Unlock instant, AI-driven research and patent intelligence for your innovation.

Source/destination operating system type-based IDS virtualization

An operating system and virtualization technology, applied in the direction of transmission system, electrical components, etc., can solve the problem that the system cannot be upgraded well

Active Publication Date: 2010-05-05
CISCO TECH INC
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For example, state-of-the-art systems generally do not scale well when the number of threat signatures continues to increase

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Source/destination operating system type-based IDS virtualization
  • Source/destination operating system type-based IDS virtualization
  • Source/destination operating system type-based IDS virtualization

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0013] Embodiments of the present invention relate to techniques for intrusion detection system (IDS) virtualization based on packet target operating system (OS) characteristics and tuning packet inspection to a reduced set of threat signatures. Tuning and the accompanying IDS virtualization are in turn based on the use of passive and / or active packet fingerprinting to determine the target operating system of a packet. In some embodiments, the target OS may be a tuple consisting of the operating systems of the packet's source host and the packet's destination host.

[0014] figure 1 A virtualized intrusion detection system 100 configured in accordance with one embodiment of the invention is shown. Viewed at a high level, the system 100 consists of an interface to the unprotected network 101 , an inspection / processing system component, and a second interface to the protected network 102 . Additionally, operator interface 120 allows an operator to load a population of threat s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Systems and methods for virtualizing network intrusion detection system (IDS) functions based on each packet's source and / or destination host computer operating system (OS) type and characteristics are described. Virtualization is accomplished by fingerprinting each packet to determine the packet's target OS and then vetting each packet in a virtual IDS against a reduced set of threat signatures specific to the target OS. Each virtual IDS, whether operating on a separate computer or operating as a logically distinct process or separate thread running on a single computer processor, may also operate in parallel with other virtual IDS processes. IDS processing efficiency and speed are greatly increased by the fact that a much smaller subset of threat signature universe is used for each OS-specific packet threat vetting operation.

Description

Background technique [0001] A typical computer networking system may include an intrusion detection system (IDS) or the like configured to monitor network traffic and block attacks or intrusion attempts into protected cyberspace. Such an intrusion detection system may include or be co-located with various types of firewalls, packet monitors, and other devices (such as advanced routers) that typically include intrusion sensing functionality. These systems include active and passive devices and are collectively referred to as "sensors". [0002] An IDS may include a network interface for receiving packets, a packet filtering mechanism for determining whether to accept incoming packets, memory for storing threat signatures, and a mechanism for sending (or forwarding) packets to the protected network network interfaces in , and so on. The above-described elements of an IDS may be implemented in hardware, software, or some combination of the two. [0003] IDS sensors can also be...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416
Inventor 拉维杉卡·干纳施·伊特霍
Owner CISCO TECH INC