SYSTEMS AND METHOD FOR DISTRIBUTED NETWORK PROTECTION

US 20080256624A1
Filed: 06/23/2008
Published: 10/16/2008
Est. Priority Date: 08/18/2000
Status: Abandoned Application

First Claim

Patent Images

1. A network protection system, the system comprising:

an external intrusion detection system that detects an external possible unauthorized access attempt into a communications network being protected, and including,an external intrusion detection module, anda external communications management module coupled to the external intrusion detection module;

an internal intrusion detection system that detects an internal possible unauthorized access attempt within the communications network being protected, and including,an internal intrusion detection module, andan internal communications management module coupled to the internal intrusion detection module; and

an analysis system coupled to the external intrusion detection system and the internal intrusion detection system, and including,a database for storing at least one of profile of information related to one or more hackers, unauthorized access attempt origin information, information that can aid the intrusion analysis system in determining accuracy of a detected unauthorized access attempt,an intrusion analysis module coupled to the database, andan intrusion reaction coordination module coupled to the intrusion analysis module and the database,wherein the external and internal communications management modules are coupled to the intrusion analysis module and forward to the intrusion analysis module respective information regarding the respective detected possible unauthorized access attempt,the intrusion analysis module determines based on the respective information regarding the respective detected possible unauthorized access attempt whether or not the respective detected possible unauthorized access attempt is authorized and communicates with the internal and external intrusion detection modules via the external and internal communications management modules whether or not the respective detected possible unauthorized access attempt is authorized, andthe intrusion reaction coordination module determines an appropriate action to take if the intrusion analysis module determines that the respective detected possible unauthorized access attempt is unauthorized.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Through the use of an intermediate party, a first party is given the ability to communicate with a second party, with the communication appearing as if it originated with the intermediate party. Specifically, in a protected network system, the protected network is capable of acting as a conduit through which an entity, such as law enforcement, can communicate with an entity attempting an unauthorized access attempt unbeknownst to the entity attempting the unauthorized access attempt. This allows, for example, the detection and identification of the entity attempting the unauthorized access attempt.

29 Citations

View as Search Results

18 Claims

1. A network protection system, the system comprising:
- an external intrusion detection system that detects an external possible unauthorized access attempt into a communications network being protected, and including,an external intrusion detection module, anda external communications management module coupled to the external intrusion detection module;
  
  an internal intrusion detection system that detects an internal possible unauthorized access attempt within the communications network being protected, and including,an internal intrusion detection module, andan internal communications management module coupled to the internal intrusion detection module; and
  
  an analysis system coupled to the external intrusion detection system and the internal intrusion detection system, and including,a database for storing at least one of profile of information related to one or more hackers, unauthorized access attempt origin information, information that can aid the intrusion analysis system in determining accuracy of a detected unauthorized access attempt,an intrusion analysis module coupled to the database, andan intrusion reaction coordination module coupled to the intrusion analysis module and the database,wherein the external and internal communications management modules are coupled to the intrusion analysis module and forward to the intrusion analysis module respective information regarding the respective detected possible unauthorized access attempt,the intrusion analysis module determines based on the respective information regarding the respective detected possible unauthorized access attempt whether or not the respective detected possible unauthorized access attempt is authorized and communicates with the internal and external intrusion detection modules via the external and internal communications management modules whether or not the respective detected possible unauthorized access attempt is authorized, andthe intrusion reaction coordination module determines an appropriate action to take if the intrusion analysis module determines that the respective detected possible unauthorized access attempt is unauthorized.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, further comprising a monitoring center coupled to the analysis system via a communications link, wherein the analysis system communicates information regarding an unauthorized access attempt to the monitoring center.
  - 3. The system of claim 2, wherein the communications link is a secure tunnel.
  - 4. The system of claim 1, wherein the analysis system enables communication between at least one destination of the protected network and one or more entities attempting the unauthorized access attempt.
  - 5. The system of claim 4, wherein the one or more entities attempting the unauthorized access attempt are unaware that they are communicating with the at least one destination.
  - 6. The system of claim 5, wherein communications from the at least one destination are modified to appear as if they have a predetermined origin.

7. A network protection method, the method comprising:
- detecting via an external intrusion detection system an external possible unauthorized access attempt into a communications network being protected, the external intrusion detection system including,an external intrusion detection module, anda external communications management module coupled to the external intrusion detection module;
  
  detecting via an internal intrusion detection system an internal possible unauthorized access attempt within the communications network being protected, the internal intrusion detection system including,an internal intrusion detection module, andan internal communications management module coupled to the internal intrusion detection module;
  
  wherein an analysis system coupled to the external intrusion detection system and the internal intrusion detection system, the analysis system including,a database for storing at least one of profile of information related to one or more hackers, unauthorized access attempt origin information, information that can aid the intrusion analysis system in determining accuracy of a detected unauthorized access attempt,an intrusion analysis module coupled to the database, andan intrusion reaction coordination module coupled to the intrusion analysis module and the database;
  
  forwarding via the external and internal communications management modules coupled to the intrusion analysis module respective information regarding the respective detected possible unauthorized access attempt;
  
  determining via the intrusion analysis module based on the respective information regarding the respective detected possible unauthorized access attempt whether or not the respective detected possible unauthorized access attempt is authorized, and communicating with the internal and external intrusion detection modules via the external and internal communications management modules whether or not the respective detected possible unauthorized access attempt is authorized, anddetermining via the intrusion reaction coordination module an appropriate action to take if the intrusion analysis module determines that the respective detected possible unauthorized access attempt is unauthorized.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, further comprising communicating via the analysis system coupled to a monitoring center via a communications link information regarding an unauthorized access attempt.
  - 9. The method of claim 8, wherein the communications link is a secure tunnel.
  - 10. The method of claim 7, further comprising enabling communication via the analysis system between at least one destination of the protected network and one or more entities attempting the unauthorized access attempt.
  - 11. The method of claim 10, wherein the one or more entities attempting the unauthorized access attempt are unaware that they are communicating with the at least one destination.
  - 12. The method of claim 11, further comprising modifying the communications from the at least one destination to appear as if they have a predetermined origin.

13. A computer program product for network protection, including one or more computer readable instructions embedded on a computer readable medium and configured to cease one or more computer processors to perform the steps of:
- detecting via an external intrusion detection system an external possible unauthorized access attempt into a communications network being protected, the external intrusion detection system including,an external intrusion detection module, anda external communications management module coupled to the external intrusion detection module;
  
  detecting via an internal intrusion detection system an internal possible unauthorized access attempt within the communications network being protected, the internal intrusion detection system including,an internal intrusion detection module, andan internal communications management module coupled to the internal intrusion detection module;
  
  wherein an analysis system coupled to the external intrusion detection system and the internal intrusion detection system, the analysis system including,a database for storing at least one of profile of information related to one or more hackers, unauthorized access attempt origin information, information that can aid the intrusion analysis system in determining accuracy of a detected unauthorized access attempt,an intrusion analysis module coupled to the database, andan intrusion reaction coordination module coupled to the intrusion analysis module and the database;
  
  forwarding via the external and internal communications management modules coupled to the intrusion analysis module respective information regarding the respective detected possible unauthorized access attempt;
  
  determining via the intrusion analysis module based on the respective information regarding the respective detected possible unauthorized access attempt whether or not the respective detected possible unauthorized access attempt is authorized, and communicating with the internal and external intrusion detection modules via the external and internal communications management modules whether or not the respective detected possible unauthorized access attempt is authorized, anddetermining via the intrusion reaction coordination module an appropriate action to take if the intrusion analysis module determines that the respective detected possible unauthorized access attempt is unauthorized.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer program product of claim 13, further comprising communicating via the analysis system coupled to a monitoring center via a communications link information regarding an unauthorized access attempt.
  - 15. The computer program product of claim 14, wherein the communications link is a secure tunnel.
  - 16. The computer program product of claim 13, further comprising enabling communication via the analysis system between at least one destination of the protected network and one or more entities attempting the unauthorized access attempt.
  - 17. The computer program product of claim 16, wherein the one or more entities attempting the unauthorized access attempt are unaware that they are communicating with the at least one destination.
  - 18. The computer program product of claim 17, further comprising modifying the communications from the at least one destination to appear as if they have a predetermined origin.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Invicta Networks, Inc.
Original Assignee
Invicta Networks, Inc.
Inventors
Sheymov, Victor I., Turner, Roger B.

Application Number

US12/144,008
Publication Number

US 20080256624A1
Time in Patent Office

Days
Field of Search
US Class Current

726/14
CPC Class Codes

H04L 63/0236   Filtering by address, proto...

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

SYSTEMS AND METHOD FOR DISTRIBUTED NETWORK PROTECTION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

SYSTEMS AND METHOD FOR DISTRIBUTED NETWORK PROTECTION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others