SYSTEMS AND METHODS FOR DISTRIBUTED NETWORK PROTECTION

US 20090320132A1
Filed: 08/11/2009
Published: 12/24/2009
Est. Priority Date: 05/31/2000
Status: Abandoned Application

First Claim

Patent Images

1. A communications network protection system, the system comprising:

one or more computers or devices of a protected communications network that serve as a target of a hacker attack over a communications network;

first through third level monitoring centers for receiving information regarding hacker attacks in a geographical area or an organizational structure corresponding to the protected communications network, and for determining appropriate retaliatory or legal action against the hacker attacks; and

one or more distributed databases linked to a centralized databases and located within respective of the first and second level monitoring centers for maintaining respective information regarding monitored hacker attacks in the geographical area or the organizational structure corresponding to the protected communications network, and the determined appropriate retaliatory or legal action against the hacker attacks.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

By distributing various information and monitoring centers that monitor distributed networks and unauthorized access attempts, it is possible to, for example, more quickly defend against an unauthorized access attempts. For example, a Level 1 monitoring center could monitor a predetermined geographical area serving, for example, a wide variety of commercial and public sites, an organizational structure, or the like, for alarms. Upon analyzing an alarm for various characteristics, the Level 1 monitoring center can refer the unauthorized access attempt to an appropriate Level 2 center for, for example, possible retaliatory and/or legal action. Then, a Level 3 monitoring center can record and maintain an overall picture of the security of one or more networks, the plurality of monitoring centers and information about one or more hacking attempts.

29 Citations

View as Search Results

30 Claims

1. A communications network protection system, the system comprising:
- one or more computers or devices of a protected communications network that serve as a target of a hacker attack over a communications network;
  
  first through third level monitoring centers for receiving information regarding hacker attacks in a geographical area or an organizational structure corresponding to the protected communications network, and for determining appropriate retaliatory or legal action against the hacker attacks; and
  
  one or more distributed databases linked to a centralized databases and located within respective of the first and second level monitoring centers for maintaining respective information regarding monitored hacker attacks in the geographical area or the organizational structure corresponding to the protected communications network, and the determined appropriate retaliatory or legal action against the hacker attacks.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the hacker attacks are determined by the first level monitoring centers based on real-time unauthorized access attempt alarms received from the protected communications network.
  - 3. The system of claim 1, wherein the geographical area includes commercial and public sites corresponding to the protected communications network.
  - 4. The system of claim 1, wherein the organizational structure includes law enforcement, Department of Defense, Armed Forces, government, commercial organizations, or e-commerce sites corresponding to the protected communications network.
  - 5. The system of claim 1, wherein, based on a referral from a site of the protected communications network that is attacked, one of the first through third level monitoring centers poses as the attacked site to an attacker for positive identification of the attacker, and once the hacker attack is confirmed, the attacked site or one of the first level monitoring centers sends a response to the attacker and including a concealed flag in the response for detection of the response via the flag, as the response passes through the protected communications network, for identifying the origin of the hacker attack and locations of previous attacks related to the hacker attack.
  - 6. The system of claim 1, wherein the second level monitoring centers receive referrals from the first level monitoring centers and make a decision on possible retaliatory action or other action if warranted based on a nature of an attack.
  - 7. The system of claim 1, wherein the third level monitoring centers collect and analyze information received from the second level monitoring centers to monitor the overall security condition of the protected communications network, including a national cyberspace of one or more countries.
  - 8. The system of claim 1, wherein the protected communications network includes one or more unauthorized access attempt detection systems for determining the hacker attacks and reporting the hacker attacks to the first level monitoring centers.
  - 9. The system of claim 8, wherein the unauthorized access attempt detection systems are embedded in a firewall or operating system of the protected communications network to gather information about an unauthorized access in real-time or near real-time and provide the gathered information to the first level monitoring centers.
  - 10. The system of claim 1, wherein the centralized and distributed databases include mechanisms to shield from unauthorized access, to host data, to store detailed data regarding a hacker or attacker, and to store data regarding law enforcement and links to law enforcement agencies.

11. A communications network protection method, the method comprising:
- providing one or more computers or devices of a protected communications network that serve as a target of a hacker attack over a communications network;
  
  receiving, via first through third level monitoring centers, information regarding hacker attacks in a geographical area or an organizational structure corresponding to the protected communications network;
  
  determining, via the first through third level monitoring centers, appropriate retaliatory or legal action against the hacker attacks; and
  
  maintaining via one or more distributed databases linked to a centralized databases and located within respective of the first and second level monitoring centers, respective information regarding monitored hacker attacks in the geographical area or the organizational structure corresponding to the protected communications network, and the determined appropriate retaliatory or legal action against the hacker attacks.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein the hacker attacks are determined by the first level monitoring centers based on real-time unauthorized access attempt alarms received from the protected communications network.
  - 13. The method of claim 11, wherein the geographical area includes commercial and public sites corresponding to the protected communications network.
  - 14. The method of claim 11, wherein the organizational structure includes law enforcement, Department of Defense, Armed Forces, government, commercial organizations, or e-commerce sites corresponding to the protected communications network.
  - 15. The method of claim 11, wherein, based on a referral from a site of the protected communications network that is attacked, one of the first through third level monitoring centers poses as the attacked site to an attacker for positive identification of the attacker, and once the hacker attack is confirmed, the attacked site or one of the first level monitoring centers sends a response to the attacker and including a concealed flag in the response for detection of the response via the flag, as the response passes through the protected communications network, for identifying the origin of the hacker attack and locations of previous attacks related to the hacker attack.
  - 16. The method of claim 11, wherein the second level monitoring centers receive referrals from the first level monitoring centers and make a decision on possible retaliatory action or other action if warranted based on a nature of an attack.
  - 17. The method of claim 11, wherein the third level monitoring centers collect and analyze information received from the second level monitoring centers to monitor the overall security condition of the protected communications network, including a national cyberspace of one or more countries.
  - 18. The method of claim 11, wherein the protected communications network includes one or more unauthorized access attempt detection systems for determining the hacker attacks and reporting the hacker attacks to the first level monitoring centers.
  - 19. The method of claim 18, wherein the unauthorized access attempt detection systems are embedded in a firewall or operating system of the protected communications network to gather information about an unauthorized access in real-time or near real-time and provide the gathered information to the first level monitoring centers.
  - 20. The method of claim 11, wherein the centralized and distributed databases include mechanisms to shield from unauthorized access, to host data, to store detailed data regarding a hacker or attacker, and to store data regarding law enforcement and links to law enforcement agencies.

21. A computer program product for communications network protection, including one or more computer readable instructions stored on a computer readable medium and configured to cause one or more computer processors to perform the steps of:
- providing one or more computers or devices of a protected communications network that serve as a target of a hacker attack over a communications network;
  
  receiving, via first through third level monitoring centers, information regarding hacker attacks in a geographical area or an organizational structure corresponding to the protected communications network;
  
  determining, via the first through third level monitoring centers, appropriate retaliatory or legal action against the hacker attacks; and
  
  maintaining via one or more distributed databases linked to a centralized databases and located within respective of the first and second level monitoring centers, respective information regarding monitored hacker attacks in the geographical area or the organizational structure corresponding to the protected communications network, and the determined appropriate retaliatory or legal action against the hacker attacks.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The computer program product of claim 21, wherein the hacker attacks are determined by the first level monitoring centers based on real-time unauthorized access attempt alarms received from the protected communications network.
  - 23. The computer program product of claim 21, wherein the geographical area includes commercial and public sites corresponding to the protected communications network.
  - 24. The computer program product of claim 21, wherein the organizational structure includes law enforcement, Department of Defense, Armed Forces, government, commercial organizations, or e-commerce sites corresponding to the protected communications network.
  - 25. The computer program product of claim 21, wherein, based on a referral from a site of the protected communications network that is attacked, one of the first through third level monitoring centers poses as the attacked site to an attacker for positive identification of the attacker, and once the hacker attack is confirmed, the attacked site or one of the first level monitoring centers sends a response to the attacker and including a concealed flag in the response for detection of the response via the flag, as the response passes through the protected communications network, for identifying the origin of the hacker attack and locations of previous attacks related to the hacker attack.
  - 26. The computer program product of claim 21, wherein the second level monitoring centers receive referrals from the first level monitoring centers and make a decision on possible retaliatory action or other action if warranted based on a nature of an attack.
  - 27. The computer program product of claim 21, wherein the third level monitoring centers collect and analyze information received from the second level monitoring centers to monitor the overall security condition of the protected communications network, including a national cyberspace of one or more countries.
  - 28. The computer program product of claim 21, wherein the protected communications network includes one or more unauthorized access attempt detection systems for determining the hacker attacks and reporting the hacker attacks to the first level monitoring centers.
  - 29. The computer program product of claim 28, wherein the unauthorized access attempt detection systems are embedded in a firewall or operating system of the protected communications network to gather information about an unauthorized access in real-time or near real-time and provide the gathered information to the first level monitoring centers.
  - 30. The computer program product of claim 21, wherein the centralized and distributed databases include mechanisms to shield from unauthorized access, to host data, to store detailed data regarding a hacker or attacker, and to store data regarding law enforcement and links to law enforcement agencies.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Invicta Networks, Inc.
Original Assignee
Invicta Networks, Inc.
Inventors
Sheymov, Victor I., Turner, Roger B.

Application Number

US12/538,951
Publication Number

US 20090320132A1
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/554   involving event detection a...

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/30   for supporting lawful inter...

SYSTEMS AND METHODS FOR DISTRIBUTED NETWORK PROTECTION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR DISTRIBUTED NETWORK PROTECTION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links