System and method for detecting and controlling a drone implanted in a network attached device such as a computer
First Claim
1. A system for detecting and controlling a drone implanted in a network connected device such as a computer, the system comprising:
- an outbound intrusion detection system for detecting outbound drone traffic from a drone implanted in a network connected device and providing notice when the outbound drone traffic is detected;
a blocker for blocking the outbound drone traffic responsive to the notice provided by the outbound intrusion detection system;
an outbound trace log for storing a trace of outbound traffic from the network connected device;
an inbound trace log for storing a trace of inbound traffic to the network connected device; and
a correlator for correlating the outbound trace log and the inbound trace log and deducing a source ID of an inbound message responsible for triggering the outbound drone traffic.
13 Assignments
0 Petitions
Accused Products
Abstract
A system and method for detecting a drone implanted by a vandal in a network connected host device such as a computer, and controlling the output of the drone. The system includes an inbound intrusion detection system (IDS), an outbound IDS, a blocker such as a firewall, an inbound trace log for storing a trace of inbound traffic to the protected device, an outbound trace log for storing a trace of outbound traffic from the protected device, and a correlator. When the outbound IDS detects outbound distributed denial of service (DDoS) traffic, the outbound IDS instructs the blocker to block the outbound DDoS traffic. The correlator then recalls the outbound trace log and the inbound trace log, correlates the logs, and deduces the source ID of a message responsible for triggering the drone. The correlator then instructs the blocker to block incoming messages that bear the source ID.
-
Citations
19 Claims
-
1. A system for detecting and controlling a drone implanted in a network connected device such as a computer, the system comprising:
-
an outbound intrusion detection system for detecting outbound drone traffic from a drone implanted in a network connected device and providing notice when the outbound drone traffic is detected;
a blocker for blocking the outbound drone traffic responsive to the notice provided by the outbound intrusion detection system;
an outbound trace log for storing a trace of outbound traffic from the network connected device;
an inbound trace log for storing a trace of inbound traffic to the network connected device; and
a correlator for correlating the outbound trace log and the inbound trace log and deducing a source ID of an inbound message responsible for triggering the outbound drone traffic. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for detecting and controlling a drone implanted in a network connected device such as a computer, the system comprising:
-
an outbound intrusion detection system for detecting outbound denial of service traffic from a drone implanted in a network connected device and providing notice when the outbound denial of service traffic is detected;
an outbound trace log for storing a trace of outbound traffic from the network connected device;
an inbound trace log for storing a trace of inbound traffic to the network connected device;
a correlator for correlating the outbound trace log and the inbound trace log and deducing a source ID of an inbound message responsible for triggering the outbound denial of service traffic; and
a blocker, responsive to the notice provided by the outbound intrusion detection system, for blocking inbound traffic that bears the source ID and blocking the outbound denial of service traffic.
-
-
8. A system for detecting and controlling a drone implanted in a network connected device such as a computer, the system comprising:
-
an outbound intrusion detection system for detecting outbound denial of service traffic from a drone implanted in a network connected device, providing notice when the outbound denial of service traffic is detected, and providing a destination address of the outbound denial of service traffic;
an outbound trace log for storing a trace of outbound traffic from the network connected device;
an inbound trace log for storing a trace of inbound traffic to the network connected device;
a correlator for searching the inbound trace log for an inbound message that includes the destination address of the outbound denial of service traffic and determining a source ID of the inbound message that includes the destination address of the outbound denial of service traffic; and
a blocker, responsive to the notice provided by the outbound intrusion detection system, for blocking inbound traffic bearing the source ID and blocking the outbound denial of service traffic.
-
-
9. A method for detecting and controlling a drone implanted in a network connected device such as a computer, the method comprising the steps of:
-
monitoring outbound traffic from a network connected device for outbound drone traffic; and
,when outbound drone traffic is detected, blocking the outbound drone traffic and deducing a source ID of a message responsible for triggering the outbound drone traffic by correlating an inbound trace log and an outbound trace log. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method for detecting and controlling a drone implanted in a network connected device, the method comprising the steps of:
-
monitoring outbound traffic from a network connected device for denial of service traffic; and
,when denial of service traffic is detected, deducing a source ID of a message responsible for triggering the denial of service traffic by correlating an inbound trace log and an outbound trace log, blocking the outbound denial of service traffic, and blocking inbound traffic that bears the source ID. - View Dependent Claims (17)
-
-
18. A method for detecting and controlling a drone implanted in a network connected device, the method comprising the steps of:
-
monitoring outbound traffic from a network connected device for outbound denial of service traffic; and
,when outbound denial of service traffic is detected, determining a destination address of the outbound denial of service traffic, deducing a source ID of a message responsible for triggering the outbound denial of service traffic by searching an inbound trace log for an inbound message that includes the destination address, blocking the outbound denial of service traffic, and blocking inbound traffic that bears the source ID. - View Dependent Claims (19)
-
Specification