System and Method for Analyzing Unauthorized Intrusion Into a Computer Network
First Claim
Patent Images
1. A method for analyzing unauthorized intrusion into a computer network, the method comprising:
- allowing access to a virtualized operating system running on a hypervisor operating system hosted on a network device;
using an introspection module comprising a virtual-machine-based rootkit module and its associated userland processes running on the hypervisor operating system to intercept a network attack on the virtualized operating system, wherein the network attack includes attack-identifying information;
generating forensic data on the network attack from the attack-identifying information, where the forensic data is based on all activity associated with the operating system;
generating an attack signature from the forensic data; and
providing the attack signature to an intrusion prevention system configured to control access to a protected network using the attack signature to identify subsequent attacks.
6 Assignments
0 Petitions
Accused Products
Abstract
The method analyzes unauthorized intrusion into a computer network. Access is allowed to a virtualized operating system running on a hypervisor operating system hosted on a network device. A network attack is intercepted on the virtualized operating system using an introspection module with a virtual-machine-based rootkit module and its associated userland processes running on the hypervisor operating system. The network attack includes attack-identifying information. Forensic data is generated on the network attack from the attack-identifying information.
21 Citations
1 Claim
-
1. A method for analyzing unauthorized intrusion into a computer network, the method comprising:
-
allowing access to a virtualized operating system running on a hypervisor operating system hosted on a network device; using an introspection module comprising a virtual-machine-based rootkit module and its associated userland processes running on the hypervisor operating system to intercept a network attack on the virtualized operating system, wherein the network attack includes attack-identifying information; generating forensic data on the network attack from the attack-identifying information, where the forensic data is based on all activity associated with the operating system; generating an attack signature from the forensic data; and providing the attack signature to an intrusion prevention system configured to control access to a protected network using the attack signature to identify subsequent attacks.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeGoSecure, Inc.
-
Original AssigneeCountertack Incorporated
-
InventorsCapalik, Alen
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current726/23
-
CPC Class CodesG06F 21/552 involving long-term monitor...G06F 21/566 Dynamic detection, i.e. det...G06F 2221/2123 Dummy operationG06F 9/45533 Hypervisors; Virtual machin...H04L 63/1408 by monitoring network traff...H04L 63/1416 Event detection, e.g. attac...H04L 63/145 the attack involving the pr...H04L 63/1491 using deception as counterm...
