Embedded device and method of processing network communication data

US 10,630,708 B2
Filed: 01/06/2017
Issued: 04/21/2020
Est. Priority Date: 01/08/2016
Status: Active Grant

First Claim

Patent Images

1. An embedded device configured to process a network communication data received over a communication network, the embedded device comprising:

a communication interface;

a memory;

a processor;

the communication interface being configured to receive the network communication data from at least one external device connected to the communication network;

said embedded device configured as an alternative entry point for network traffic ingress to a pre-established network and installed in a peripheral position exterior to said pre-established network;

said embedded device configured to detect attacks from sources external to said pre-established network attempting entry into the network through said alternative entry point;

said embedded device capturing all communications data at said communication interface prior to entry into any network ingress point for said pre-established network and converting all of said captured communications data to a benign data format;

said embedded device processor performing an analysis of said captured communications data upon conversion to said benign data format;

the embedded device configured to transmit said benign data format and an analysis of the captured network communication data to at least one designated authority or user of the pre-established network; and

where the captured communications data from said detected attacks is converted to a benign format in said memory of the embedded device prior to any transmission of said communications data to any firewall or network defense system associated with said pre-established network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is an embedded device configured to process network communication data received over a communication network. The embedded device may include a communication interface configured to receive the network communication data from at least one external device connected to the communication network. Further, the embedded device may be configured to transmit a benign format of the network communication data to at least one designated network device connected to the communication network. Additionally, the embedded device may include a memory configured to store the network communication data. Further, the embedded device may include a processor configured to analyze the network communication data. Furthermore, the processor may be configured to detect malicious activity associated with the network communication data based on the analyzing. Moreover, the processor may be configured to convert the network communication data into the benign format of the network communication data.

Citations

20 Claims

1. An embedded device configured to process a network communication data received over a communication network, the embedded device comprising:
- a communication interface;
  
  a memory;
  
  a processor;
  
  the communication interface being configured to receive the network communication data from at least one external device connected to the communication network;
  
  said embedded device configured as an alternative entry point for network traffic ingress to a pre-established network and installed in a peripheral position exterior to said pre-established network;
  
  said embedded device configured to detect attacks from sources external to said pre-established network attempting entry into the network through said alternative entry point;
  
  said embedded device capturing all communications data at said communication interface prior to entry into any network ingress point for said pre-established network and converting all of said captured communications data to a benign data format;
  
  said embedded device processor performing an analysis of said captured communications data upon conversion to said benign data format;
  
  the embedded device configured to transmit said benign data format and an analysis of the captured network communication data to at least one designated authority or user of the pre-established network; and
  
  where the captured communications data from said detected attacks is converted to a benign format in said memory of the embedded device prior to any transmission of said communications data to any firewall or network defense system associated with said pre-established network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The embedded device of claim 1, wherein the communication interface comprises a plurality of communication ports, wherein each of the plurality of communication ports is set to an enabled state and at least one communication port is configured to appear as a remote management port.
  - 3. The embedded device of claim 1, wherein the communication interface comprises a plurality of communication ports, wherein at least one communication port of the plurality of communication ports is configured to appear as a remote management port associated with a Programmable Logic Controller (PLC).
  - 4. The embedded device of claim 1, where the communication interface is configured to terminate communication with the external device for a variable duration of time.
  - 5. The embedded device of claim 1, where the benign format comprises hexadecimal format.
  - 6. The embedded device of claim 1, where said embedded device further comprises a Cyber Attack Monitor module, a Firewall Comm Analyzer module, and an Instant Messenger module.
  - 7. The embedded device of claim 6, where said Cyber Attack Monitor is bound to one or more communication sockets associated with said pre-established network and is configured to extract all communications data from said memory of the embedded device for immediate analysis.
  - 8. The embedded device of claim 7, where said Firewall Comm Analyzer is configured to perform said immediate analysis of communications data transmitted from or to source Internet Protocol (IP) addresses of each external source associated with an attack on said pre-established network.
  - 9. The embedded device of claim 6, where said Firewall Comm Analyzer is configured to terminate all communications with an attacking external source or device for a variable duration of time based upon the frequency of malicious activity.
  - 10. The embedded device of claim 6, where said Instant Messenger is configured to encrypt all captured communication data and data analysis to a designated device located at a customer site and associated with a particular authority or user.

11. A method of processing a network communication data received over a communication network using an embedded device, the method comprising:
- configuring said embedded device as an alternative entry point for network traffic ingress to a pre-established network and installed in a peripheral position exterior to said pre-established network, said embedded device configured to defend the network asset against a malicious network communication;
  
  receiving, using a communication interface, the network communication data from at least one external device connected to the pre-established network;
  
  said embedded device detecting malicious network communication attacks from sources external to said pre-established network attempting entry into the network through said alternative entry point;
  
  said embedded device capturing all communications data at said communication interface prior to entry into any network ingress point for said pre-established network and converting said captured communications data to a benign data format;
  
  analyzing, using a processor, the captured network communication data upon conversion to said benign data format;
  
  detecting, using the processor, malicious activity associated with the network communication data based on the analyzing;
  
  transmitting from said embedded device, the benign data format of the network communication data to at least one designated network device connected to the communication network; and
  
  transmitting from said embedded device a benign data format and an analysis of the captured network communication data to at least one designated authority or user of the pre-established network.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein the communication interface comprises a plurality of communication ports, wherein the method further comprises setting each of the plurality of communication ports to an enabled state.
  - 13. The method of claim 11, wherein the communication interface comprises a plurality of communication ports, the method further comprising configuring at least one communication port of the plurality of communication ports to appear as a remote management port associated with a Programmable Logic Controller (PLC).
  - 14. The method of claim 11, where the terminating of communication with the external device is performed for a variable duration of time.
  - 15. The method of claim 11, where the benign format comprises hexadecimal format.
  - 16. The method of claim 11, where said embedded device further comprises a Cyber Attack Monitor module, a Firewall Comm Analyzer module, and an Instant Messenger module.
  - 17. The method of claim 16, where said Cyber Attack Monitor is bound to one or more communication sockets associated with said pre-established network and is configured to extract all communications data from said memory of the embedded device for immediate analysis.
  - 18. The method of claim 17, where said Firewall Comm Analyzer is configured to perform said immediate analysis of communications data transmitted from or to source Internet Protocol (IP) addresses of each external source associated with an attack on said pre-established network.
  - 19. The method of claim 16, where said Firewall Comm Analyzer is configured to terminate all communications with an attacking external source or device for a variable duration of time based upon the frequency of malicious activity.
  - 20. The method of claim 16, where said Instant Messenger is configured to encrypt all captured communication data and data analysis to a designated device located at a customer site and associated with a particular authority or user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cyber Detection Services Inc.
Original Assignee
Cyber Detection Services Inc.
Inventors
Terry, Robert
Primary Examiner(s)
Simitoski, Michael

Application Number

US15/400,569
Publication Number

US 20170201543A1
Time in Patent Office

1,201 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

Embedded device and method of processing network communication data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Embedded device and method of processing network communication data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links