×

DETECTING AND DEFENDING AGAINST MAN-IN-THE-MIDDLE ATTACKS

  • US 20120185938A1
  • Filed: 03/28/2012
  • Published: 07/19/2012
  • Est. Priority Date: 05/25/2007
  • Status: Active Grant
First Claim
Patent Images

1. A system for defending against man in the middle (MITM) attacks directed at a target server, comprising:

  • an activity recording system that records an incoming IP address, user id, and time of each session occurring with the target server;

    a list checking system for performing the following;

    comparing a single incoming IP address with a white list; and

    comparing the single incoming IP address with a black list after the comparing of the single incoming IP address with the white list in the case that the single incoming IP address is not present on the white list;

    an activity analysis system that performs the following after the list checking system compares the single incoming IP address with the black list, in the case that the single incoming IP address is not present on the black list;

    searches for records of a previous login attempt from the single incoming IP address;

    determines a number of user ids occurring from the single incoming IP address during a predefined time period;

    compares the number of user ids occurring from the single incoming IP address to a predefined threshold number of user ids specific to the predefined time period; and

    identifies the single incoming IP address as a suspect IP address in response to the number of user ids occurring from the single incoming IP address exceeding the threshold within the predefined time period; and

    a countermeasure system for taking action against the suspect IP address.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×