Machine learning based intrusion detection system for mission critical systems
US11528299B2 (en) * 2020-05-06 2022-12-13 Hewlett Packard Enterprise Development Lp Method device and system for policy based packet processing
CN111935145B (en) * 2020-08-10 2021-05-25 武汉思普崚技术有限公司 Hardware-independent method and system for realizing network flow security analysis
US11743270B2 (en) * 2021-04-16 2023-08-29 Visa International Service Association Method, system, and computer program product for protocol parsing for network security

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020083344A1 (en) * 2000-12-21 2002-06-27 Vairavan Kannan P. Integrated intelligent inter/intra networking device
US20020087882A1 (en) * 2000-03-16 2002-07-04 Bruce Schneier Mehtod and system for dynamic network intrusion monitoring detection and response

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5991881A (en) * 1996-11-08 1999-11-23 Harris Corporation Network surveillance system
US5796942A (en) * 1996-11-21 1998-08-18 Computer Associates International, Inc. Method and apparatus for automated network-wide surveillance and security breach intervention
US6772349B1 (en) * 2000-05-03 2004-08-03 3Com Corporation Detection of an attack such as a pre-attack on a computer network
US20030084349A1 (en) * 2001-10-12 2003-05-01 Oliver Friedrichs Early warning system for network attacks
US7017186B2 (en) * 2002-07-30 2006-03-21 Steelcloud, Inc. Intrusion detection system using self-organizing clusters

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020087882A1 (en) * 2000-03-16 2002-07-04 Bruce Schneier Mehtod and system for dynamic network intrusion monitoring detection and response
US20020083344A1 (en) * 2000-12-21 2002-06-27 Vairavan Kannan P. Integrated intelligent inter/intra networking device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ERHARD W ET AL: "NETWORK TRAFFIC ANALYSIS AND SECURITY MONITORING WITH UNIMON", PROCEEDINGS OF THE IEEE CONFERENCE 2000 ON HIGH PERFORMANCE SWITCHING AND ROUTING. HEIDELBERG, GERMANY, JUNE, 26 - 29, 2000, PROCEEDINGS OF THE IEEE CONFERENCE ON HIGH PERFORMANCE SWITCHING AND ROUTING, NEW YORK, NY: IEEE, US, 26 June 2000 (2000-06-26), pages 439 - 446, XP001075733, ISBN: 0-7803-5884-8 *

Also Published As

Publication number Publication date
WO2004015922A2 (en) 2004-02-19
US7587762B2 (en) 2009-09-08
AU2003261445A1 (en) 2004-02-25
US20040034800A1 (en) 2004-02-19
AU2003261445A8 (en) 2004-02-25

Similar Documents

Publication Publication Date Title
WO2004015922A3 (en) Intrusion detection system and network flow director method
WO2003094765A3 (en) Method and system for power line network fault detection and quality monitoring
AU2001247351A1 (en) Method and system for dynamic network intrusion monitoring, detection and response
EP1976227A3 (en) Method and system for monitoring a selected region of an airspace associated with local area networks of computing devices
WO2003101023A3 (en) Method and system for wireless intrusion detection
AU2002361483A8 (en) System and method for video content analysis-based detection, surveillance and alarm management
WO2005024567A3 (en) Network communication security system, monitoring system and methods
WO2003071850A3 (en) A system and method for monitoring unauthorized dissemination of documents and portable media
WO2005002193A3 (en) Video conferencing apparatus and method
WO2006091944A3 (en) Location-based enhancements for wireless intrusion detection
WO2005038741A3 (en) Method and system for collecting traffic data, monitoring traffic, and automated enforcement at a centralized station
AU2003220911A1 (en) Maintenance management point service system, server apparatus, terminal apparatus, program, recording medium, and maintenance management point service system processing method
WO2005065159A3 (en) Methods and apparatus to distinguish a signal originating from a local device from a broadcast signal
WO2001086877A3 (en) Network usage monitoring device and associated method
AU2003212950A1 (en) System and method for detecting and eliminating ip spoofing in a data transmission network
AU2001255641A1 (en) Method and system for intrusion detection in a computer network
WO2003065155A3 (en) Architecture to thwart denial of service attacks
AU2001266580A1 (en) Method and system for detecting, tracking and blocking denial of service attacksover a computer network
AU2001292686A1 (en) System and method for detecting an intruder using impulse radio technology
WO2002069267A3 (en) Classification of objects through model ensembles
CN102521945A (en) Calling detection alarming method and device
WO2004030525A3 (en) Systems and methods for providing trend analysis in a sedation and analgesia system
WO2002027443A3 (en) Global computer network intrusion detection system
WO2008082789A3 (en) Method and system for monitoring a location
WO2005026874A3 (en) System and method for surveilling a computer network

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP