首页>
外国专利>
Correlating network information and intrusion information to find the entry point of an attack upon a protected computer
Correlating network information and intrusion information to find the entry point of an attack upon a protected computer
展开▼
机译:关联网络信息和入侵信息以查找对受保护计算机的攻击的切入点
展开▼
页面导航
摘要
著录项
相似文献
摘要
A method for determining the entry point of an attack by a vandal such as a hacker upon a device such as a computer or a server such as a web server that operates under the protection of an intrusion detection system. Intrusion detection information regarding the attack and network information regarding the attack are correlated, and the entry point of the attack thereby deduced. In one embodiment, a source address of a message representative of the attack is found in a router table of a router that provides a connection supporting the attack. Logical ports of the connection are determined, and the corresponding physical ports found, thereby identifying the attack's entry point into the protected device.
展开▼