REVIVAL AND REDIRECTION OF BLOCKED CONNECTIONS FOR INTENTION INSPECTION IN COMPUTER NETWORKS
First Claim
Patent Images
1. A method for network security, comprising:
- monitoring traffic exchanged over a computer network;
identifying in the monitored traffic a failed attempt by an initiating computer to communicate with a target computer;
reviving the identified failed attempt by establishing an investigation connection with the initiating computer while impersonating the target computer; and
verifying whether the failed attempt was malicious or innocent by communicating with the initiating computer over the investigation connection.
4 Assignments
0 Petitions
Accused Products
Abstract
A method for network security includes monitoring traffic exchanged over a computer network. A failed attempt to communicate with a target computer by an initiating computer is identified in the monitored traffic. The identified failed attempt is revived by establishing an investigation connection with the initiating computer while impersonating the target computer. Verification is made as to whether the failed attempt was malicious or innocent, by communicating with the initiating computer over the investigation connection.
90 Citations
28 Claims
-
1. A method for network security, comprising:
-
monitoring traffic exchanged over a computer network; identifying in the monitored traffic a failed attempt by an initiating computer to communicate with a target computer; reviving the identified failed attempt by establishing an investigation connection with the initiating computer while impersonating the target computer; and verifying whether the failed attempt was malicious or innocent by communicating with the initiating computer over the investigation connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for network security, comprising:
-
one or more interfaces, which are configured to connect to a computer network; and one or more processors, which are configured to monitor traffic exchanged over the computer network, to identify in the monitored traffic a failed attempt by an initiating computer to communicate with a target computer, to revive the identified failed attempt by establishing an investigation connection with the initiating computer while impersonating the target computer, and to verify whether the failed attempt was malicious or innocent by communicating with the initiating computer over the investigation connection. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification