Methods and Systems for Network Attack Detection and Prevention Through Redirection
First Claim
1. A processor-implemented method of detecting unauthorized access attempts to a network, comprising:
- provisioning a block of addresses;
determining a current used address of the block of addresses;
changing the current used address to a new used address of the block of addresses;
changing the current used address of the block of addresses into an unused address in a group of unused addresses; and
detecting an unauthorized attempt to access the network when an attempted address corresponds with any address of the group of unused addresses.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for detection and/or prevention of network attacks can include the use of multiple and/or time-dependent addresses coupled with filtering by the directory or naming service. The directory service can respond to requests for the address of a resource by returning an address that can be relocated over time by coordinating the directory service entry with the host and network address configuration data and/or by returning an address specific to the requestor. Thus, the directory service can track and build profiles of matches between requestors and accesses. The methods and systems can use the time dependent addresses and profiles to distinguish legitimate accesses from unauthorized or malicious ones. Requests for non-valid addresses can be misdirected to “empty” addresses or to detection devices.
-
Citations
21 Claims
-
1. A processor-implemented method of detecting unauthorized access attempts to a network, comprising:
-
provisioning a block of addresses; determining a current used address of the block of addresses; changing the current used address to a new used address of the block of addresses; changing the current used address of the block of addresses into an unused address in a group of unused addresses; and detecting an unauthorized attempt to access the network when an attempted address corresponds with any address of the group of unused addresses. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16)
-
-
13. A non-transitory computer-readable medium containing instructions for controlling a processor to detect unauthorized access attempts to a network, by:
-
provisioning a block of addresses; determining a current used address of the block of addresses; changing the current used address to a new used address of the block of addresses; changing the current used address of the block of addresses into an unused address in a group of unused addresses; and detecting an unauthorized attempt to access the network when an attempted address corresponds with any address of the group of unused addresses. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A system for detecting unauthorized access attempts to a network, comprising:
-
a memory; a processor disposed in communication with said memory, and configured to issue a plurality of processing instructions stored in the memory, wherein the processor issues instructions to; provision a block of addresses; determine a current used address of the block of addresses; change the current used address to a new used address of the block of addresses; change the current used address of the block of addresses into an unused address in a group of unused addresses; and detect an unauthorized attempt to access the network when an attempted address corresponds with any address of the group of unused addresses.
-
Specification