41 results about "Intrusion response" patented technology

Preferred systems and methods for geographically mapping intrusions through network or authentication data and flight data correlation are described. In one aspect, methods and systems include receiving threat data, receiving network or authentication data, receiving flight location data, correlating the threat data and the network or authentication data with the flight location data to generate map data, and generating a map displaying a geographical location of the intrusion based on the map data.

Disclosed is a method for configuring an intrusion detection system in a network which comprises determining a location in the network for a deployed intrusion detection sensor of the intrusion detection system, deploying the intrusion detection sensor in the determined location, enabling the intrusion detection sensor to monitor communication in a portion of the network, tuning the intrusion detection sensor to an appropriate level of awareness of the content in the communication in the network, prioritizing responses generated by the intrusion detection sensor to achieve an appropriate response to a detected intrusion in the network, configuring intrusion response mechanisms in the network to achieve an appropriate response by the mechanisms; and re-tuning the intrusion detection sensor in response to a prior intrusion detection.

Computer security threat management information is generated by receiving a notification of a security threat and / or a notification of a test that detects intrusion of a computer security threat. A computer-actionable TMV is generated from the notification that was received. The TMV includes a computer-readable field that provides identification of at least one system type that is effected by the computer security threat, a computer-readable field that provides identification of a release level for a system type, and a computer-readable field that provides identification of the test that detects intrusion of the computer security threat for a system type and a release level, a computer-readable field that provides identification of a method to reverse the intrusion exploit of the computer security threat for a system type and a release level, and a computer-readable field that provides identification of a method to remediate the vulnerability subject to exploit of the computer security threat for a system type and a release level. The TMV is transmitted to target systems for processing by the target systems.

Improved techniques are disclosed for use in an intrusion prevention system or the like. For example, a method comprises the following steps performed by a computing element of a network. A packet of a flow is received, the flow comprising a plurality of packets, wherein the plurality of packets represents data in the network. A network intrusion analysis cost-benefit value is determined representing a benefit for analyzing the received packet for intrusions in relation to a cost for analyzing the received packet for intrusions. The method compares the network intrusion analysis cost-benefit value to a network intrusion analysis cost-benefit threshold to determine whether analyzing the received packet for intrusions before forwarding the received packet is warranted. Responsive to a determination that analyzing the received packet for intrusions before forwarding the received packet is not warranted, the received packet is forwarded, an indication is made that subsequent packets of the flow should be forwarded, and a determination is made whether the received packet indicates an intrusion after forwarding the received packet.

The invention discloses an attach-graph-based dynamic intrusion response method, which comprises the following steps of: presenting three kinds of cost comprising operation cost, response cost and loss cost for intrusion detection and response according to an intrusion detection and response reference mode which is an intrusion response based on attack graph (IRAG) model, and selecting a response measure on the basis of combining the three kinds of cost; defining the types of attackers executing attacks with certain aims by utilizing the preference of the attackers in security scales, and describing the attack aims of the attackers by using the types of the attackers; establishing two information sets which are an attacker information set and a system information set, wherein the attacker information set mainly comprises information obtained by the footprinting, sniffing and scanning of the attackers and according to the response information of a system, and information in the system information set comprises the alarming and log information from components comprising an intrusion detection system (IDS), a firewall, a host and the like in the system; and determining the action spaces of participation parties, wherein the system actually may determine a response set according to different attack types when giving the response.

The invention relates to the integration of a security operations policy into a threat management vector. In one embodiment, a method according to the invention includes receiving at least one threat management vector (TMV) from a TMV generator, the TMV including a root vulnerability vector, at least one system vector, at least one system level vector, and a countermeasures payload including intrusion detection countermeasures (IDC), intrusion response countermeasures (IRC), and vulnerability remediation countermeasures (VRC); forwarding to the TMDC a TMV including only the root vulnerability vector, the at least one system vector, and the at least one system level vector; propagating the TMV through a hierarchy of policy mediation regions (PMRs), each PMR being operable to refine at least one of the IDC, the IRC, and the VRC; refining at least one of the IDC, the IRC, and the VRC to conform to a security operations policy of the PMR; forwarding the refined TMV to a threat management domain controller (TMDC); recording refinements made by each PMR to each of the IDC, the IRC, and the VRC; transferring the recorded refinements to a threat management control book (TMCB); and marking the refined TMV as having been refined by each PMR making a refinement.

The invention discloses an intrusion response method based on an attack graph and a psychological theory. According to the method, each step of action when an attacker invades a network is simulated through an attack graph; the probability that the attacker takes a certain action at the next moment can be speculated by analyzing the attack psychology of the attacker, and in order to maximize the income value in the network attack and defense game, the defender formulates a corresponding response measure according to the speculated attacker behavior, so that real-time network response is provided. Compared with a traditional IDS alerts mapping response action method, the method has the advantages that the response strategy is adjusted in real time during multi-step complex intrusion detection, real-time response is achieved, and efficient protection is achieved.

A mobile sensor network intrusion detection and adaptive response method relates to a mobile sensor network intrusion detection and adaptive response method. The purpose of the present invention is to solve the existing intrusion attacks on the mobile sensor network, which often focus on the targeted detection of a certain attack, and the defense methods also have clear directionality, which cannot solve the problem of network uncertainty intrusion attacks. The process is: 1. Monitor the network and collect data; 2. Process the collected data, and store the processed data in the initial configuration file; Identify the intrusion in the network with the intrusion detection method based on the method; Fourth, establish a decision table based on the attack confidence level, the network performance degradation level and the adaptive intrusion response behavior list, and select the intrusion response according to the established decision table. The invention is used in the field of security protection of mobile sensor networks.