Systems and methods for self-tuning network intrusion detection and prevention

摘要

Systems and method of the present disclosure are directed to a network security tool. In some embodiments, the tool identifies a current vulnerability of a private network. The tool can determine a signature of an attack configured to exploit the current vulnerability. The tool can comparing the signature with active and inactive signatures stored in a signature repository. The tool can compare the signatures to identify an inactive signature corresponding to the signature of the attack configured to exploit the current vulnerability. The tool can automatically activate, responsive to the comparison, the identified inactive signature. The tool can use the activated signature to identify an exploit based on data packets received via the private network.

主权项

1. A method of mitigating intrusions via a computer network, comprising:
identifying, by a vulnerability assessment tool, a current vulnerability of a private network; determining, by the vulnerability assessment tool, a signature of an attack configured to exploit the current vulnerability; comparing, by a network security device, the signature with active and inactive signatures stored in a signature repository to identify an inactive signature corresponding to the signature of the attack configured to exploit the current vulnerability, the inactive signature previously activated and used by the network security device to detect exploits; automatically activating, by the network security device responsive to the comparison, the identified inactive signature; and using, by an intrusion detector, the activated signature to analyze data packets received via the private network to detect an exploit.