Method and apparatus for an intruder detection reporting and response system

Assignees

• VERIZON CORPORATE SERVICES GROUP INC. · US
• BBNT Solutions LLC. · US
• Genuity Group, LLC · US

Inventor

• Steven Phillip Grainger · Lowell, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1416
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method and apparatus is disclosed for improving the security of computer networks by providing a means operating passively on the network for detecting, reporting and responding to intruders. The system is comprised of a plurality of intruder sensor client computers and associated event correlation engines. Resident in the memory of the client computer and operating in the background is a Tactical Internet Device Protection (TIDP) component consisting of a passive intruder detector and a security Management Information Base (MIB). The passive intruder detector component of the TIDP passively monitors operations performed on the client computer and emits a Simple Network Management Protocol (SNMP) trap to an event correlation engine when it identifies a suspected intruder. The event correlation engine, through the use of a behavior model loaded in its memory, determines whether the user's activities are innocent or those of a perspective intruder. When the event correlation engine is unable to classify a user based on a single trap message, it can request historical information from the security MIB, a database of the operating history of the client computer including a chronology…