Patent
1996-11-21
1998-08-18
Beausoliel, Jr., Robert W.
39520059, G06F 1100, G06F 1300
Patent
active
057969426
ABSTRACT:
A network surveillance system includes a handler process (10) for capturing network packets and filtering invalid packets, a first and second continuously sorted record file (15a, 15b), and a scanner process (30) for scanning all sessions occurring on the network and checking for the presence of certain rules (38). When a rule is met, indicating a security incident, a variety of appropriate actions may be taken, including notifying a network security officer via electronic or other mail or recording or terminating a network session. The surveillance system operates completely independently of any other network traffic and the network file server and therefore has no impact on network performance. According to a further embodiment, the invention may include remote surveillance agents (100a-c) for gathering network packets at a remote location and transferring them to a server (110) for analysis by a network surveillance system.
REFERENCES:
patent: 5032979 (1991-07-01), Hecht et al.
patent: 5101402 (1992-03-01), Chiu et al.
patent: 5414833 (1995-05-01), Hershey et al.
patent: 5488715 (1996-01-01), Wainwright
patent: 5524238 (1996-06-01), Miller et al.
patent: 5557742 (1996-09-01), Smaha et al.
patent: 5606668 (1997-02-01), Shwed
patent: 5621889 (1997-04-01), Lermuzeaux et al.
patent: 5699513 (1997-12-01), Feigen et al.
Winkler, "A Unix Prototype for Intrusion and Anomaly Detection in Secure Networks", NESC Conference, pp. 1-10, Oct. 1990.
Sebring et al., "Expert System in Intrusion Detection : A Case Study", pp. 74-81.
Debar et al., "A Neural Network Component for an Intrusion Detection System", IEEE, pp. 240-250, 1992.
Dowell et al., "The Computer Watch Data Reduction Tool", pp. 99-108.
Snapp et al., "DIDS(Distributed Intrusion Detection System)-Motivation, Architecture, and Early Prototype", pp. 167-176.
Tener, "Discovery: An Expert System in the Commercial Data Security Environment", pp. 45-53, Computer Security Journal vol. 6, No. 1, Dec. 1986.
Avritzer et al., "Reliability Testing of Rule-Based Systems", IEEE, pp. 1-7, Sep. 1996.
Snapp, "Signature Analysis and Communication Issues in a Distributed Intrusion Detection System", Master Thesis-UCA, pp. 1-40, 1991.
Baderman Scott T.
Beausoliel, Jr. Robert W.
Computer Associates International, Inc.
O'Connor, Jr. Thomas E.
LandOfFree
Method and apparatus for automated network-wide surveillance and does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for automated network-wide surveillance and, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for automated network-wide surveillance and will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-1124063