METHOD FOR AUTOMATIC INTRUSION DETECTION AND DEFLECTION IN A NETWORK

摘要

A method and a system for providing security to a network (12) by at least identifying and unauthorized user (20) who is attempting to gain access to a node (16) on the network (12), and preferably by then actively blocking that unauthorized user (20) from further activities. Detection is facilitated by the unauthorized user (20) providing "earmark", or specially crafted false data, which the unauthorized user (20) gathers during the information collection stage performed before an attack. The earmark is designed such that any attempt by the unauthorized user (20) to use such false data results in the immediate identification of the unauthorized user (20) as hostile, and indicates that an intrusion of the network (12) is being attempted. Preferably, further access to the network (12) is then blocked by diverting traffic from the unauthorized user (20) to a secure zone (32), where the activities of the unauthorized user can be contained without damage to the network (12).