Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-03-05
2001-07-17
Lee, Thomas (Department: 2182)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000, C380S255000, C380S270000, C370S902000
Reexamination Certificate
active
06263444
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a network unauthorized access analysis method, an apparatus utilizing the method, and a computer-readable recording medium having a network unauthorized access analysis program recorded thereon. More particularly, the present invention relates to a network unauthorized access analysis method for analyzing whether an unauthorized access is generated in data transmitted on a network so constructed as to perform communication based on a layered protocol between information communication stations in order to enable execution of network security or network management, an apparatus using such a method, and a computer-readable recording medium having a network unauthorized access analysis program recorded thereon.
2. Description of the Prior Art
Conventionally, in a system so structured as to exchange data between information stations, there have been proposed various kinds of analysis method for analyzing whether an unauthorized access is generated in data to be exchanged.
In the first place, as a first prior art of the analysis method, for example, there has been proposed an analysis system which operates on a layer or layers being upper side of a transport layer in a seven-layer model, receives the transmitted information from the transport layer, and checks a source based on a function prepared by an operating system in order to judge whether the source has been registered in advance and is admitted (TCP WRAPPER; Mar. 19, 1996).
Further, as a second prior art of the analysis method, there is a software which does not use functions of the network communication, compresses the vast content of a hard disk by using a predetermined compression method, and detects an unauthorized access to the hard disk by periodically comparing the stored content with the current compressed content (The Design and Implementation of Tripwire; Feb. 23, 1995).
As a third prior art of the analysis method, there is one such that a typical unauthorized access (cracking) technique is stored and the technique is executed with respect to a system to be analyzed to check the unauthorized access of that system (Satan-network security scanner).
Further, as a fourth prior art of the analysis method, there is one such that analysis is performed with respect to each host computer to confirm whether the various settings of the host computer is disadvantageously set so that it is cracked by the network communication. In this prior art, confirmation is made by using commands of an operating system upon whether the various settings of the host computer is unsafe in terms of security (COPS; Nov. 17, 1991).
A fifth prior art of the analysis method is a system for checking whether a password of a user employed in the UNIX is valid. This system has a file of proposed passwords to code the proposed words, compares created words resulting from coding with the coded password, and retrieves the password by utilizing a fact that the currently coded word is the password if they coincide with each other (Crack Version 4.1; Mar. 3, 1992).
As a sixth prior art of the analysis method, there is one for analyzing each packet in a physical layer (Sniffer).
Moreover, as a seventh prior art of the analysis method, there is a system for diagnosing a network which performs communication between information stations based on a layered protocol. According to this system, a service data unit provided from a lower layer filter is analyzed in accordance with analysis directions from an input controller and a service data unit is created and provided to an upper layer filter (Japanese patent laid-open publication No. Hei 4-315343).
However, the first prior art has a drawback such that a number of items of data to be analyzed is small and it is not enough for analyzing unauthorized access because data is received from only the transport layer and no data is sent from any other layer. Further, since using functions of the operating system restructures data, satisfactory analysis of unauthorized access can not be carried out.
The second prior art has such a disadvantage, as that analysis of unauthorized access in data in the network communication is impossible because of lack of network communication functions.
In addition, according to the first and second prior arts, there is adopted a design for installing a program which realizes the analysis method in accordance with each host computer or host station (which will be simply referred to as “host” hereunder) to be monitored, and hence the system can not deal with an increase in a number of hosts.
According to the third through fifth prior arts, adoption of a design for newly performing analysis in accordance with each analysis protocol involves the system to fail to cope with an increase in a number of protocols.
The sixth prior art adopts a design such as that analysis is effected each packet in the physical layer, which makes it impossible to perform analysis each session in application layer that is necessary in cracking analysis.
On the other hand, according to the seventh prior art, since data in one layer is filtered and diagnosed based on the same module in accordance with each layer of the protocol, the unauthorized access can not be analyzed in association with other layers, and the unauthorized access analysis is not enough.
DISCLOSURE OF THE INVENTION
It is, therefore, a first object of the present invention to provide a network unauthorized access analyzing method which can process arbitrary data including sessions of the application, a network unauthorized access analysis apparatus utilizing this method, and a computer-readable recording medium having a network unauthorized access analysis program recorded thereon.
Further, it is a second object of the present invention to provide a network unauthorized access analyzing method which can perform arbitrary communication between networks and easily deal with an increase in a number of protocols, a network unauthorized access analysis apparatus utilizing this method, and a computer-readable recording medium having a network unauthorized access analysis program recorded thereon.
Furthermore, it is a third object of the present invention to provide a network unauthorized access analysis method which can deal with an arbitrary protocol, a network unauthorized access analysis apparatus utilizing this method, and a computer-readable recording medium having a network unauthorized access analysis program recorded thereon.
To achieve the first through third objects, the present invention provides a network unauthorized access analysis method for analyzing an unauthorized access in a network so constructed as to perform communication based on a layered protocol between information communication stations, the method including: a data collecting step for capturing a packet transmitted on a network; a data creating step for setting parameters of layered modules according to a layered protocol based on information specified by a previously-read configuration file and filtering the packet obtained from the data collecting step by using the layered modules to reassemble the fragmented data which is the packet into its original data in order to create analysis data; and a data analyzing step for judging whether an unauthorized access is generated in the analysis data obtained in the data creating step based on the content specified by the previously-read configuration file.
In the data creating step, therefore, the packet obtained from the data collecting step is filtered based on the layered modules and the fragmented data which is the packet is reassembled into the original data to create the analysis data, and hence the analysis data obtained after reassemblage which has a significance as data is to be analyzed in the data analyzing step. Thus, the unauthorized access generated in the data portion can be easily recognized.
In particular, although it is effective to analyze the data portion because the unauthorized access in the network is likely to be generated in
Lee Thomas
National Aerospace Laboratory of Science & Technology Agency
Nguyen Nguyen
Notaro & Michalos P.C.
LandOfFree
Network unauthorized access analysis method, network... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Network unauthorized access analysis method, network..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Network unauthorized access analysis method, network... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2538435