Electrical computers and digital processing systems: multicomput – Computer network managing – Computer network monitoring
Reexamination Certificate
2000-09-08
2002-11-19
Heckler, Thomas M. (Department: 2185)
Electrical computers and digital processing systems: multicomput
Computer network managing
Computer network monitoring
C713S152000
Reexamination Certificate
active
06484203
ABSTRACT:
REFERENCE TO APPENDIX
A microfiche appendix is included as part of the specification. The microfiche includes material subject to copyright protection. The copyright owner does not object to the facsimile reproduction of the microfiche appendix, as it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights. This application contains Microfiche Appendix containing ten (10) slides and 956 frames.
BACKGROUND
The invention relates to computer networks.
Computer networks offer users ease and efficiency in exchanging information. Networks tend to include conglomerates of integrated commercial and custom-made components, interoperating and sharing information at increasing levels of demand and capacity. Such varying networks manage a growing list of needs including transportation, commerce, energy management, communications, and defense.
Unfortunately, the very interoperability and sophisticated integration of technology that make networks such valuable assets also make them vulnerable to attack, and make dependence on networks a potential liability. Numerous examples of planned network attacks, such as the Internet worm, have shown how interconnectivity can be used to spread harmful program code. Accidental outages such as the 1980 ARPAnet collapse and the 1990 AT&T collapse illustrate how seemingly localized triggering events can have globally disastrous effects on widely distributed systems. In addition, organized groups have performed malicious and coordinated attacks against various online targets.
SUMMARY
In general, in an aspect, the inventon features a computer-automated method of hiererchical event monitoring and analysis within and enterprise notwork including deploying network monitors in the enterprise notwork, detecting, by the network monitors, suspicious network activity based on analysis of network traffic data selected from the following categories: {network packet data transfer commands, network packet data trasfer errors, network packet data volume, network connection requests, network connection denials, error codes included in a network packet}, generating by the monitors, reports of the suspicious activity, and automatically receiving and integrating the reports of suspicious ativity, by one or more hierarchical monitors.
In general, in another aspect, the invention features an enterprise network monitoring system including network monitors deployed within an enterprise network, the network monitors detecting suspicious network activity based on analysis of network traffic data selected transfer errors, network packet data volume, network connection requests, network connection denials, error codes included in a network packet}, the network monitors generating reports of the suspisious activity, and one or more hierarchical monitors in the enterprise network, the hierarchical monitors adapted to automatically receive and integrate the reports of suspicious activity.
For example, an attack made upon one network entity may cause other entities to be alerted. Further, a monitor that collects event reports from different monitors may correlate activity to identify attacks causing disturbances in more than one network entity.
Additionally, statistical analysis of packets handled by a virtual private network enable detection of suspicious network activity despite virtual private network security techniques such as encryption of the network packets.
REFERENCES:
patent: 5539659 (1996-07-01), McKee et al.
patent: 5706210 (1998-01-01), Kumano et al.
patent: 5922051 (1999-07-01), Sidey
patent: 5974237 (1999-10-01), Shurmer et al.
patent: 5974457 (1999-10-01), Waclawsky et al.
patent: 5991881 (1999-11-01), Conklin et al.
patent: 6396845 (2002-05-01), Sugita
Debar, et al., “Towards a Taxonomy of Intrusion-Detection Systems,” Computer Networks 31 (1999), 805-822.
Garvey, et al., “An Inference Technique for Integrating Knowledge from Disparate Sources,” Proc. IJCAI, Vancouver, B.C., Aug., 1981, 319-325.
Kaven, “The Digital Doorman,” PC Magazine, Nov. 16, 1999.
Lindqvist, et al., “Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset (P-BEST),” Oct. 25, 1998.
Porras Phillip Andrew
Valdes Alfonso
Fish & Richardson P.C.
Heckler Thomas M.
SRI International, Inc.
LandOfFree
Hierarchical event monitoring and analysis does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Hierarchical event monitoring and analysis, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Hierarchical event monitoring and analysis will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2916022