Methods, media, and systems for securing communications between a first node and a second node

US 10,178,104 B2
Filed: 05/05/2017
Issued: 01/08/2019
Est. Priority Date: 10/31/2005
Status: Active Grant

First Claim

Patent Images

1. A method for securing communications between a first node and a second node, comprising:

receiving via a network interface at least one model of behavior of the second node at least one hardware processor of the first node, which the at least one model of behavior of the second node was generated by a node other than the first node and which at least one model of behavior of the second node represents a payload profile of normal traffic of the second node;

determining, using the at least one hardware processor of the first node, how similar are the at least one model of behavior of the second node and at least one model of behavior of the first node, which at least one model of behavior of the first node represents a payload profile of normal traffic of the first node; and

checking whether a distance between input traffic from the second node and one of at least one model of behavior of the first node is below a first threshold.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, media, and systems for securing communications between a first node and a second node are provided. In some embodiments, methods for securing communication between a first node and a second node are provided. The methods comprising: receiving at least one model of behavior of the second node at the first node; and authorizing the first node to receive traffic from the second node based on the difference between the at least one model of behavior of the second node and at least one model of behavior of the first node.

86 Citations

18 Claims

1. A method for securing communications between a first node and a second node, comprising:
- receiving via a network interface at least one model of behavior of the second node at least one hardware processor of the first node, which the at least one model of behavior of the second node was generated by a node other than the first node and which at least one model of behavior of the second node represents a payload profile of normal traffic of the second node;
  
  determining, using the at least one hardware processor of the first node, how similar are the at least one model of behavior of the second node and at least one model of behavior of the first node, which at least one model of behavior of the first node represents a payload profile of normal traffic of the first node; and
  
  checking whether a distance between input traffic from the second node and one of at least one model of behavior of the first node is below a first threshold.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising checking whether a distance between the input traffic from the second node and one of the at least one model of behavior of the second node is below a second threshold.
  - 3. The method of claim 1, further comprising granting, using the at least one hardware processor of the first node, the second node access to a network of the first node based on how different are the at least one model of behavior of the second node and the at least one model of behavior of the first node.
  - 4. The method of claim 1, further comprising determining a distance between the at least one model of behavior of the second node and the at least one model of behavior of the first node.
  - 5. The method of claim 4, further comprising comparing the distance to a threshold.
  - 6. The method of claim 5, further comprising calculating the threshold based on the distance between the at least one model of behavior of the first node and at least one model of behavior of at least one other node.

7. A device that secures communications between a first node and a second node, comprising:
- an interface in communication with a network;
  
  a memory; and
  
  a processor in communication with the memory and the interface;
  
  wherein the processor;
  
  receives via a network interface at least one model of behavior of the second node, which the at least one model of behavior of the second node was generated by a node other than the first node and which at least one model of behavior of the second node represents a payload profile of normal traffic of the second node;
  
  determines how similar are the at least one model of behavior of the second node and at least one model of behavior of the first node, which at least one model of behavior of the first node represents a payload profile of normal traffic of the first node; and
  
  checks whether a distance between input traffic from the second.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The device of claim 7, wherein the processor further checks whether a distance between the input traffic from the second node and one of the at least one model of behavior of the second node is below a second threshold.
  - 9. The device of claim 8, wherein the processor further grants the second node access to a network of the first node based on how different are the at least one model of behavior of the second node and the at least one model of behavior of the first node.
  - 10. The device of claim 8, wherein the processor further determines a distance between the at least one model of behavior of the second node and the at least one model of behavior of the first node.
  - 11. The device of claim 10, wherein the processor further compares the distance to a threshold.
  - 12. The device of claim 11, where the processor further calculates the threshold based on the distance between the at least one model of behavior of the first node and at least one model of behavior of at least one other node.

13. A non-transitory computer-readable medium containing computer executable instructions that, when executed by a processor of a first node, cause the processor to perform a method for securing communications between the first node and a second node, comprising:
- receiving, via a network interface at least one model of behavior of the second node, which the at least one mode of behavior of the second node was generated by a node other than the first node and which at least one model of behavior of the second node represents a payload profile of normal traffic of the second node;
  
  determining how similar are the at least one model of behavior of the second node and at least one model of behavior of the first node, which at least one model of behavior of the first node represents a payload profile of normal traffic of the first node; and
  
  checking whether a distance between input traffic from the second node and one of the at least one model of behavior of the first node is below a first threshold.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory computer-readable medium of claim 13, the method further comprising checking whether a distance between the input traffic from the second node and one of the at least one model of behavior of the second node is below a second threshold.
  - 15. The non-transitory computer-readable medium of claim 13, the method further comprising granting, using the at least one hardware processor of the first node, the second node access to a network of the first node based on how different are the at least one model of behavior of the second node and the at least one model of behavior of the first node.
  - 16. The non-transitory computer-readable medium of claim 13, the method further comprising determining a distance between the at least one model of behavior of the second node and the at least one model of behavior of the first node.
  - 17. The non-transitory computer-readable medium of claim 16, the method further comprising comparing the distance to a threshold.
  - 18. The non-transitory computer-readable medium of claim 17, the method further comprising calculating the threshold based on the distance between the at least one model of behavior of the first node and at least one model of behavior of at least one other node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trustees Of Columbia University In The City Of New York (Columbia University)
Original Assignee
Trustees Of Columbia University In The City Of New York (Columbia University)
Inventors
Stolfo, Salvatore J., Ciocarlie, Gabriela F., Frias-Martinez, Vanessa, Parekh, Janak, Keromytis, Angelos D., Sherrick, Joseph
Primary Examiner(s)
Avery, Jeremiah L

Application Number

US15/587,763
Publication Number

US 20180077165A1
Time in Patent Office

613 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 63/102 Entity profiles

H04L 63/145 the attack involving the pr...

Methods, media, and systems for securing communications between a first node and a second node

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

86 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Methods, media, and systems for securing communications between a first node and a second node

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

86 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others