Access multiplexer with remote intrusion detection capability
An access multiplexer, intrusion detection technology, applied in the direction of instruments, transmission systems, telephone communications, etc., can solve the problems of consuming host CPU power and memory resources, difficult to manage and upgrade, unable to detect multiple operating system abnormalities, etc. To achieve the effect of saving CPU power and memory resources, easy to manage
Inactive Publication Date: 2005-06-15
ALCATEL LUCENT SAS
View PDF0 Cites 3 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0006] Known host-based intrusion detection systems, whether combined with network-based intrusion detection systems or not, run on a single host or a small number of hosts in a local area network, and therefore cannot detect anomalies in multiple operating systems
Moreover, this host-based intrusion detection system consumes CPU power and memory resources of the host, and is difficult to manage and upgrade.
Therefore, this known host-based intrusion detection system is very unsuitable for applications where there are a very large number of access subscribers (e.g. close to thousands of digital subscriber lines (DSLAM) connected to a single digital subscriber line access multiplexer (DSLAM). DSL) users) are used in the access network connected to an access multiplexer. Typically, these users run different operating systems on PCs
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0019] In the prior art network shown in Figure 1, hosts H1, H2, H3, and H4 and a first centralized host-based intrusion detection system CHIDS1 form part of a first network segment NS1; similarly, hosts H5, H6, H7 Together with H8 and the second centralized host-based intrusion detection system CHIDS2 form part of the second network segment NS2. Both the network segment NS1 and the network segment NS2 are connected to the public network ("network" in Figure 1) through the network-based intrusion detection system NIDS.
[0020] For example, both the first network segment NS1 and the second network segment NS2 are the company's LAN (Local Area Network), wherein hosts H1, H2, H3, H4, H5, H6, H7 and H8 represent personal computers, such as desktop computers or laptops. desktop computer. The first centralized host-based intrusion detection system CHIDS1 and the second centralized host-based intrusion detection system CHIDS2 are application software, such as Unipalm's Symantec (Sy...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The access multiplexer (DSLAM) according to the present invention combines a remote host-based intrusion detection system (RHIDS) to detect the Malicious behavior on a large number of access users; and finally a network-based intrusion detection system (NIDS2) is also incorporated to detect all access users connected to an access multiplexer by analyzing incoming and outgoing traffic for attack signature patterns (S21 , S22...S2N) malicious behavior.
Description
technical field [0001] The present invention relates to intrusion detection, which is the technique of detecting inappropriate, malicious, incorrect or abnormal behavior in a communication network. An intrusion can be any attack from the outside, and the detection of such an attack is usually based on statistical anomaly analysis and / or traffic pattern matching. The state of the art intrusion detection systems are such as host-based classical intrusion detection systems or network-based intrusion detection systems. Background technique [0002] A host-based intrusion detection system runs on a host to detect malicious behavior on that particular host. Typically, a host-based intrusion detector consists of software loaded on a monitored computer or host system to scan traffic to and from the computer, check the integrity of system files, and monitor suspicious processes. Host intrusion detection software can utilize all or selected system and user log files, and / or monitor ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): G06F1/00H04L9/00H04L12/24H04L29/06H04M11/06
CPCH04L63/1408H04M11/062
Inventor S·米克莱亚M·佩尔特E·F·E·博尔斯
Owner ALCATEL LUCENT SAS