Systems, methods, and devices for detecting security vulnerabilities in IP networks

摘要

This invention is a system, method, and apparatus for detecting compromise of IP devices that make up an IP-based network. One embodiment is a method for detecting and alerting on the following conditions: (1) Denial of Service Attack; (2) Unauthorized Usage Attack (for an IP camera, unauthorized person seeing a camera image); and (3) Spoofing Attack (for an IP camera, unauthorized person seeing substitute images). A survey of services running on the IP device, historical benchmark data, and traceroute information may be used to detect a possible Denial of Service Attack. A detailed log analysis and a passive DNS compromise system may be used to detect a possible unauthorized usage. Finally, a fingerprint (a hash of device configuration data) may be used as a private key to detect a possible spoofing attack. The present invention may be used to help mitigate intrusions and vulnerabilities in IP networks.

主权项

1. A vulnerability detection and alerting system for detecting compromise of one or more internet protocol (IP) devices on an IP network, the system comprising:
a detector configured to detect one or more primitive vulnerability events in the IP devices; and an attribute engine configured to generate attribute data representing information about an importance of the IP devices, wherein the attribute data has an associated weighting function, and the primitive vulnerability events are weighted according to the attribute data corresponding to one of the IP devices that generated the primitive vulnerability events, wherein the attribute data comprises quality of data produced by the IP devices, age of the IP devices, time since last maintenance of the IP devices, integrity of the IP devices, and reliability of the IP devices.