Situational awareness and perimeter protection orchestration

US 10,419,473 B1
Filed: 10/26/2016
Issued: 09/17/2019
Est. Priority Date: 10/26/2016
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a memory configured to store computer-executable instructions; and

a processor, communicatively coupled to the memory, configured to execute the computer-executable instructions to perform operations, the operations comprising;

receiving network data from a plurality of network elements in a network, wherein the network data comprises a sample of packet flow comprising data relating to protocol types, interface information, metrics, and speed of packets arriving at the network element;

determining a baseline level of bandwidth that a network element of the plurality of network elements can handle, and determining a risk level to the network element based on a deviation from the baseline level of bandwidth, wherein the deviation is determined based on the network data;

predicting an occurrence and intensity of a network attack on the network element based on the network data;

determining a service that can counteract the network attack before the occurrence; and

displaying the network data, the risk level to the network element, information about the network attack, and information about the service on a user interface.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods provide for a situational awareness and perimeter protection orchestration system to determine when network attacks are occurring or are about to occur, and provide tools and services to mitigate the attacks. The attacks can be denial of service attacks or distributed denial of service attacks or other types of attacks designed to disable and degrade a network. The dashboard can collect intelligence on what is happening on the network, and also streams of information from third parties that can be used to predict imminent network attacks. The dashboard can also determine what tools and services are available to the network operator in order to counteract the attacks.

9 Citations

View as Search Results

16 Claims

1. A system, comprising:
- a memory configured to store computer-executable instructions; and
  
  a processor, communicatively coupled to the memory, configured to execute the computer-executable instructions to perform operations, the operations comprising;
  
  receiving network data from a plurality of network elements in a network, wherein the network data comprises a sample of packet flow comprising data relating to protocol types, interface information, metrics, and speed of packets arriving at the network element;
  
  determining a baseline level of bandwidth that a network element of the plurality of network elements can handle, and determining a risk level to the network element based on a deviation from the baseline level of bandwidth, wherein the deviation is determined based on the network data;
  
  predicting an occurrence and intensity of a network attack on the network element based on the network data;
  
  determining a service that can counteract the network attack before the occurrence; and
  
  displaying the network data, the risk level to the network element, information about the network attack, and information about the service on a user interface.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the network attack comprises at least one of a denial of service attack or a distributed denial of service attack.
  - 3. The system of claim 1, wherein the operations further comprise:
    - determining that the network attack is imminent.
  - 4. The system of claim 1, wherein the operations further comprise:
    - receiving a second set of network data from a second network different than the network.
  - 5. The system of claim 1, wherein the sample of packet flow comprises at least one of sflow or netflow data.
  - 6. The system of claim 1, wherein the predicting that the network attack is will occur further comprises predicting a type of network attack including predicting whether the network attack is an application attack.
  - 7. The system of claim 1, wherein the operations further comprise:
    - determining the service based on deviation of network data from a baseline level of bandwidth and a type of network attack.
  - 8. The system of claim 1, wherein the operations further comprise:
    - receiving network performance data from consumer feedback received via an interactive voice response service.
  - 9. The system of claim 1, wherein the operations further comprise:
    - transmitting the network data and the information about the network attack to a third party server.

10. A method for providing a dashboard for network attack mitigation, comprising:
- receiving, by a device comprising a processor, network data from a plurality of network elements in a network, wherein the network data comprises a sample of packet flow comprising data relating to protocol types, interface information, metrics, and speed of packets arriving at the network element;
  
  determining a baseline level of bandwidth that a network element of the plurality of network elements can handle, and determining a risk level to the network element based on a deviation from the baseline level of bandwidth, wherein the deviation is determined based on the network data;
  
  predicting, by the device, an occurrence and intensity of a network attack on the network element based on the network data;
  
  determining, by the device, a service that can counteract the network attack before the occurrence; and
  
  displaying, by the device, the network data, the risk level to the network element, information about the network attack, and information about the service on a user interface.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10, further comprising:
    - determining, by the device, that the network attack is imminent based on historical attacks and current network data.
  - 12. The method of claim 10, further comprising:
    - determining, by the device, that the network attack is currently underway.
  - 13. The method of claim 10, further comprising:
    - receiving, by the device, a second set of network data from a second network different than the network.
  - 14. The method of claim 10, further comprising:
    - transmitting, by the device, the network data and the information about the network attack to a third party server.

15. A non-transitory computer-readable medium, comprising instructions, that when executed by a computer processor, perform operations, comprising:
- receiving network data from a plurality of network elements in a network wherein the network data comprises a sample of packet flow comprising data relating to protocol types, interface information, metrics, and speed of packets arriving at the network element;
  
  determining a baseline level of bandwidth that a network element of the plurality of network elements can handle, and determining a risk level to the network element based on a deviation from the baseline level of bandwidth, wherein the deviation is determined based on the network data;
  
  predicting an occurrence and intensity of a network attack on the network element based on the network data;
  
  determining a service that can counteract the network attack before the occurrence; and
  
  displaying the network data, the risk level to the network element, information about the network attack, and information about the service on a user interface.
- View Dependent Claims (16)
- - 16. The non-transitory computer-readable medium of claim 15, the operations further comprising predicting a type of network attack and identifying one or more services associated with the type of network attack that mitigate the network attack before the network attack occurs.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wells Fargo Bank NA (Wells Fargo & Company)
Original Assignee
Wells Fargo Bank NA (Wells Fargo & Company)
Inventors
Makohon, Peter A., Kirby, Robert I., Houser, Christopher, Belton, Jr., Lawrence T., Gareau, Terrence W.
Primary Examiner(s)
Ho, Dao Q

Application Number

US15/335,019
Time in Patent Office

1,056 Days
Field of Search
US Class Current
CPC Class Codes

H04L 43/026   using flow identification

H04L 43/0882   Utilisation of link capacity

H04L 43/0894   Packet rate

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

Situational awareness and perimeter protection orchestration

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

9 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Situational awareness and perimeter protection orchestration

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links