Claims
- 1. A method of detecting network-intrusions at a first node of a network, comprising:
identifying a frame as an intrusion by an intrusion detection application; archiving event-data associated with the frame; and decoding the event-data by a decode engine, the decode engine integrated within the intrusion detection application.
- 2. The method according to claim 1, further comprising providing, by a network filter service provider of the intrusion detection application, the event-data to an event-database.
- 3. The method according to claim 2, further comprising providing the event-data to a decode server.
- 4. The method according to claim 3, wherein the decode server obtains the event-data from at least one of an event viewer and a report server.
- 5. The method according to claim 1, further comprising:
generating a report from the decoded event-data; and providing the report to a report viewer.
- 6. The method according to claim 1, further comprising providing, by the intrusion detection application, the decoded event-data to an intrusion detection client application.
- 7. The method according to claim 6, wherein the decoded event-data is formatted, by the client application, for display in a graphical user interface.
- 8. The method according to claim 6, wherein the intrusion detection application runs locally on the first node.
- 9. The method according to claim 6, wherein the intrusion detection client application runs remotely on a second node, the first node and the second node operable to engage in a communication session between the client application and the intrusion detection application.
- 10. A computer-readable medium having stored thereon a set of instructions to be executed, the set of instructions, when executed by a processor, cause the processor to perform a computer method of:
identifying, by an intrusion detection application, a frame of data as intrusion-related; and decoding the intrusion-related data.
- 11. The computer-readable medium according to claim 10, wherein the instruction set, when executed by the processor, further causes the processor to perform the computer method of generating a report from the decoded intrusion-related data.
- 12. The computer-readable medium according to claim 10, wherein the instruction set, when executed by the processor, further causes the processor to perform the computer method of archiving the decoded intrusion-related data in a database.
- 13. The computer-readable medium according to claim 10, wherein the instruction set, when executed by the processor, further causes the processor to perform the computer method of archiving the identified data in a database.
- 14. The computer-readable medium according to claim 11, wherein the instruction set, when executed by the processor, further causes the processor to perform the computer method of transmitting the decoded data to a client application.
- 15. The computer-readable medium according to claim 14, wherein transmitting the decoded data to a client application further comprises transmitting the report to a client application in communication with the intrusion detection application.
- 16. The computer readable medium according to claim 15, wherein transmitting the report to a client application further comprises transmitting the report to the client application in communication with the intrusion detection application, the client application running remotely from the intrusion detection application.
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] This patent application is related to co-pending U.S. patent application Ser. No. ______, entitled “METHOD AND COMPUTER READABLE MEDIUM FOR SUPPRESSING EXECUTION OF SIGNATURE FILE DIRECTIVES DURING A NETWORK EXPLOIT,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application Ser. No. ______, entitled “SYSTEM AND METHOD OF DEFINING THE SECURITY CONDITION OF A COMPUTER SYSTEM,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application Ser. No. ______, entitled “SYSTEM AND METHOD OF DEFINING THE SECURITY VULNERABILITIES OF A COMPUTER SYSTEM,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application Ser. No. ______ entitled “SYSTEM AND METHOD OF DEFINING UNAUTHORIZED INTRUSIONS ON A COMPUTER SYSTEM,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application Ser. No. ______, entitled “NETWORK INTRUSION DETECTION SYSTEM AND METHOD,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application Ser. No. ______, entitled “NODE, METHOD AND COMPUTER READABLE MEDIUM FOR INSERTING AN INTRUSION PREVENTION SYSTEM INTO A NETWORK STACK,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application Ser. No. ______, entitled “METHOD, COMPUTER-READABLE MEDIUM, AND NODE FOR DETECTING EXPLOITS BASED ON AN INBOUND SIGNATURE OF THE EXPLOIT AND AN OUTBOUND SIGNATURE IN RESPONSE THERETO,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application Ser. No. ______, entitled “NETWORK, METHOD AND COMPUTER READABLE MEDIUM FOR DISTRIBUTED SECURITY UPDATES TO SELECT NODES ON A NETWORK,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application Ser. No. ______, entitled “METHOD, COMPUTER READABLE MEDIUM, AND NODE FOR A THREE-LAYERED INTRUSION PREVENTION SYSTEM FOR DETECTING NETWORK EXPLOITS,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application Ser. No. ______, entitled “SYSTEM AND METHOD OF AN OS-INTEGRATED INTRUSION DETECTION AND ANTI-VIRUS SYSTEM,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application Ser. No. ______, entitled “METHOD, NODE AND COMPUTER READABLE MEDIUM FOR IDENTIFYING DATA IN A NETWORK EXPLOIT,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application Ser. No. ______, entitled “NODE, METHOD AND COMPUTER READABLE MEDIUM FOR OPTIMIZING PERFORMANCE OF SIGNATURE RULE MATCHING IN A NETWORK,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application Ser. No. ______, entitled “METHOD, NODE AND COMPUTER READABLE MEDIUM FOR PERFORMING MULTIPLE SIGNATURE MATCHING IN AN INTRUSION PREVENTION SYSTEM,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application Ser. No. ______, entitled “USER INTERFACE FOR PRESENTING DATA FOR AN INTRUSION PROTECTION SYSTEM,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application Ser. No. ______, entitled “NODE AND MOBILE DEVICE FOR A MOBILE TELECOMMUNICATIONS NETWORK PROVIDING INTRUSION DETECTION,” filed Oct. 31, 2001, co-assigned herewith; U.S. patent application Ser. No. ______, entitled “SYSTEM AND METHOD OF GRAPHICALLY DISPLAYING DATA FOR AN INTRUSION PROTECTION SYSTEM,” filed Oct. 31, 2001, co-assigned herewith; and U.S. patent application, Ser. No. ______, entitled “SYSTEM AND METHOD OF GRAPHICALLY CORRELATING DATA FOR AN INTRUSION PROTECTION SYSTEM,” filed Oct. 31, 2001, co-assigned herewith.