METHOD AND SYSTEM FOR INTRUSION PREVENTION AND DEFLECTION,

摘要

A system for preventing intrusion in communication traffic with a set (130) of machines in a network includes a data base (415) having stored therein patterns representative of forbidden communication entities as well a firewall module (412a) configured for blocking forbidden communication entities in the traffic as identified by respective patterns included in the data base (415). The system further includes another data base (416) having stored therein patterns representative of allowed communication entities for communication with said set of machines (130) and a test system (420) including test facilities (421) replicating the machines in said set (130). A communication module (410) is provided configured for allowing (411b) communication of allowed communication entities as identified by respective patterns included in the other data base (416). Unknown communication entities as identified by respective unknown patterns not included in either of said data base (415) and said further data base (416) are directed (411d) to the test system (420) and run on the test facilities (421) therein to detect possible adverse effects of such unknown communication entities on the test system. The system is further configured so that: i) in the presence of an adverse effect, the unknown communication entity leading to the adverse effect is blocked by the firewall module (412a), and ii) in the absence of an adverse effect, communication of the unknown communication entity failing to lead to said adverse effect is allowed.