Method and Apparatus for Distributed Intrusion Protection System for Ultra High Bandwidth Networks

Battelle Number: 14307 | N/A

Technology Overview

The need for network security is pervasive in organizations ranging from large corporate, governmental, and educational institutions to small business and individuals. These pervasive and continuing attacks on large networks, and the considerable costs and damages such attacks can inflict, have provided incentive for researchers in government, industry, and academia to search for methods and apparatus to provide security for these networks. Broad issues for designing high speed security include detecting and responding to security breaches. 

Researchers at PNNL have developed a method for providing security to a network with data streams that each have differing levels of sensitivity. The technology examines a data stream on a network to determine the presence of one or more predetermined characteristics exhibiting a predetermined combination of the predetermined characteristics. This invention provides security for high speed networks. More specifically, this invention offers methods and apparatus for distributed intrusion protection allowing security for ultra-high bandwidth networks.

Advantages

• Provides security to a network having a data stream with a plurality of portions of data, each having differing levels of sensitivity.

• Provides security to a network that does not degrade data flow to unacceptable levels.

• Protects ultra-high speed networks to overcome the following considerations:

  • Data rates are quickly outpacing the capability of network security appliances to sensor and secure the network as described in RFC 3473 (Generalized Multi-Protocol Label Switching (GMPLS) Signaling Resource ReserVation Protocol-Traffic Engineering (RSVP-TE) Extensions, available online at ftp://ftp.isi.edu/in-notes/rfc3473.txt).
  • High speed network infrastructures increase the need for mounting real time responses to network events.
  • Component resources are not centrally owned and policies for allowable activities, and allowable responses, may differ from site to site.

Availability

Available for licensing in all fields

Keywords

Cybersecurity, Method and Apparatus, Intrusion, network security, Bandwidth Networks; protection system

IP files

Portfolio

CY-Enterprise Cybersecurity

Market Sectors

Security