Intrusion Detection Systems: NIDS Patent

[turnere () MimeStar com (turnere)]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
Hello fellow list users,

I was just doing a patent search from within the US Patent and Trademark
Office's database, and found the following patent:

 United States Patent 

5,796,942
 Esbensen

Aug. 18, 1998

Method and apparatus for automated network-wide surveillance and security
breach intervention 

                                                 Abstract

A network surveillance system includes a handler process (10) for
capturing network packets and filtering invalid packets, a first and
second
continuously sorted record file (15a, 15b), and a scanner process (30) for
scanning all sessions occurring on the network and checking for the
presence of certain rules (38). When a rule is met, indicating a security
incident, a variety of appropriate actions may be taken, including
notifying a network security officer via electronic or other mail or
recording or terminating a network session. The surveillance system
operates
completely independently of any other network traffic and the network file
server and therefore has no impact on network performance.
According to a further embodiment, the invention may include remote
surveillance agents (100a-c) for gathering network packets at a remote
location and transferring them to a server (110) for analysis by a network
surveillance system. 

 Inventors: 
          Esbensen; Daniel (Kihei, HI). 
 Assignee: 
          Computer Associates International, Inc. (Islandia, NY). 
 Appl. No.: 
          749,352
 Filed: 
          Nov. 21, 1996