SYSTEM THAT PROVIDES EARLY DETECTION, ALERT, AND RESPONSE TO ELECTRONIC THREATS

US 20100031358A1
Filed: 02/04/2008
Published: 02/04/2010
Est. Priority Date: 02/04/2008
Status: Active Grant

First Claim

Patent Images

1. A computer system that provides early detection alert and response to electronic threats in large wide area networks, said system harnesses the processing power of dedicated hardware, software residing in specialized servers, distributed personal computers connected to said network, and the human brain to provide multi-layered early detection, alarm and response to eThreats;

wherein, said layers comprise;

a Protection Layer, which detects and eliminates from the network data stream eThreats known to said system;

a Detection Layer, which detects and creates signatures for new eThreats that are unknown to said system;

an Expert Analysis Layer, which comprises a group of human experts who receive information from various components of said system and analyze said information to confirm the identity of new eThreats; and

a Collaborative Detection &

Protection Layer, which detects potential new eThreats by processing information received from various system agents and users.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention is a computer system that provides early detection alert and response to electronic threats (eThreats) in large wide area networks, e.g. the network of an Internet Services Provider or a Network Services Provider. The system of the invention accomplishes this by harnessing the processing power of dedicated hardware, software residing in specialized servers, distributed personal computers connected to the network, and the human brain to provide multi-layered early detection, alarm and response. The layers comprise: a Protection Layer, which detects and eliminates from the network data stream eThreats known to the system; a Detection Layer, which detects and creates signatures for new eThreats that are unknown to the system; an Expert Analysis Layer, which comprises a group of human experts who receive information from various components of the system and analyze the information to confirm the identity of new eThreats; and a Collaborative Detection & Protection Layer, which detects potential new eThreats by processing information received from various system agents and users. A Dynamic Sandbox Protection Layer associated with the distributed personal computers connected to the network. can optionally be part of the system of the invention.

Citations

15 Claims

1. A computer system that provides early detection alert and response to electronic threats in large wide area networks, said system harnesses the processing power of dedicated hardware, software residing in specialized servers, distributed personal computers connected to said network, and the human brain to provide multi-layered early detection, alarm and response to eThreats;
- wherein, said layers comprise;
  
  a Protection Layer, which detects and eliminates from the network data stream eThreats known to said system;
  
  a Detection Layer, which detects and creates signatures for new eThreats that are unknown to said system;
  
  an Expert Analysis Layer, which comprises a group of human experts who receive information from various components of said system and analyze said information to confirm the identity of new eThreats; and
  
  a Collaborative Detection &
  
  Protection Layer, which detects potential new eThreats by processing information received from various system agents and users.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. A computer system according to claim 1 comprising a Dynamic Sandbox Protection Layer associated with the distributed personal computers connected to the network.
  - 3. A computer system according to claim 1 comprising one or more of each of the following modules:
    - Anonymity, Privacy and Secrecy Module;
      
      Known eThreat Handler Module;
      
      Data Stream Manager Module;
      
      New eThreat Detection Module;
      
      Storage Manager Module;
      
      Protection &
      
      Feedback Agent;
      
      Collaborative eThreat Recognition Module;
      
      Expert Group Feedback Manager Module;
      
      Attack Trace-Back Module; and
      
      Risk Assessment Module.
  - 4. A computer system according to claim 1, wherein the large wide area network is the network of an Internet Services Provider (ISP) or a Network Services Provider (NSP).
  - 5. A computer system according to claim 3, wherein the major components of the Anonymity, Privacy and Secrecy Module are the Secure Network Connection and the Storage Sanitizer Component and the functionality of said Anonymity, Privacy and Secrecy Module is embedded into the various components of said system.
  - 6. A computer system according to claim 5, wherein the Storage Sanitizer Component is present in the Data Stream Manager Module and in the Protection &
    - Feedback Agent.
  - 7. A computer system according to claim 3, wherein the Known eThreat Handler Module comprises:
    - a hardware interface;
      
      a Recognition Component;
      
      which looks for a match between the signatures of known eThreats and the stream of Internet packets; and
      
      an eThreat Signature Adaptor, which contains signature updates for eThreats written in the format used in the Recognition Component and supplies said updates to said Recognition Component;
      
      wherein if a match is detected and said Recognition Component identifies an eThreat in a packet, then said packet will not be forwarded or will be dealt with in another manner.
  - 8. A computer system according to claim 3, wherein the Known eThreat Handler Module is a physical module that works in real-time and must be placed in the network infrastructure.
  - 9. A computer system according to claim 3, wherein the main component of Data Stream Manager is the Information Extraction Module, which comprises high level filters that are responsible for extracting only new, previously unobserved, files from traffic forwarded by the Known eThreat Handler Module and passing said files to the New eThreat Detection Module.
  - 10. A computer system according to claim 3, wherein all of the modules except the Protection &
    - Feedback Agent are under the direct control of the wide area network staff.
  - 11. A computer system according to claim 3, wherein the Collaborative eThreat Recognition Module detects potential new eThreats by processing information received from various system agents and users.
  - 12. A computer system according to claim 3, wherein two major responsibilities of the Storage Manager Module, which is the primary persistence device of said system are:
    - first, to store and manage files received from other modules of said system and, second, to store information about the files that it is managing.
  - 13. A computer system according to claim 3, wherein the main goal of the Expert Group Feedback Manager Module is to provide a set of Graphical User Interface dialogs, which will present to the group of human experts all the relevant information needed for recognition of new eThreats.
  - 14. A computer system according to claim 3, wherein the Attack Trace-Back module traces back the source of an eThreat using historical data on its propagation that has been collected.
  - 15. A computer system according to claim 3, wherein the Risk Assessment Module measures the risk of a specific eThreat and also the risk of all eThreats known by said system over the wide area network;
    - wherein the components of said Risk Assessment Module collect relevant information for risk assessment from the Storage Manager and provide risk assessments to the group of human experts.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Deutsche Telekom AG
Original Assignee
Deutsche Telekom AG
Inventors
Shabtai, Asaf, Tachan, Gil, Elovici, Yuval

Granted Patent

US 8,171,554 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

H04L 41/147   for predicting network beha...

H04L 43/00   Arrangements for monitoring...

H04L 63/0414   during transmission, i.e. p...

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

SYSTEM THAT PROVIDES EARLY DETECTION, ALERT, AND RESPONSE TO ELECTRONIC THREATS

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM THAT PROVIDES EARLY DETECTION, ALERT, AND RESPONSE TO ELECTRONIC THREATS

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links