公开(公告)号：US20190124095A1

公开(公告)日：2019-04-25

申请号：US15982318

申请日：2018-05-17

申请人： Intel Corporation

发明人： Satyendra Yadav

IPC分类号： H04L29/06

CPC分类号： H04L63/1416 ,  H04L63/02 ,  H04L63/0218 ,  H04L63/0227 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/20

摘要： Intrusion preludes may be detected (including detection using fabricated responses to blocked network requests), and particular sources of network communications may be singled out for greater scrutiny, by performing intrusion analysis on packets blocked by a firewall. An integrated intrusion detection system uses an end-node firewall that is dynamically controlled using invoked-application information and a network policy. The system may use various alert levels to trigger heightened monitoring states, alerts sent to a security operation center, and/or logging of network activity for later forensic analysis. The system may monitor network traffic to block traffic that violates the network policy, monitor blocked traffic to detect an intrusion prelude, and monitor traffic from a potential intruder when an intrusion prelude is detected. The system also may track behavior of applications using the network policy to identify abnormal application behavior, and monitor traffic from an abnormally behaving application to identify an intrusion.

公开(公告)号：US10771484B2

公开(公告)日：2020-09-08

申请号：US15982318

申请日：2018-05-17

申请人： Intel Corporation

发明人： Satyendra Yadav

IPC分类号： H01L29/06 ,  H04L29/06

摘要： Intrusion preludes may be detected (including detection using fabricated responses to blocked network requests), and particular sources of network communications may be singled out for greater scrutiny, by performing intrusion analysis on packets blocked by a firewall. An integrated intrusion detection system uses an end-node firewall that is dynamically controlled using invoked-application information and a network policy. The system may use various alert levels to trigger heightened monitoring states, alerts sent to a security operation center, and/or logging of network activity for later forensic analysis. The system may monitor network traffic to block traffic that violates the network policy, monitor blocked traffic to detect an intrusion prelude, and monitor traffic from a potential intruder when an intrusion prelude is detected. The system also may track behavior of applications using the network policy to identify abnormal application behavior, and monitor traffic from an abnormally behaving application to identify an intrusion.

公开(公告)号：US20160088002A1

公开(公告)日：2016-03-24

申请号：US14861232

申请日：2015-09-22

申请人： Intel Corporation

发明人： Satyendra Yadav

IPC分类号： H04L29/06

CPC分类号： H04L63/1416 ,  H04L63/02 ,  H04L63/0218 ,  H04L63/0227 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/20

摘要： Intrusion preludes may be detected (including detection using fabricated responses to blocked network requests), and particular sources of network communications may be singled out for greater scrutiny, by performing intrusion analysis on packets blocked by a firewall. An integrated intrusion detection system uses an end-node firewall that is dynamically controlled using invoked-application information and a network policy. The system may use various alert levels to trigger heightened monitoring states, alerts sent to a security operation center, and/or logging of network activity for later forensic analysis. The system may monitor network traffic to block traffic that violates the network policy, monitor blocked traffic to detect an intrusion prelude, and monitor traffic from a potential intruder when an intrusion prelude is detected. The system also may track behavior of applications using the network policy to identify abnormal application behavior, and monitor traffic from an abnormally behaving application to identify an intrusion.

公开(公告)号：US09143525B2

公开(公告)日：2015-09-22

申请号：US14300420

申请日：2014-06-10

申请人： Intel Corporation

发明人： Satyendra Yadav

IPC分类号： H04L29/06

CPC分类号： H04L63/1416 ,  H04L63/02 ,  H04L63/0218 ,  H04L63/0227 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/20

摘要： Intrusion preludes may be detected (including detection using fabricated responses to blocked network requests), and particular sources of network communications may be singled out for greater scrutiny, by performing intrusion analysis on packets blocked by a firewall. An integrated intrusion detection system uses an end-node firewall that is dynamically controlled using invoked-application information and a network policy. The system may use various alert levels to trigger heightened monitoring states, alerts sent to a security operation center, and/or logging of network activity for later forensic analysis. The system may monitor network traffic to block traffic that violates the network policy, monitor blocked traffic to detect an intrusion prelude, and monitor traffic from a potential intruder when an intrusion prelude is detected. The system also may track behavior of applications using the network policy to identify abnormal application behavior, and monitor traffic from an abnormally behaving application to identify an intrusion.

公开(公告)号：US10044738B2

公开(公告)日：2018-08-07

申请号：US14861232

申请日：2015-09-22

申请人： Intel Corporation

发明人： Satyendra Yadav

IPC分类号： H04L29/06

摘要： Intrusion preludes may be detected (including detection using fabricated responses to blocked network requests), and particular sources of network communications may be singled out for greater scrutiny, by performing intrusion analysis on packets blocked by a firewall. An integrated intrusion detection system uses an end-node firewall that is dynamically controlled using invoked-application information and a network policy. The system may use various alert levels to trigger heightened monitoring states, alerts sent to a security operation center, and/or logging of network activity for later forensic analysis. The system may monitor network traffic to block traffic that violates the network policy, monitor blocked traffic to detect an intrusion prelude, and monitor traffic from a potential intruder when an intrusion prelude is detected. The system also may track behavior of applications using the network policy to identify abnormal application behavior, and monitor traffic from an abnormally behaving application to identify an intrusion.