WO2005050364A3 - Distributed intrusion response system - Google Patents

Distributed intrusion response system Download PDF

Info

Publication number
WO2005050364A3
WO2005050364A3 PCT/US2004/037506 US2004037506W WO2005050364A3 WO 2005050364 A3 WO2005050364 A3 WO 2005050364A3 US 2004037506 W US2004037506 W US 2004037506W WO 2005050364 A3 WO2005050364 A3 WO 2005050364A3
Authority
WO
WIPO (PCT)
Prior art keywords
detected
intrusions
policy
intrusion
policies
Prior art date
Application number
PCT/US2004/037506
Other languages
French (fr)
Other versions
WO2005050364A2 (en
Inventor
Richard Bussiere
Mark Townsend
Steven Pettit
David Harrington
John Roese
Richard Graham
Original Assignee
Enterasys Networks Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Enterasys Networks Inc filed Critical Enterasys Networks Inc
Priority to EP04800964.1A priority Critical patent/EP1682985B8/en
Publication of WO2005050364A2 publication Critical patent/WO2005050364A2/en
Publication of WO2005050364A3 publication Critical patent/WO2005050364A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/146Tracing the source of attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

A system and method (200) to respond to intrusions detected on a network system including attached functions (204) and a network infrastructure. The system includes means for receiving from an intrusion detection function (204) information about intrusions (205), a directory service function (208) for gathering and reporting at least the physical and logical addresses of devices of the network infrastructure associated with the detected intrusions , and a plurality of distributed enforcement devices of the network infrastructure for enforcing policies responsive to the detected intrusions (210). A policy decision function (210) evaluates the reported detected intrusions and makes a determination whether one or more policy changes are required on the enforcement devices in response to a detected intrusion. A policy manager function configures the distributed enforcement devices with the responsive changed policy or policies. Policy changes rules can vary from no change to complete port blocking on one or more identified enforcement devices associated with the detected intrusion, to redirecting the associated traffic including the intrusion and these policies may be modified or removed over time as warranted by network operation.
PCT/US2004/037506 2003-11-14 2004-11-09 Distributed intrusion response system WO2005050364A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP04800964.1A EP1682985B8 (en) 2003-11-14 2004-11-09 Distributed intrusion response system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/713,560 US7581249B2 (en) 2003-11-14 2003-11-14 Distributed intrusion response system
US10/713,560 2003-11-14

Publications (2)

Publication Number Publication Date
WO2005050364A2 WO2005050364A2 (en) 2005-06-02
WO2005050364A3 true WO2005050364A3 (en) 2006-10-12

Family

ID=34573755

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2004/037506 WO2005050364A2 (en) 2003-11-14 2004-11-09 Distributed intrusion response system

Country Status (3)

Country Link
US (1) US7581249B2 (en)
EP (1) EP1682985B8 (en)
WO (1) WO2005050364A2 (en)

Families Citing this family (71)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7882226B2 (en) * 2001-12-31 2011-02-01 Samsung Electronics Co., Ltd. System and method for scalable and redundant COPS message routing in an IP multimedia subsystem
KR100605216B1 (en) * 2003-05-30 2006-07-31 엘지전자 주식회사 0network device
KR100605218B1 (en) 2003-05-30 2006-07-31 엘지전자 주식회사 Network adaptor
KR100638017B1 (en) * 2003-05-30 2006-10-23 엘지전자 주식회사 Network device
KR100596755B1 (en) * 2003-05-30 2006-07-04 엘지전자 주식회사 Home network system
US7729282B2 (en) * 2003-05-30 2010-06-01 Lg Electronics Inc. Home network system and its configuration system
US7526541B2 (en) * 2003-07-29 2009-04-28 Enterasys Networks, Inc. System and method for dynamic network policy management
US7779463B2 (en) 2004-05-11 2010-08-17 The Trustees Of Columbia University In The City Of New York Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems
US7752671B2 (en) * 2004-10-04 2010-07-06 Promisec Ltd. Method and device for questioning a plurality of computerized devices
US20060101516A1 (en) * 2004-10-12 2006-05-11 Sushanthan Sudaharan Honeynet farms as an early warning system for production networks
US7904940B1 (en) * 2004-11-12 2011-03-08 Symantec Corporation Automated environmental policy awareness
US7784097B1 (en) * 2004-11-24 2010-08-24 The Trustees Of Columbia University In The City Of New York Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems
US8191107B1 (en) * 2005-03-09 2012-05-29 Enterasys Networks, Inc. System and method for lost contact response
US8006285B1 (en) * 2005-06-13 2011-08-23 Oracle America, Inc. Dynamic defense of network attacks
JP2007067991A (en) * 2005-09-01 2007-03-15 Fujitsu Ltd Network management system
US8166547B2 (en) * 2005-09-06 2012-04-24 Fortinet, Inc. Method, apparatus, signals, and medium for managing a transfer of data in a data network
US20070067623A1 (en) * 2005-09-22 2007-03-22 Reflex Security, Inc. Detection of system compromise by correlation of information objects
US8046833B2 (en) 2005-11-14 2011-10-25 Sourcefire, Inc. Intrusion event correlation with network discovery information
US20070169192A1 (en) * 2005-12-23 2007-07-19 Reflex Security, Inc. Detection of system compromise by per-process network modeling
US8832048B2 (en) 2005-12-29 2014-09-09 Nextlabs, Inc. Techniques and system to monitor and log access of information based on system and user context using policies
US9864752B2 (en) * 2005-12-29 2018-01-09 Nextlabs, Inc. Multilayer policy language structure
US7934258B2 (en) * 2006-08-17 2011-04-26 Informod Control Inc. System and method for remote authentication security management
US20080134296A1 (en) * 2006-11-30 2008-06-05 Ofer Amitai System and method of network authorization by scoring
WO2008065648A2 (en) * 2006-11-30 2008-06-05 Datanin Ltd. System and method of network authorization by scoring
US8949986B2 (en) * 2006-12-29 2015-02-03 Intel Corporation Network security elements using endpoint resources
US7835348B2 (en) * 2006-12-30 2010-11-16 Extreme Networks, Inc. Method and apparatus for dynamic anomaly-based updates to traffic selection policies in a switch
US8910275B2 (en) * 2007-02-14 2014-12-09 Hewlett-Packard Development Company, L.P. Network monitoring
US8488488B1 (en) * 2007-02-22 2013-07-16 Cisco Technology, Inc. Mitigating threats in a network
EP2142438A1 (en) 2007-03-23 2010-01-13 Allegiance Corporation Fluid collection and disposal system having internchangeable collection and other features and methods relating thereof
US9889239B2 (en) 2007-03-23 2018-02-13 Allegiance Corporation Fluid collection and disposal system and related methods
WO2008130946A2 (en) * 2007-04-17 2008-10-30 Kenneth Tola Unobtrusive methods and systems for collecting information transmitted over a network
US7840687B2 (en) * 2007-07-11 2010-11-23 Intel Corporation Generic bootstrapping protocol (GBP)
US8286243B2 (en) * 2007-10-23 2012-10-09 International Business Machines Corporation Blocking intrusion attacks at an offending host
CN101639879B (en) * 2008-07-28 2012-06-20 成都市华为赛门铁克科技有限公司 Database security monitoring method, device and system
US8806630B2 (en) * 2008-05-13 2014-08-12 At&T Intellectual Property, I, L.P. Methods and apparatus for intrusion protection in systems that monitor for improper network usage
US8640188B2 (en) * 2010-01-04 2014-01-28 Tekelec, Inc. Methods, systems, and computer readable media for providing group policy configuration in a communications network using a fake user
CN104363577B (en) * 2008-06-05 2017-12-05 凯敏公司 For providing the method and system of mobile management in a network
US8813168B2 (en) 2008-06-05 2014-08-19 Tekelec, Inc. Methods, systems, and computer readable media for providing nested policy configuration in a communications network
US8413238B1 (en) * 2008-07-21 2013-04-02 Zscaler, Inc. Monitoring darknet access to identify malicious activity
US20100071065A1 (en) * 2008-09-18 2010-03-18 Alcatel Lucent Infiltration of malware communications
EP2384593A4 (en) * 2009-01-30 2016-05-18 Hewlett Packard Development Co Dynamically applying a control policy to a network
WO2011008961A1 (en) 2009-07-15 2011-01-20 Allegiance Corporation Fluid collection and disposal system and related methods
US8429268B2 (en) * 2009-07-24 2013-04-23 Camiant, Inc. Mechanism for detecting and reporting traffic/service to a PCRF
US9166803B2 (en) * 2010-02-12 2015-10-20 Tekelec, Inc. Methods, systems, and computer readable media for service detection over an RX interface
EP2543163B1 (en) * 2010-03-05 2018-09-26 Tekelec, Inc. Methods, systems, and computer readable media for enhanced service detection and policy rule determination
CN102893640B (en) * 2010-03-15 2016-03-23 泰克莱克股份有限公司 For the method for transmission policy information between "Policy and Charging Rules Function and service node, system and computer-readable medium
US9319318B2 (en) 2010-03-15 2016-04-19 Tekelec, Inc. Methods, systems, and computer readable media for performing PCRF-based user information pass through
US8769373B2 (en) 2010-03-22 2014-07-01 Cleon L. Rogers, JR. Method of identifying and protecting the integrity of a set of source data
US8601034B2 (en) * 2011-03-11 2013-12-03 Sourcefire, Inc. System and method for real time data awareness
US8468241B1 (en) * 2011-03-31 2013-06-18 Emc Corporation Adaptive optimization across information technology infrastructure
US8725869B1 (en) * 2011-09-30 2014-05-13 Emc Corporation Classifying situations for system management
US8572731B1 (en) * 2011-11-17 2013-10-29 Symantec Corporation Systems and methods for blocking a domain based on the internet protocol address serving the domain
US9317721B2 (en) 2012-10-31 2016-04-19 Google Inc. Privacy aware camera and device status indicator system
US9516049B2 (en) * 2013-11-13 2016-12-06 ProtectWise, Inc. Packet capture and network traffic replay
US9654445B2 (en) 2013-11-13 2017-05-16 ProtectWise, Inc. Network traffic filtering and routing for threat analysis
US10735453B2 (en) 2013-11-13 2020-08-04 Verizon Patent And Licensing Inc. Network traffic filtering and routing for threat analysis
US11050776B2 (en) * 2015-03-04 2021-06-29 Nippon Telegraph And Telephone Corporation Security measure invalidation prevention device, security measure invalidation prevention method, and security measure invalidation prevention program
US9961076B2 (en) * 2015-05-11 2018-05-01 Genesys Telecommunications Laboratoreis, Inc. System and method for identity authentication
CN105024999B (en) * 2015-06-02 2018-08-28 江苏恒信和安电子科技有限公司 A kind of IP video surveillance networks safety access method
US10598377B2 (en) 2016-05-27 2020-03-24 Illinois Tool Works Inc. Combustion-powered fastener driving tool fuel cell assembly
US10715533B2 (en) * 2016-07-26 2020-07-14 Microsoft Technology Licensing, Llc. Remediation for ransomware attacks on cloud drive folders
US10547646B2 (en) * 2016-09-16 2020-01-28 Oracle International Corporation Dynamic policy injection and access visualization for threat detection
US10628585B2 (en) 2017-01-23 2020-04-21 Microsoft Technology Licensing, Llc Ransomware resilient databases
US10367832B2 (en) * 2017-01-27 2019-07-30 Rapid7, Inc. Reactive virtual security appliances
US10721239B2 (en) 2017-03-31 2020-07-21 Oracle International Corporation Mechanisms for anomaly detection and access management
US11194930B2 (en) 2018-04-27 2021-12-07 Datatrendz, Llc Unobtrusive systems and methods for collecting, processing and securing information transmitted over a network
CN110290122B (en) * 2019-06-13 2020-07-17 中国科学院信息工程研究所 Intrusion response strategy generation method and device
US11483351B2 (en) 2020-08-26 2022-10-25 Cisco Technology, Inc. Securing network resources from known threats
US20220069266A1 (en) 2020-09-01 2022-03-03 Illinois Tool Works Inc. Combustion-powered fastener driving tool fuel cell adapter
CN112272189A (en) * 2020-11-04 2021-01-26 国网湖南省电力有限公司 Boundary protection standardization and white list automatic deployment method for power system
CN116321254B (en) * 2023-02-14 2024-03-15 广州爱浦路网络技术有限公司 Indoor intrusion monitoring method and system based on 5G core network

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999057625A1 (en) * 1998-05-06 1999-11-11 Prc Inc. Dynamic system defence for information warfare
US6088804A (en) * 1998-01-12 2000-07-11 Motorola, Inc. Adaptive system and method for responding to computer network security attacks
US20030149888A1 (en) * 2002-02-01 2003-08-07 Satyendra Yadav Integrated network intrusion detection

Family Cites Families (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2616024B1 (en) 1987-05-26 1989-07-21 Quinquis Jean Paul SYSTEM AND METHOD FOR PACKET FLOW CONTROL
US5251205A (en) 1990-09-04 1993-10-05 Digital Equipment Corporation Multiple protocol routing
US5490252A (en) 1992-09-30 1996-02-06 Bay Networks Group, Inc. System having central processor for transmitting generic packets to another processor to be altered and transmitting altered packets back to central processor for routing
US5390173A (en) 1992-10-22 1995-02-14 Digital Equipment Corporation Packet format in hub for packet data communications system
US5406260A (en) 1992-12-18 1995-04-11 Chrimar Systems, Inc. Network security system for detecting removal of electronic equipment
US5963556A (en) 1993-06-23 1999-10-05 Digital Equipment Corporation Device for partitioning ports of a bridge into groups of different virtual local area networks
US5608726A (en) 1995-04-25 1997-03-04 Cabletron Systems, Inc. Network bridge with multicast forwarding table
US5684800A (en) 1995-11-15 1997-11-04 Cabletron Systems, Inc. Method for establishing restricted broadcast groups in a switched network
US6026165A (en) 1996-06-20 2000-02-15 Pittway Corporation Secure communications in a wireless system
US5991881A (en) * 1996-11-08 1999-11-23 Harris Corporation Network surveillance system
US6128665A (en) 1996-12-30 2000-10-03 Cabletron Systems, Inc. System for broadcasting messages to each of default VLAN ports in subset of ports defined as VLAN ports
US6167027A (en) 1997-09-09 2000-12-26 Cisco Technology, Inc. Flow control technique for X.25 traffic in a high speed packet switching network
US6456624B1 (en) 1997-10-29 2002-09-24 Enterasys Networks, Inc. Network address resolve blocker
US6321338B1 (en) * 1998-11-09 2001-11-20 Sri International Network surveillance
US20020018571A1 (en) 1999-08-31 2002-02-14 Anderson Walter F. Key management methods and communication protocol for secure communication systems
US6789202B1 (en) * 1999-10-15 2004-09-07 Networks Associates Technology, Inc. Method and apparatus for providing a policy-driven intrusion detection system
KR20030007447A (en) 2000-03-03 2003-01-23 테너 네트워크스, 인크. High-speed Data Processing Using Internal Processor Mermory Space
US7222268B2 (en) 2000-09-18 2007-05-22 Enterasys Networks, Inc. System resource availability manager
US20020090089A1 (en) 2001-01-05 2002-07-11 Steven Branigan Methods and apparatus for secure wireless networking
ATE419574T1 (en) * 2001-01-10 2009-01-15 Cisco Tech Inc COMPUTER SECURITY AND MANAGEMENT SYSTEM
US7536715B2 (en) 2001-05-25 2009-05-19 Secure Computing Corporation Distributed firewall system and method
US7234168B2 (en) 2001-06-13 2007-06-19 Mcafee, Inc. Hierarchy-based method and apparatus for detecting attacks on a computer system
US7290266B2 (en) * 2001-06-14 2007-10-30 Cisco Technology, Inc. Access control by a real-time stateful reference monitor with a state collection training mode and a lockdown mode for detecting predetermined patterns of events indicative of requests for operating system resources resulting in a decision to allow or block activity identified in a sequence of events based on a rule set defining a processing policy
US20030046583A1 (en) * 2001-08-30 2003-03-06 Honeywell International Inc. Automated configuration of security software suites
US7370358B2 (en) * 2001-09-28 2008-05-06 British Telecommunications Public Limited Company Agent-based intrusion detection system
US20030095663A1 (en) 2001-11-21 2003-05-22 Nelson David B. System and method to provide enhanced security in a wireless local area network system
US7150043B2 (en) 2001-12-12 2006-12-12 International Business Machines Corporation Intrusion detection method and signature table
US20030188189A1 (en) 2002-03-27 2003-10-02 Desai Anish P. Multi-level and multi-platform intrusion detection and response system
US7965842B2 (en) * 2002-06-28 2011-06-21 Wavelink Corporation System and method for detecting unauthorized wireless access points
US7017186B2 (en) * 2002-07-30 2006-03-21 Steelcloud, Inc. Intrusion detection system using self-organizing clusters
US7152242B2 (en) 2002-09-11 2006-12-19 Enterasys Networks, Inc. Modular system for detecting, filtering and providing notice about attack events associated with network security
US7549166B2 (en) * 2002-12-05 2009-06-16 International Business Machines Corporation Defense mechanism for server farm
US7941855B2 (en) * 2003-04-14 2011-05-10 New Mexico Technical Research Foundation Computationally intelligent agents for distributed intrusion detection system and method of practicing same

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6088804A (en) * 1998-01-12 2000-07-11 Motorola, Inc. Adaptive system and method for responding to computer network security attacks
WO1999057625A1 (en) * 1998-05-06 1999-11-11 Prc Inc. Dynamic system defence for information warfare
US20030149888A1 (en) * 2002-02-01 2003-08-07 Satyendra Yadav Integrated network intrusion detection

Also Published As

Publication number Publication date
EP1682985A2 (en) 2006-07-26
US20050108568A1 (en) 2005-05-19
EP1682985A4 (en) 2013-04-10
EP1682985B1 (en) 2020-10-28
US7581249B2 (en) 2009-08-25
WO2005050364A2 (en) 2005-06-02
EP1682985B8 (en) 2021-08-18

Similar Documents

Publication Publication Date Title
WO2005050364A3 (en) Distributed intrusion response system
US10505953B2 (en) Proactive prediction and mitigation of cyber-threats
US7941855B2 (en) Computationally intelligent agents for distributed intrusion detection system and method of practicing same
US7596807B2 (en) Method and system for reducing scope of self-propagating attack code in network
US7549162B2 (en) Methods of providing security for data distributions in a data network and related devices, networks, and computer program products
CN101465770B (en) Method for disposing inbreak detection system
US6715084B2 (en) Firewall system and method via feedback from broad-scope monitoring for intrusion detection
US7228564B2 (en) Method for configuring a network intrusion detection system
KR100351306B1 (en) Intrusion Detection System using the Multi-Intrusion Detection Model and Method thereof
US20050216956A1 (en) Method and system for authentication event security policy generation
WO2004019186A3 (en) Determining threat level associated with network activity
WO2005057233A3 (en) Method and system for monitoring a selected region of an airspace associated with local area networks of computing devices
US20020066034A1 (en) Distributed network security deception system
CA2454223A1 (en) An airborne security manager
WO2007058952A3 (en) Intrusion event correlation with network discovery information
KR20010095337A (en) Firewall system combined with embeded hardware and general-purpose computer
WO2005062707A3 (en) Universal worm catcher
AU2011283160A1 (en) System and method for local protection against malicious software
CN104244249A (en) Techniques for providing security protection in wireless network by switching modes
AU2003300506A8 (en) A method and system for policy-based control in a distributed network
WO2004070547A3 (en) Method and device for monitoring data traffic and preventing unauthorized access to a network
KR100466798B1 (en) Public network and private network combination security system and method thereof
KR101953562B1 (en) Appratus of mobile device classification for preventing wireless intrusion
JP2006330926A (en) Virus infection detection device
US20060026273A1 (en) System and method for detection of reconnaissance activity in networks

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2004800964

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2004800964

Country of ref document: EP