Method and device for intrusion detection in a computer network

Assignee

• Robert Bosch GmbH · DE

Inventors

• Andreas Weber · Weissach, DE
• Janin Wolfinger · Birkenfeld, DE
• Jens Gramm · Rötteln, DE
• Michael Herrmann · Mindelheim, DE
• Wolfram Gottschlich · Leonberg, DE

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L69/325
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Device and method for intrusion detection in a computer network. A data packet is received at an input of a hardware switch unit, an output of the hardware switch unit being selected for sending the data packet or a copy as a function of data link layer information from the data packet and of a hardware address from a memory of the hardware switch unit. An actual value from a field of the data packet is compared by a hardware filter with a setpoint value for values from this field, the field including data link layer data or network layer data, and the data packet or a copy of the data packet being provided to a computing device as a function of a result of the comparison. The analysis for detecting an intrusion pattern in a network traffic in the computer network id carried out by the computing device.