METHODS AND SYSTEMS FOR PROVIDING NETWORK PROTECTION BY PROGRESSIVE DEGRADATION OF SERVICE

US 20130185795A1
Filed: 01/11/2013
Published: 07/18/2013
Est. Priority Date: 01/12/2012
Status: Abandoned Application

First Claim

Patent Images

1. A method for protecting a device with a self-defending intrusion prevention system (IPS) comprising the following steps:

monitoring the data packets to detect a pattern of activity indicating a potential attack that originates within the device;

detecting a threat originating from within the protected device; and

initiating, upon detection of the threat, a countermeasure or progressive degradation of network services available on the devices on a selected basis to controllably reduce performance of data communication of the device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for protecting a defense with a self defending intrusion system. Data packets may be monitored to detect a pattern of activity indicating a potential attack. Upon detection of a threat, a countermeasure or progressive degradation of network services may be initiated on a selected basis so controllable reduce performance of data communication of the device.

Citations

22 Claims

1. A method for protecting a device with a self-defending intrusion prevention system (IPS) comprising the following steps:
- monitoring the data packets to detect a pattern of activity indicating a potential attack that originates within the device;
  
  detecting a threat originating from within the protected device; and
  
  initiating, upon detection of the threat, a countermeasure or progressive degradation of network services available on the devices on a selected basis to controllably reduce performance of data communication of the device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein said countermeasure or progressive degradation includes determining whether to deliver or discard a particular data packet provided to the network device based on information about the particular data packet.
  - 3. The method of claim 1 wherein said countermeasure or progressive degradation includes reducing performance of data communication of the device over a selected period of time.
  - 4. The method of claim 3 wherein said determination whether to deliver or discard a particular data packet is made based on information that is not limited to an originating IP address of the data packet.
  - 5. The method of claim 3 wherein the determination to deliver or discard a particular data packet is made while the device is permitted to continue operating.
  - 6. The method of claim 1 wherein the pattern of activity includes sequentially accessing IP addresses or performing port scans on sequential port numbers.

7. A method for providing device protection comprising the following steps:
- receiving a data packet at a network device;
  
  reading information, with aid of a processor, from the data packet; and
  
  analyzing, with aid of the processor, whether to discard or deliver the data packet to destination based on the information, wherein said analysis considers information of the data packets that originates within the device, and selectively discarding the data packets that originate from a rogue application within the device.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 8. The method of claim 7 wherein the data packet is received at a network stack of the network device.
  - 9. The method of claim 7 wherein the information is not limited to an originating IP address of the data packet.
  - 10. The method of claim 9 wherein the information that is not limited to an originating IP address of the data packet includes one or more of the following:
    - process, port number, originating process, network used to receive the data packet, destination address, or other IP addresses from other packets.
  - 11. The method of claim 7 wherein the analysis also considers the originating IP address of the data packet.
  - 12. The method of claim 7 wherein the analysis includes determining whether an originating process for the data packet is on a blacklist or whitelist.
  - 13. The method of claim 7 wherein the analysis includes considering a read drop rate value for the data packet.
  - 14. The method of claim 7 wherein the analysis includes determining whether the address is sequential and/or is part of repeated accesses.
  - 15. The method of claim 7 further comprising reading a timer of the network device, wherein the analysis includes considering the time read from the timer.
  - 16. The method of claim 7 further comprising turning off a network channel that the data packet came from if a determination is made to discard the data packet through said analysis.
  - 17. The method of claim 16 further comprising turning on and using another network other than the network channel that the data packet came from.

18. A device for providing network protection, said device comprising:
- a network interface configured to permit receipt of a data packet from a network external to the device;
  
  a network stack in communication with the network interface;
  
  one or more applications capable of sending and receiving the data packet; and
  
  an self-defending intrusion protection service module in communication with the network stack programmed to analyze the data packet that originates from the one or more applications within the device and determine whether the data packet is to be delivered to destinations or to be discarded to protect the device from the intrusion threat.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The device of claim 18 wherein the self-defending intrusion protection service module is configured to communicate with one or more static blacklist, dynamic blacklist, or static whitelist containing information about origin or senders of packets that require attention.
  - 20. The device of claim 18 wherein the device includes a 802.11 network interface and a cellular network interface.
  - 21. The device of claim 18 wherein the device also includes a timer configured to communicate with the intrusion network service module.
  - 22. The device of claim 18 wherein the intrusion protection service module performs said analysis and determination based on information from the data packet that is not limited to an originating IP address of the data packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arxceo Corp. (Japan Communications Inc.)
Original Assignee
Arxceo Corp. (Japan Communications Inc.)
Inventors
Yoda, Nobuhisa, Winn, James Marcus, Somers, Jonathan

Application Number

US13/740,078
Publication Number

US 20130185795A1
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

H04L 63/0236   Filtering by address, proto...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

METHODS AND SYSTEMS FOR PROVIDING NETWORK PROTECTION BY PROGRESSIVE DEGRADATION OF SERVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND SYSTEMS FOR PROVIDING NETWORK PROTECTION BY PROGRESSIVE DEGRADATION OF SERVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links