Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and system for reducing the false alarm rate of network intrusion detection systems

A network intrusion detection and false alarm rate technology, applied in transmission systems, digital transmission systems, data exchange networks, etc., can solve problems such as stoppage of work, heavy pressure on network database updates, slow network services, etc., and achieve low false positives The effect of reducing the rate and false alarm rate

Inactive Publication Date: 2010-09-29
CISCO TECH INC
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This system is insufficient for most networks because the topology, type, and location of network devices are constantly changing, and this system requires administrators to maintain a static database
Additionally, the stress of constantly scanning and keeping network databases updated can often cause network services to slow down or stop working

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for reducing the false alarm rate of network intrusion detection systems
  • Method and system for reducing the false alarm rate of network intrusion detection systems
  • Method and system for reducing the false alarm rate of network intrusion detection systems

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0013] reference attached Figure 1 to Figure 4 To best understand the embodiments of the invention, like numerals are used for like and corresponding parts in the various drawings.

[0014] figure 1 A schematic diagram of a system 100 for reducing the false positive rate of a network intrusion detection system ("NIDS") 108 using a passive analysis tool 110 is shown, according to one embodiment of the present invention. In the illustrated embodiment, NIDS 108 is coupled to link 106 that communicatively couples unguarded network 102 and guarded network 104 . The system 100 also includes a network administrator 112 using a passive analysis tool 110, as described in detail below.

[0015] Undefended network 102 may be any suitable network external to secured network 104 . An example of an unprotected network 102 is the Internet. The guarded network 104 may be any suitable network, such as a local area network, a wide area network, a virtual private network, or any other netwo...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

According to one embodiment of the invention, a method for reducing the fals e alarm rate of network intrusion detection systems includes receiving an alar m indicating a network intrusion may have occurred, identifying characteristic s of the alarm, including at least an attack type and a target address, queryi ng a target host associated with the target address for an operating system fingerprint, receiving the operating system fingerprint that includes the operating system type from the target host, comparing the attack type to the operating system type, and indicating whether the target host is vulnerable to the attack based on the comparison.

Description

technical field [0001] The present invention relates generally to intrusion detection, and more particularly to methods and systems for reducing the false positive rate of network intrusion detection systems. Background technique [0002] A Network Intrusion Detection System ("NIDS") is generally designed to monitor network activity in real time for suspicious or known malicious activity, and to report these findings to appropriate personnel. By closely monitoring all activity, NIDS can alert computer intrusions relatively quickly and give administrators time to prevent or contain the intrusion, or allow NIDS to automatically react to and stop the attack. In the security industry, a NIDS can be a passive traffic observer or an active network component that reacts in real time to block attacks. [0003] Because NIDS are passive network traffic observers, they often lack some knowledge about the attacking and defending hosts, which makes it impossible to determine whether the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/26G06F1/00G06F21/00
CPCH04L43/00H04L63/20H04L63/1408G06F21/554H04L63/1416H04L12/2602
Inventor 克雷格·H·罗兰
Owner CISCO TECH INC