METHOD, SYSTEM AND DEVICE FOR DETECTING AN ATTEMPTED INTRUSION INTO A NETWORK

US 20120198551A1
Filed: 01/31/2011
Published: 08/02/2012
Est. Priority Date: 01/31/2011
Status: Abandoned Application

First Claim

Patent Images

1. A method of detecting an attempted intrusion into a network comprising:

configuring an entrapment meter, wherein the entrapment meter receives data packets from a network, but does not transmit data packets to the network;

configuring the entrapment meter in a manner such that the entrapment meter appears vulnerable to unauthorized intrusion to the network;

detecting, using the entrapment meter, an attempted unauthorized intrusion into the network; and

monitoring the attempted unauthorized intrusion.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described herein are embodiments of methods, systems and devices for detecting an attempted intrusion into a network. In one aspect, the network is an advanced metering infrastructure (AMI) network. In another aspect, the network is an home area network (HAN). In accordance with one aspect, a method of detecting an attempted intrusion into a network is described. This embodiment of a method comprises configuring an entrapment meter such that it receives data packets from a network, but does not transmit data packets to the network. The entrapment meter is also configures such that the entrapment meter appears vulnerable to unauthorized intrusion to the network. The configured entrapment meter is used to detect an attempted unauthorized intrusion into the network. The attempted unauthorized intrusion is monitored.

Citations

23 Claims

1. A method of detecting an attempted intrusion into a network comprising:
- configuring an entrapment meter, wherein the entrapment meter receives data packets from a network, but does not transmit data packets to the network;
  
  configuring the entrapment meter in a manner such that the entrapment meter appears vulnerable to unauthorized intrusion to the network;
  
  detecting, using the entrapment meter, an attempted unauthorized intrusion into the network; and
  
  monitoring the attempted unauthorized intrusion.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the network is an advanced metering infrastructure (AMI) network.
  - 3. The method of claim 1, wherein the network is a home area network (HAN).
  - 4. The method of claim 1, wherein configuring the entrapment meter in a manner such that the entrapment meter appears vulnerable to unauthorized intrusion to the network comprises receiving data packets from the network using a network interface card set to promiscuous mode.
  - 5. The method of claim 4, further comprising detecting the attempted unauthorized intrusion into the network by analyzing the received data packets using a network intrusion detection system (NIDS).
  - 6. The method of claim 1, wherein detecting, using the entrapment meter, an attempted unauthorized intrusion into the network comprises analyzing the received data packets using a network intrusion detection system (NIDS).
  - 7. The method of claim 1, wherein detecting, using the entrapment meter, an attempted unauthorized intrusion into the network comprises analyzing at least a portion of the network using a host-based intrusion detection system (HIDS).
  - 8. The method of claim 1, further comprising storing events associated with the attempted intrusion into the network.
  - 9. The method of claim 8, wherein the stored events associated with the attempted intrusion into the network are analyzed for unauthorized activities.

10. A system for detecting an attempted intrusion into a network comprised of:
- an entrapment meter, wherein the entrapment meter is configured to receive data packets from a network, but not transmit data packets to the network, and is configured in a manner such that the entrapment meter appears vulnerable to unauthorized intrusion to the network;
  
  a memory; and
  
  a processor operably connected with the memory and the entrapment meter, wherein the processor is configured to;
  
  detect an attempted unauthorized intrusion into the network; and
  
  monitor the attempted unauthorized intrusion.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein the network is an advanced metering infrastructure (AMI) network.
  - 12. The system of claim 10, wherein the network is a home area network (HAN).
  - 13. The system of claim 10, wherein the entrapment meter comprises a network interface card to connect to the network and configuring the entrapment meter in a manner such that the entrapment meter appears vulnerable to unauthorized intrusion to the network comprises receiving data packets from the network using the network interface card set to promiscuous mode.
  - 14. The system of claim 13, further comprising a network intrusion detection system (NIDS), wherein detecting the attempted unauthorized intrusion into the network comprises analyzing the received data packets using the NIDS.
  - 15. The system of claim 10, further comprising a network intrusion detection system (NIDS), wherein detecting an attempted unauthorized intrusion into the network comprises analyzing the received data packets using the NIDS.
  - 16. The system of claim 10, further comprising a host-based intrusion detection system (HIDS), wherein detecting an attempted unauthorized intrusion into the network comprises analyzing at least a portion of the network using the host-based intrusion detection system (HIDS).
  - 17. The system of claim 10, wherein events associated with the attempted intrusion into the network are stored on the memory.
  - 18. The system of claim 17, wherein the stored events associated with the attempted intrusion into the network are analyzed for unauthorized activities.

19. A device comprised of:
- a memory;
  
  a processor operably connected with the memory; and
  
  a network interface card that is configured to connect the device with a network, wherein the network interface card is configured to receive data packets from the network, but not transmit data packets to the network, and the network interface card is set to promiscuous mode, and wherein the processor is configured to execute at least one of a network intrusion detection system (NIDS) or a host-based intrusion detection system (HIDS), wherein the device detects an attempted unauthorized intrusion into the network by analyzing the received data packets using the NIDS or by analyzing at least a portion of the network using the host-based intrusion detection system (HIDS).
- View Dependent Claims (20, 21, 22, 23)
- - 20. The device of claim 19, wherein the network is an advanced metering infrastructure (AMI) network.
  - 21. The device of claim 19, wherein the network is a home area network (HAN).
  - 22. The device of claim 19, wherein events associated with the attempted intrusion into the network are stored on the memory.
  - 23. The device of claim 19, wherein the stored events associated with the attempted intrusion into the network are analyzed for unauthorized activities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
General Electric Company
Original Assignee
General Electric Company
Inventors
Whitney, Tobias Ranier

Application Number

US13/017,231
Publication Number

US 20120198551A1
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

H04L 63/1416 Event detection, e.g. attac...

H04L 63/1491 using deception as counterm...

METHOD, SYSTEM AND DEVICE FOR DETECTING AN ATTEMPTED INTRUSION INTO A NETWORK

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD, SYSTEM AND DEVICE FOR DETECTING AN ATTEMPTED INTRUSION INTO A NETWORK

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links