Data processing: database and file management or data structures – Database design – Data structure types
Reexamination Certificate
1998-06-30
2001-08-28
Von Buhr, Maria N. (Department: 2771)
Data processing: database and file management or data structures
Database design
Data structure types
C707S793000, C713S152000
Reexamination Certificate
active
06282546
ABSTRACT:
TECHNICAL FIELD OF THE INVENTION
This invention relates in general to the field of computer network environments and, more particularly, to a system and method for real-time insertion of data into a multi-dimensional database for network intrusion detection and vulnerability assessment.
BACKGROUND OF THE INVENTION
Managing networks can largely be a matter of risk management and decision support. Network administrators want to minimize the risk of events such as equipment failure while, at the same time, maximize performance such as high bandwidth. These types of management tasks bring with them a number of types of data management problems. For example, for failures in the network, the types of questions that an administrator needs to ask depend upon the current context: such as how, where and when did the event occur. Further, the desired context may change during the course of an inquiry. For example, the question that ultimately leads to an answer to a network problem may be quite different than the one with which the administrator began.
Assuming that detailed information about a network is available, effective navigation through such large amounts of information generally requires hierarchical summarization. For example, the schema for locating an event might be represented using the following: region, city, network, segment, device, operating system and version. Further, the level of detail needed can change during the course of an inquiry. For example, in order to solve a particular problem in the southwest region of a network, the network administrator may need to identify the particular version of the operating system on a specific device in that region of the network. Other problems may not need that level of granularity.
Further, not only do network administrators worry about operational problems with the network, they should also manage the detection of and response to unauthorized intrusions into the network. Such intrusion events need to be addressed to prevent or limit any exposure of critical data. To help in this task, there are a number of conventional intrusion detection systems available that can monitor the network and detect intrusion events. Some of these system can also automatically respond to certain types of intrusion. The NETRANGER product, available from CISCO SYSTEMS, INC., is one example of such an intrusion detection system. Further, there are products that allow an administrator to assess, in general, what vulnerabilities exist in the network. The NETSONAR product, available from CISCO SYSTEMS, INC., is one example of such a network vulnerability assessment system.
Although conventional security systems can ease the task of network administration, it is desirable to provide a system that allows both robust viewing of network configuration and vulnerability details as well as ongoing detection of and response to unauthorized intrusions into the network.
SUMMARY OF THE INVENTION
In accordance with the present invention, a system and method for real-time insertion of data into a multi-dimensional database for network intrusion detection and vulnerability assessment are disclosed that provide significant advantages over conventional network security tools.
According to one aspect of the present invention, the system includes a multi-dimensional database and a user interface operable to access and provide views into the multi-dimensional database. A data insertion engine is coupled to and operable to access the multi-dimensional database. The data insertion engine is further operable to receive a real-time data feed, to process the real-time data feed and to insert data into the multi-dimensional database responsive to processing of the real-time data feed. In one embodiment, the real-time data feed can represent exploited network vulnerabilities, and the system can be used for network intrusion detection and vulnerability assessment.
According to another aspect of the present invention, the method includes receiving a real-time data feed representing detection of an event and processing the event against the multi-dimensional database. Cells associated with the event are identified in the multi-dimensional database and appropriate vectors to the identified cells are created. Data representing the event is then inserted at the identified cells. Visibility to the inserted data is provided through a user interface to the multi-dimensional database. In one embodiment, the event can be an exploited network vulnerability, and the method can be used for intrusion detection and vulnerability assessment.
It is a technical advantage of the present invention that real-time data feeds representing intrusion detection events are processed to generate data that is inserted real-time into a multi-dimensional database. A network administrator can then interface with the multi-dimensional database to obtain real-time visibility of intrusion events and any correlation to known aspects of the network environment.
It is another technical advantage that a robust real-time vulnerability assessment and intrusion detection tool can be provided that allows intrusion detection events to be associated with specific network resources having known confirmed or potential vulnerabilities.
Other technical advantages of the present invention should be apparent to one of ordinary skill in the art in view of the specification, drawings and claims.
REFERENCES:
patent: 4868866 (1989-09-01), Williams, Jr.
patent: 4937743 (1990-06-01), Rassman
patent: 5032979 (1991-07-01), Hecht et al.
patent: 5101402 (1992-03-01), Chiu et al.
patent: 5278901 (1994-01-01), Shieh et al.
patent: 5319777 (1994-06-01), Perez
patent: 5404488 (1995-04-01), Kerrigan et al.
patent: 5414833 (1995-05-01), Hershey et al.
patent: 5448724 (1995-09-01), Hayashi
patent: 5488715 (1996-01-01), Wainwright
patent: 5524238 (1996-06-01), Miller et al.
patent: 5557742 (1996-09-01), Smaha et al.
patent: 5592666 (1997-01-01), Perez et al.
patent: 5606668 (1997-02-01), Shwed
patent: 5621889 (1997-04-01), Lermuzeaux et al.
patent: 5647058 (1997-07-01), Agrawal et al.
patent: 5649190 (1997-07-01), Sharif-Askary et al.
patent: 5699513 (1997-12-01), Feigen et al.
patent: 5721910 (1998-02-01), Unger et al.
patent: 5767854 (1998-06-01), Anwar
patent: 5768133 (1998-06-01), Chen et al.
patent: 5774878 (1998-06-01), Marshall
patent: 5793763 (1998-08-01), Mayes et al.
patent: 5796942 (1998-08-01), Esbensen
patent: 5798706 (1998-08-01), Kraemer et al.
patent: 5805801 (1998-09-01), Holloway et al.
patent: 5826014 (1998-10-01), Coley et al.
patent: 5854897 (1998-12-01), Radziewicz et al.
patent: 5919257 (1999-07-01), Trostle
patent: 5931946 (1999-08-01), Terada et al.
patent: 5978788 (1999-11-01), Castelli et al.
patent: 5991881 (1999-11-01), Conklin et al.
patent: 5999944 (1999-12-01), Lipkin
patent: 6003036 (1999-12-01), Martin
patent: 6032158 (2000-02-01), Mukhopadhyay et al.
“Introduction to Algorithms,” by Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest, Chap. 34, pp. 853-885, Copyright © 1990.
“Preliminary Report on Advanced Security Audit Trail Analysis on UNIX,” N. Habra et al., pp. 1-34 (found at http://www.cs.purdue.edu/coast/archive/data/categ24.html), Sep. 1994.
“IDIOT-Users Guide,” M. Crosbie, et al., pp. 1-63, (found at http://www.cs.purdue.edu/coast/archive/data/categ24.html), Sep. 1996.
“An Introduction to Intrusion Detection,” A. Sundaram, pp. 1-10, (found at http://www.cs.purdue.edu/coast/archive/data/categ24.html), no date.
“Use of a Taxonomy of Security Faults,” T. Aslam, et al., pp. 1-10, (found at http://www.cs.purdue.edu/coast/archive/data/categ24.html, Sep. 1996.
“Artificial intelligence and intrusion Detection: Current and Future Directions,” Jeremy Frank, pp. 1-12, (found at http://www.cs.purdue.edu/coast/archive/data/categ24.html), Jun. 1994.
“ASAX Conceptual Overview,” ASAX Brochure, A. Mounji, (found at http://www.cs.purdue.edu/coast/archive/data/categ24.html), no date.
“GrlDS—A Graph Based Intrusion Detection System For Large Networks,” S. Staniford-Chen, et al., 10 pages, (found at http://www.cs.pu
Gleichauf Robert
Shanklin Steven
Baker & Botts L.L.P.
Cisco Technology Inc.
Von Buhr Maria N.
LandOfFree
System and method for real-time insertion of data into a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for real-time insertion of data into a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for real-time insertion of data into a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2518396