NETWORK STIMULATION ENGINE

US 20130212644A1
Filed: 03/15/2013
Published: 08/15/2013
Est. Priority Date: 12/15/2010
Status: Active Grant

First Claim

Patent Images

1. A method of projecting a false apparent computer network view for protecting a real computer network against hackers, the method comprising:

receiving into a physical computer network one or more requests for internet protocol (IP) addresses of nodes in the physical computer network;

determining, using at least one processor operatively coupled with a memory, that a response to the one or more requests should present a false apparent view of a network configuration of the physical computer network;

selecting a definition of a false apparent view of the network configuration based on the determination;

building the response to the one or more requests, the response including at least one false IP address for a node in the computer network in accordance with the selected false apparent view; and

sending the response through the computer network.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, devices, and systems are disclosed for simulating a large, realistic computer network. Virtual actors statistically emulate the behaviors of humans using networked devices or responses and automatic functions of networked equipment, and their stochastic actions are queued in buffer pools by a behavioral engine. An abstract machine engine creates the minimal interfaces needed for each actor, and the interfaces then communicate persistently over a network with each other and real and virtual network resources to form realistic network traffic. The network can respond to outside stimuli, such as a network mapping application, by responding with false views of the network in order to spoof hackers, and the actors can respond by altering a software defined network upon which they operate.

28 Citations

View as Search Results

20 Claims

1. A method of projecting a false apparent computer network view for protecting a real computer network against hackers, the method comprising:
- receiving into a physical computer network one or more requests for internet protocol (IP) addresses of nodes in the physical computer network;
  
  determining, using at least one processor operatively coupled with a memory, that a response to the one or more requests should present a false apparent view of a network configuration of the physical computer network;
  
  selecting a definition of a false apparent view of the network configuration based on the determination;
  
  building the response to the one or more requests, the response including at least one false IP address for a node in the computer network in accordance with the selected false apparent view; and
  
  sending the response through the computer network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein the determining is based upon a network location from which the request comes.
  - 3. The method of claim 1 wherein the selection is performed from multiple definitions of false apparent views of the network configuration.
  - 4. The method of claim 1 wherein the operations are performed in the order shown.
  - 5. The method of claim 1 wherein each operation is performed by the at least one processor operatively coupled with the memory.
  - 6. A non-transitory machine-readable storage medium embodying information indicative of instructions for causing one or more machines to perform the operations of claim 1.
  - 7. A computer system executing instructions in a computer program, the computer program instructions comprising program code for performing the operations of claim 1.

8. A method of projecting a false apparent computer network view for protecting a real computer network against hacker mapping tools, the method comprising:
- receiving a definition of a first false apparent view of a network configuration;
  
  receiving a definition of a second false apparent view of a network configuration, the first and second false apparent views of network configurations being different from an actual, physical configuration of a physical computer network;
  
  receiving into the physical computer network a request from a network mapping tool executed by a user for internet protocol (IP) addresses for nodes in the computer network;
  
  determining, using at least one processor operatively coupled with a memory, that the user should view a false view of the physical configuration regarding the IP addresses of the nodes in the computer network, the determining based on a network location of the user where security may be compromised;
  
  selecting between the first or second false apparent view based on the network location of the user;
  
  building a response to the request based on the selected first or second false apparent view, the response including at least one false IP address for a node in the computer network in accordance with the selected first or second false apparent view; and
  
  sending the response to the network mapping tool through the computer network.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The method of claim 8 wherein the network location of the user is outside the physical computer network.
  - 10. The method of claim 8 further comprising:
    - receiving into the physical computer network a second request from the network mapping tool for a number of nodes in the computer network; and
      
      building a second response to the second request based on the selected first or second false apparent view; and
      
      sending the second response to the network mapping tool through the computer network.
  - 11. The method of claim 8 further comprising:
    - receiving into the physical computer network a second request from the network mapping tool for a type of traffic sent between two or more of the nodes;
      
      building a second response to the second request based on the selected first or second false apparent view, the second response including a false type of traffic sent between two or more of the nodes; and
      
      sending the second response to the network mapping tool through the computer network.
  - 12. The method of claim 11 wherein the type of traffic includes network traffic selected from the group consisting of email traffic, printer traffic, and video traffic.
  - 13. The method of claim 8 wherein a node in the computer network is selected from the group consisting of a web server, a print server, a storage server, and a printer.
  - 14. The method of claim 8 wherein a node in the computer network is selected from the group consisting of a desktop, notebook, netbook, or tablet personal computer (PC), workstation, personal digital assistant (PDA), voice over Internet protocol (VoIP) telephone, network appliance, and smart phone.
  - 15. A non-transitory machine-readable storage medium embodying information indicative of instructions for causing one or more machines to perform the operations of claim 8.
  - 16. A computer system executing instructions in a computer program, the computer program instructions comprising program code for performing the operations of claim 8.

17. The method of obfuscating a network for protecting a real computer network against hackers, the method comprising:
- receiving definitions of false apparent views of a network configuration of a physical computer network;
  
  selecting, using at least one processor operatively coupled with a memory, among the definitions of the false apparent views of the network configuration;
  
  receiving a request from a network mapping tool for internet protocol (IP) addresses for nodes in the computer network;
  
  building a response to the request based on a currently selected definition of one of the false apparent views of the network; and
  
  sending the response to the network mapping tool through the computer network.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17 wherein the selecting is based upon a software clock.
  - 19. The method of claim 18 further comprising:
    - reconfiguring a software defined network executing on the physical computer network based on the software clock.
  - 20. A non-transitory machine-readable storage medium embodying information indicative of instructions for causing one or more machines to perform the operations of claim 17.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Acalvio Technologies, Inc.
Original Assignee
ZanttZ Incorporated (Acalvio Technologies, Inc.)
Inventors
Hughes, Chad O., Silva, Steven M.

Granted Patent

US 8,978,102 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

G06F 11/3414   Workload generation, e.g. s...

G06F 13/10   Program control for periphe...

G06F 15/16   Combinations of two or more...

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 41/12   Discovery or management of ...

H04L 41/122   of virtualised topologies, ...

H04L 41/145   involving simulating, desig...

H04L 61/4535   using an address exchange p...

H04L 61/5007   Internet protocol [IP] addr...

H04L 63/00   Network architectures or ne...

H04L 63/1466   Active attacks involving in...

NETWORK STIMULATION ENGINE

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

NETWORK STIMULATION ENGINE

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others