Method and device for intrusion detection in a computer network

Assignee

• Robert Bosch GmbH · DE

Inventors

• Andreas Weber · Weissach, DE
• Janin Wolfinger · Birkenfeld, DE
• Jens Gramm · Rötteln, DE
• Michael Herrmann · Mindelheim, DE
• Wolfram Gottschlich · Leonberg, DE

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2101/622
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A device and method for intrusion detection in a computer network. A data packet is received at an input of a hardware switch unit, an output of the hardware switch unit is selected for sending the data packet or a copy as a function of security layer information from the data packet and of a hardware address, context information for the data packet being determined, an actual value from a field being compared in a comparison by a hardware filter with a setpoint value for values from this field, the field including security layer data or mediation layer data, and an interrupt for a computing device being triggered as a function of a result of the comparison, an analysis for detecting an intrusion pattern in a network traffic in the computer network, triggered by the interrupt, being carried out as a function of the context information for the data packet.