What technology area does this patent fall under?

Primary CPC classification H04L63/1441. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Feb 10 2026 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Network intrusion prevention in edge computing environments

US12549591B2 · US · B2

Patent metadata
Field	Value
Publication number	US-12549591-B2
Application number	US-202318178579-A
Country	US
Kind code	B2
Filing date	Mar 6, 2023
Priority date	Mar 6, 2023
Publication date	Feb 10, 2026
Grant date	Feb 10, 2026

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Computer-implemented methods, systems and program products extending traditional cloud-centric intrusion detection to edge networks. NIDPS is decentralized between the edge and cloud. Edge gateways equipped with NIDPS agents capture packets of network traffic and pre-process the data. Pre-processing output is compressed and sent to cloud intrusion detection services equipped with latest available rules and signatures. As cloud IDS detects security threats using rules and signatures, NIDPS agents are alerted and switched from “lazy mode” to “preventative mode.” While in preventative mode, NIDPS agents inspect packets of network traffic in accordance with the rules and signatures associated with the detected security threat, dropping packets that trigger the rules and signatures, while still compressing and transmitting other packets to cloud IDS for analysis. Once no active rules or signatures are enforced for pre-set or configured periods of time, NIDPS agents revert back to “lazy mode” to conserve network resources.

First claim

Opening claim text (preview).

What is claimed is: 1 . A computer-implemented method for extending Network Intrusion Detection and Prevention Systems (NIDPS) to an edge network, the computer-implemented method comprising: capturing, by an NIDPS agent of a gateway within the edge network, packets of network traffic passing through the gateway while the NIDPS agent is placed into a first mode reducing pre-processor output of the NIDPS agent; pre-processing, by the NIDPS agent, the packets of network traffic; compressing, by the NIDPS agent, output of the pre-processing of the packets of network traffic using lossless compression; transmitting, by the NIDPS agent, compressed pre-processed packets of the network traffic to a cloud intrusion detection service (IDS); upon detection of a security threat by the cloud IDS, receiving, by the NIDPS agent, an alert indicating possible rules being violated and a set of rules or signatures from the cloud IDS; and switching the NIDPS agent to a second mode, wherein while in the second mode, the NIDPS agent prevents transmission of certain types of packets corresponding to the set of rules or signatures from passing through the gateway; and wherein the NIDPS agent of the gateway further operates as an NIDPS agent of a second gateway within the edge network, whereby the NIDPS agent placed in the first mode, or the second mode applies to both the gateway and the second gateway, and the NIDPS agent shares the set of rules or signatures from the cloud IDS with the gateway and the second gateway. 2 . The computer-implemented method of claim 1 , further comprising: inspecting, by the NIDPS agent placed in the second mode, the packets of network traffic; matching, by the NIDPS agent placed in the second mode, one or more of the packets of network traffic to the set of rules or signatures; and dropping, by the NIDPS agent placed in the second mode, the one or more of the packets of network traffic that match the set of rules or signatures. 3 . The computer-implemented method of claim 2 , wherein remaining packets of network traffic that do not match the set of rules or signatures continue to be pre-processed, compressed and transmitted to the cloud IDS while the NIDPS agent is in the second mode. 4 . The computer-implemented method of claim 2 , wherein the NIDPS agent is placed into the second mode for a configurable interval of time; and upon the NIDPS agent not matching one or more of the packets of network traffic to the set of rules or signatures, or the cloud IDS alerting the NIDPS agent of possible rules being violated for the configurable interval of time, switching the NIDPS agent from the second mode to the first mode. 5 . The computer-implemented method of claim 1 , further comprising: wherein the edge network includes a plurality of gateways positioned within a common location or region, and a plurality of NIDPS agents assigned to monitor the packets of network traffic passing through the plurality of gateways; upon a threshold number of the plurality of NIDPS agents switching from the first mode to the second mode, switching all NIDPS agents of the plurality of NIDPS agents within the common location or region of the edge network to the second mode; and broadcasting the set of rules or signatures from the cloud IDS to all of the NIDPS agents within the common location or region of the edge network. 6 . The computer-implemented method of claim 5 , wherein the plurality of NIDPS agents are placed into the second mode for a configurable interval of time; upon one or more of the plurality of NIDPS agents not matching one or more of the packets of network traffic to the set of rules or signatures, or the cloud IDS alerting the one or more NIDPS agents of possible rules being violated for the configurable interval of time, switching the one or more NIDPS agent from the second mode to the first mode; and upon a threshold number of the plurality of NIDPS agents switching from the second mode back to the first mode, switching all of the plurality of NIDPS agents to the first mode. 7 . A computer-implemented method for extending Network Intrusion Detection and Prevention Systems (NIDPS) to an edge network, the computer-implemented method comprising: capturing, by an NIDPS agent of a gateway within the edge network, packets of network traffic passing through the gateway while the NIDPS agent is placed into a first mode reducing pre-processor output of the NIDPS agent, wherein the edge network includes a plurality of gateways positioned within a common location or region, and a plurality of NIDPS agents assigned to monitor the packets of network traffic passing through the plurality of gateways; pre-processing, by the NIDPS agent, the packets of network traffic; compressing, by the NIDPS agent, output of the pre-processing of the packets of network traffic using lossless compression; transmitting, by the NIDPS agent, compressed pre-processed packets of the network traffic to a cloud intrusion detection service (IDS); upon detection of a security threat by the cloud IDS, receiving, by the NIDPS agent, an alert indicating possible rules being violated and a set of rules or signatures from the cloud IDS; switching the NIDPS agent to a second mode, wherein while in the second mode, the NIDPS agent prevents transmission of certain types of packets corresponding to the set of rules or signatures from passing through the gateway; upon a threshold number of the plurality of NIDPS agents switching from the first mode to the second mode, switching all NIDPS agents of the plurality of NIDPS agents within the common location or region of the edge network to the second mode; and broadcasting the set of rules or signatures from the cloud IDS to all of the NIDPS agents within the common location or region of the edge network. 8 . The computer-implemented method of claim 7 , further comprising: inspecting, by the NIDPS agent placed in the second mode, the packets of network traffic; matching, by the NIDPS agent placed in the second mode, one or more of the packets of network traffic to the set of rules or signatures; and dropping, by the NIDPS agent placed in the second mode, the one or more of the packets of network traffic that match the set of rules or signatures. 9 . The computer-implemented method of claim 8 , wherein remaining packets of network traffic that do not match the set of rules or signatures continue to be pre-processed, compressed and transmitted to the cloud IDS while the NIDPS agent is in the second mode. 10 . The computer-implemented method of claim 8 , wherein the NIDPS agent is placed into the second mode for a configurable interval of time; and upon the NIDPS agent not matching one or more of the packets of network traffic to the set of rules or signatures, or the cloud IDS alerting the NIDPS agent of possible rules being violated for the configurable interval of time, switching the NIDPS agent from the second mode to the first mode. 11 . The computer-implemented method of claim 7 , wherein the plurality of NIDPS agents are placed into the second mode for a configurable interval of time. 12 . A computer-implemented method for extending Network Intrusion Detection and Prevention Systems (NIDPS) to an edge network, the computer-implemented method comprising: capturing, by an NIDPS agent of a gateway within the edge network, packets of network traffic passing through the gateway while the NIDPS agent is placed into a first mode reducing pre-processor output of the NIDPS agent; pre-processing, by the NIDPS agent, the packets of network traffic; compressing, by the NIDPS agent, output of the pre-processing of the packets

Assignees

Inventors

Classifications

H04L63/1416
Event detection, e.g. attack signature detection · CPC title
H04L63/0236
Filtering by address, protocol, port number or service, e.g. IP-address or URL · CPC title
H04L63/1441Primary
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title

Patent family

Related publications grouped by family.

View patent family 92635152

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US12549591B2 cover?: Computer-implemented methods, systems and program products extending traditional cloud-centric intrusion detection to edge networks. NIDPS is decentralized between the edge and cloud. Edge gateways equipped with NIDPS agents capture packets of network traffic and pre-process the data. Pre-processing output is compressed and sent to cloud intrusion detection services equipped with latest availab…
Who is the assignee on this patent?: IBM
What technology area does this patent fall under?: Primary CPC classification H04L63/1441. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Feb 10 2026 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).

How to read this patent

Abstract

First claim

Assignees

Inventors

Classifications

Patent family

External sources

Related patents

Dynamic proxy placement for policy-based routing

Iot adaptive threat prevention

Multi-entity resource, security, and service management in edge computing deployments

Systems and methods for remediating internet of things devices

Method of hub communication with surgical instrument systems

Controlling malicious activity detection using behavioral models

Frequently asked questions