[특허]System and method for active data collection in a network security system

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	H04L-029/06
출원번호	US-0176436 (2005-07-06)
등록번호	US-8572733 (2013-10-29)
발명자 / 주소	Rockwood, Troy Dean
출원인 / 주소	Raytheon Company
대리인 / 주소	Schwegman, Lundberg & Woessner, P.A.
인용정보	피인용 횟수 : 23 인용 특허 : 32

초록 ▼

A network security system comprises a plurality of sensors, a management server, and a data collection module. The plurality of sensors receive first data associated with potential attacks on the system. The manager server is coupled to at least one sensor and correlates at least a portion of the fi

A network security system comprises a plurality of sensors, a management server, and a data collection module. The plurality of sensors receive first data associated with potential attacks on the system. The manager server is coupled to at least one sensor and correlates at least a portion of the first data to detect potential attacks on the system. The data collection module is coupled to the manager server and generates at least one request for second data based upon at least one of the first data and the correlated data. The data collection module communicates the request to at least one source different from the plurality of sensors.

대표청구항 ▼

1. A network security system, comprising: a plurality of sensors operable to receive first data associated with potential attacks on a network security system;a manager server coupled to at least one of the plurality of sensors and comprising a first processor, the manager server operable to: correl

1. A network security system, comprising: a plurality of sensors operable to receive first data associated with potential attacks on a network security system;a manager server coupled to at least one of the plurality of sensors and comprising a first processor, the manager server operable to: correlate at least a portion of the first data based on a correlation rule set to detect potential attacks on the system; andcommunicate a query comprising the first data and the correlated data, the correlated data being based at least in part on the correlation of at least a portion of the first data; anda data collection module coupled to the manager server and an archive database, the data collection module comprising a second processor, the data collection module operable to: receive the query from the manager server;generate at least one request for second data based upon the received query;communicate the at least one request to at least one source different from the plurality of sensors, wherein the at least one source is a server that translates IP addresses;correlate second data received from the server that translates IP addresses with at least a portion of the first data received by the plurality of sensors; andgenerate a relationship score indicating a likelihood that the first data is related to a previous potential attack based on the correlated second data and event history in the archive database;the first data associated with potential attacks on the network security system being communicated from the plurality of sensors to the manager server without passing through the data collection module. 2. The system of claim 1, wherein the at least one source is external to the network security system. 3. The system of claim 1, wherein the at least one source is internal to the network security system. 4. The system of claim 1, wherein the data collection module correlates at least a portion of the second data with the correlated portion of the first data. 5. The system of claim 1, wherein the data collection module receives the second data in response to the at least one request and, in response, generates another request to at least one source different from the plurality of sensors. 6. The system of claim 1, wherein the first data is passively gathered and the second data is actively requested. 7. The system of claim 1, wherein the data collection module is integrated with at least one sensor or manager server. 8. The system of claim 1, wherein the at least one source comprises: a geographic location server that translates between IP addresses and geographic locations. 9. The system of claim 1, wherein the at least one source comprises an internet directory server that translates between domain names and IP addresses. 10. The system of claim 1, wherein the data collection module is further operable to communicate the at least one request to a security vulnerability device. 11. A method for providing network security, comprising: receiving first data at a sensor, the first data associated with potential attacks on a network security system;correlating by a manager server at least a portion of the first data to detect potential attacks on the system based on a correlation rule set;communicating by the manager server a query comprising the first data and the correlated data, the correlated data being based at least in part on the correlation of at least a portion of the first data;receiving the query from the manager server at a data collection module;generating by the data collection module at least one request for second data based upon the received query;communicating by the data collection module the at least one request to at least one source different from the sensor, wherein the at least one source is a server that translates IP addresses;correlating the second data received from the server that translates IP addresses with at least a portion of the first data received by the plurality of sensors; andgenerating a relationship score indicating a likelihood that the first data is related to a previous potential attack based on the correlated second data and event history in the archive database;the first data associated with potential attacks on the network security system being communicated from the sensor to the manager server without passing through the data collection module. 12. The method of claim 11, further comprising correlating at least a portion of the second data with the correlated portion of the first data. 13. The method of claim 11, further comprising: receiving the second data in response to the at least one request; andin response to receiving the second data, generating another request to at least one source different from the sensor. 14. The method of claim 11, wherein the first data is passively gathered and the second data is actively requested. 15. The method of claim 11, wherein the at least one source comprises one of: a geographic location server that translates between IP addresses and geographic locations; andan internet directory server that translates between domain names and IP addresses. 16. A data collection module for use in a network security system, the data collection module comprising: one or more processors;a state module operable to: receive a query from a manager server, the query comprising a first data associated with potential attacks on a network security system received at a sensor and correlated data, the correlated data generated by the manager server from at least a portion of the first data based on a correlation rule set in order to detect potential attacks on the system; andmaintain state information for a plurality of events, wherein at least one event is associated with potential attacks on a network security system;a data collection engine coupled to the state module and an archive database, the data collection module, for at least one event, operable to: communicate a request for data to a data source that translates IP addresses; andreceive data from the data source that translates IP addresses in response to the request; anda correlation engine operable to correlate the received data from the data source that translates IP addresses with the state information to detect potential attacks on the system, and generate a relationship score indicating a likelihood that the first data is related to a previous potential attack based on the correlated received data and event history in the archive database;the first data associated with potential attacks on the network security system being communicated from the sensor to the manager server without passing through the data collection module. 17. The data collection module of claim 16, wherein: at least one event is associated with data received from a sensor; andthe data source is different from the sensor. 18. The data collection module of claim 16, wherein the data collection engine generates another request for data based at least in part upon the received data. 19. The data collection module of claim 16, wherein the state information is associated with at least one of the following for each event: data that has been requested;data that has been received in response to a request;data that is yet to be requested; andcorrelated data. 20. The data collection module of claim 16, wherein the data source comprises one of: a geographic location server that translates between IP addresses and geographic locations; andan internet directory server that translates between domain names and IP addresses.

LOADING...

이 특허에 인용된 특허 (32) 인용/피인용 타임라인 분석

Sunanda D. Mitra, Adaptive vector quantization/quantizer.
상세보기
Ghanea Hercock,Robert A, Agent-based intrusion detection system.
상세보기
Steven C. Johnson ; Howard Glover, Aircraft terrain information system.
상세보기
Khanolkar,Rajeev; Azim,Ozakil; Asthana,Rishi; Ved,Niten; Hanrahan,Kevin; Ghildiyal,Amit; Pogaku,Shirisha; Amaratunge,Dhani; Samavenkata,K. V. Rao; Hamid,Aral Rarsh, Comprehensive security structure platform for network managers.
상세보기
Qian,Shen En; Hollinger,Allan B.; Gagnon,Luc, Data compression engines and real-time wideband compressor for multi-dimensional data.
상세보기
Wright ; Jr. Laurence E. ; Kimme Ernest G., Data compression system using source representation.
상세보기
Copeland, III,John A., Flow-based detection of network intrusions.
상세보기
Syvanne,Tuomo, Handling state information in a network element cluster.
상세보기
Rowan Larry (3440½Caroline Ave. Culver City CA 90230), Holographic display system.
상세보기
Tadashi Ohashi JP, Information collecting apparatus.
상세보기
Maloney Michael P. ; Suit John M. ; Scott Christopher J. ; Woodus Francis M., Information security analysis system.
상세보기
Dark,Susan Pittman, Intelligent feedback loop process control system.
상세보기
Day,Christopher W., Intrusion detection system using self-organizing clusters.
상세보기
Vachtesvanos, George J.; Dorrity, Lewis J.; Wang, Peng; Echauz, Javier; Mufti, Muid, Method and apparatus for analyzing an image to detect and identify patterns.
상세보기
Lim, Joo Hwee, Method and apparatus for indexing and retrieving images using visual keywords.
상세보기
Vinberg Anders ; Cass Ronald J. ; Huddleston David E. ; Pao John D. ; Barthram Phil K.,GBX ; Bayer Christopher W.,GBX, Method and apparatus for system state monitoring using pattern recognition and neural networks.
상세보기
Chong, Chee-Yee; Gong, Lester J.; Smythe, Erich J., Method and system for assessing attacks on computer networks using Bayesian networks.
상세보기
Aubrey B. Poore, Jr., Method and system for tracking multiple regional objects by multi-dimensional relaxation.
상세보기
Houri, Cyril, Method and systems for locating geographical locations of online users.
상세보기
Rowan Larry (3440½Caroline Ave. Culver CA 90230), Mobile assault logistic kinetmatic engagement device.
상세보기
Hild,Stefan G.; Pawlitzek,Rene; Stolze,Markus, Monitoring events in a computer network.
상세보기
Kimura,Keisuke; Yamamoto,Hiroyuki; Kariya,Aki; Murata,Katsutoshi; Odakura,Atsushi, Moving status information providing method and server.
상세보기
Fayyad, Usama; Shanmugasundaram, Jayavel, Multi-dimensional database record compression utilizing optimized cluster models.
상세보기
Pearlman, William A.; Said, Amir, N-dimensional data compression using set partitioning in hierarchical trees.
상세보기
Conklin David Allen ; Harrison John Reed, Network surveillance system.
상세보기
Shanklin, Steven D.; Lathem, Gerald S., Parallel intrusion detection sensors with load balancing for high speed networks.
상세보기
Yishai Ilani IL, Signal equalization.
상세보기
Stone, Cyro A.; Ybarra, Kathryn W.; Eich, Tom V., Surveillance and collision avoidance system with compound symbols.
상세보기
Holloway Malcolm H. ; Prorock Thomas Joseph, System and method for detecting and preventing security.
상세보기
Myllymaki,Jussi Petri; Ruvolo,Joann, System and method for determining network users' physical locations.
상세보기
Maeda Yoshiharu,JPX ; Takayama Kuniharu,JPX ; Naito Hirohisa,JPX ; Sekiguchi Minoru,JPX, System for providing guiding information for use in detecting and accessing a mobile object.
상세보기
Novik Dmitry A. (Washington DC), Systems and methods for interactive image data acquisition and compression.
상세보기

이 특허를 인용한 특허 (23) 인용/피인용 타임라인 분석

Sullivan, Gary J.; Pitkow, Jim; Brown, Marc; Chelliah, Raman, Determination and application of click quality.
상세보기
Diehl, David F.; Alperovitch, Dmitri; Ionescu, Ion-Alexandru; Kurtz, George Robert, Kernel-level security agent.
상세보기
Cabrera, Luis Felipe; Lietz, M. Shannon; Godinez, Javier, Method and apparatus for automating threat model generation and pattern identification.
상세보기
Weaver, Brett; Godinez, Javier; Brinkley, Capen; Bishop, Thomas; Lietz, M. Shannon; Cabrera, Luis Felipe, Method and system for comparing different versions of a cloud based application in a production environment using segregated backend systems.
상세보기
Lietz, M. Shannon; Cabrera, Luis Felipe, Method and system for creating enriched log data.
상세보기
Lietz, M. Shannon; Cabrera, Luis Felipe; Nisly, Barry J.; Neher, III, Ted R.; Godinez, Javier; Jain, Ankur, Method and system for dynamic and comprehensive vulnerability management.
상세보기
Cabrera, Luis Felipe; Lietz, M. Shannon, Method and system for enabling self-monitoring virtual assets to correlate external events with characteristic patterns associated with the virtual assets.
상세보기
Lietz, M. Shannon; Cabrera, Luis Felipe, Method and system for providing a virtual asset perimeter.
상세보기
Cabrera, Luis Felipe; Lietz, M. Shannon, Method and system for providing automated self-healing virtual assets.
상세보기
Lietz, M. Shannon; Cabrera, Luis Felipe; Price, Christian; Nikulshin, Michelle; Godinez, Javier; Philip, Sabu Kuruvila; Rambur, Brad A.; Kennedy, Scott Cruickshanks; Naugle, Erik Thomas; Bonney, William Q., Method and system for providing permissions management.
상세보기
Lietz, M. Shannon; Cabrera, Luis Felipe, Method and system for providing security aware applications.
상세보기
Lietz, M. Shannon; Cabrera, Luis Felipe; Bishop, Thomas; Weaver, Brett; Brinkley, Capen, Method and system for secure delivery of information to computing environments.
상세보기
Lietz, M. Shannon; Cabrera, Luis Felipe; Bishop, Thomas; Weaver, Brett; Brinkley, Capen, Method and system for secure delivery of information to computing environments.
상세보기
Lietz, M. Shannon; Cabrera, Luis Felipe, Method and system for virtual asset assisted extrusion and intrusion detection and threat scoring in a cloud computing environment.
상세보기
Pitkow, Jim; Chelliah, Raman; Brown, Marc, Network interaction monitoring appliance.
상세보기
Pitkow, Jim; Chelliah, Raman; Brown, Marc, Network interaction monitoring appliance.
상세보기
Zhao, Zhipeng; Wang, Yanlin; Singla, Anurag, Parameter adjustment for pattern discovery.
상세보기
Falkowitz, Oren; Syme, Philip; Darche, Blake, Remediating computer security threats using distributed sensor computers.
상세보기
Falkowitz, Oren; Syme, Philip; Darche, Blake, Remediating computer security threats using distributed sensor computers.
상세보기
Falkowitz, Oren; Syme, Philip; Darche, Blake, Remediating computer security threats using distributed sensor computers.
상세보기
Diehl, David F.; Alperovitch, Dmitri; Ionescu, Ion-Alexandru; Kurtz, George Robert, Security agent.
상세보기
Alperovitch, Dmitri; Kurtz, George Robert; Diehl, David Frederick; Krasser, Sven; Meyers, Adam S., Social sharing of security information in a group.
상세보기
Lietz, M. Shannon; Cabrera, Luis Felipe, System and method for providing a self-monitoring, self-reporting, and self-repairing virtual asset configured for extrusion and intrusion detection and threat scoring in a cloud computing environment.
상세보기

활용도 분석정보

상세보기

다운로드

내보내기

활용도 Top5 특허

해당 특허가 속한 카테고리에서 활용도가 높은 상위 5개 콘텐츠를 보여줍니다.
더보기 버튼을 클릭하시면 더 많은 관련자료를 살펴볼 수 있습니다.

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

[미국특허] System and method for active data collection in a network security system 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (32) 인용/피인용 타임라인 분석

이 특허를 인용한 특허 (23) 인용/피인용 타임라인 분석

활용도 분석정보

활용도 Top5 특허

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

[미국특허] System and method for active data collection in a network security system 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (32) 인용/피인용 타임라인 분석

이 특허를 인용한 특허 (23) 인용/피인용 타임라인 분석

활용도 분석정보

활용도 Top5 특허 더보기

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

활용도 Top5 특허