SYSTEMS AND METHODS FOR DISTRIBUTED THREAT DETECTION IN A COMPUTER NETWORK

US 20150229656A1
Filed: 09/08/2014
Published: 08/13/2015
Est. Priority Date: 02/11/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, by a threat detection system of a first computer network, a request for a service from a threat sensor of a second computer network, the service requested of the threat sensor within the second computer network in an unsolicited request received from a network element of the second computer network;

emulating the service identified in the request to generate a response to the request;

sending the response to the threat sensor, the threat sensor to forward the response generated by the threat detection system to the network element within the second computer network; and

analyzing one or more communications between the threat detection system and the network element during emulation of the service requested by the network element to determine whether the network element is a threat to the second network.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for distributed threat detection in a computer network is described. The method may include receiving, by a threat detection system of a first computer network, a request for a service from a threat sensor of a second computer network, the service requested of the threat sensor within the second computer network from a network element of the second computer network. The method may also include emulating the service identified in the request to generate a response to the request, and sending the response to the threat sensor for forwarding to the network element within the second computer network. Furthermore, the method may include analyzing one or more communications between the threat detection system and the network element during emulation of the service requested by the network element to determine whether the network element is a threat to the second network.

42 Citations

View as Search Results

21 Claims

1. A computer-implemented method comprising:
- receiving, by a threat detection system of a first computer network, a request for a service from a threat sensor of a second computer network, the service requested of the threat sensor within the second computer network in an unsolicited request received from a network element of the second computer network;
  
  emulating the service identified in the request to generate a response to the request;
  
  sending the response to the threat sensor, the threat sensor to forward the response generated by the threat detection system to the network element within the second computer network; and
  
  analyzing one or more communications between the threat detection system and the network element during emulation of the service requested by the network element to determine whether the network element is a threat to the second network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the threat sensor and the network element are collocated within the second computer network, and the first computer network and the second computer network are different computer networks.
  - 3. The computer-implemented method of claim 1, further comprising:
    - receiving a request for a second service from a second threat sensor of a third computer network, wherein the first computer network, the second computer network and the third computer network are different computer networks, and wherein the threat detection system analyzes communications with the threat sensor and the second threat sensor for potential threats to their respective computer networks in parallel.
  - 4. The method of claim 3, wherein the first computer network, the second computer network, and the third computer network are different physical computer networks.
  - 5. The method of claim 3, wherein the second computer network and the third computer network are different logical computer networks deployed within the same physical computer network.
  - 6. The method of claim 1, wherein the threat detection system is executed by a server computer system within the first computer network.
  - 7. The method of claim 1, wherein the network element is determined to be a threat to the second network when the communications exchanged between the threat detection system and the threat sensor during emulation of the services requested by the network element are indicative of one or more of an attempt to distribute malicious network content or an attempt to disrupt a computer network service.

8. An article of manufacture having one or more non-transitory computer readable storage media storing executable instructions thereon which when executed cause a system to perform a method comprising:
- receiving, by a threat detection system of a first computer network, a request for a service from a threat sensor of a second computer network, the service requested of the threat sensor within the second computer network in an unsolicited request received from a network element of the second computer network;
  
  emulating the service identified in the request to generate a response to the request;
  
  sending the response to the threat sensor, the threat sensor to forward the response generated by the threat detection system to the network element within the second computer network; and
  
  analyzing one or more communications between the threat detection system and the network element during emulation of the service requested by the network element to determine whether the network element is a threat to the second network.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The article of manufacture of claim 8, wherein the threat sensor and the network element are collocated within the second computer network, and the first computer network and the second computer network are different computer networks.
  - 10. The article of manufacture of claim 8, further comprising:
    - receiving a request for a second service from a second threat sensor of a third computer network, wherein the first computer network, the second computer network and the third computer network are different computer networks, and wherein the threat detection system analyzes communications with the threat sensor and the second threat sensor for potential threats to their respective computer networks in parallel.
  - 11. The article of manufacture of claim 10, wherein the first computer network, the second computer network, and the third computer network are different physical computer networks.
  - 12. The article of manufacture of claim 10, wherein the second computer network and the third computer network are different logical computer networks deployed within the same physical computer network.
  - 13. The article of manufacture of claim 8, wherein the threat detection system is executed by a server computer system within the first computer network.
  - 14. The article of manufacture of claim 8, wherein the network element is determined to be a threat to the second network when the communications exchanged between the threat detection system and the threat sensor during emulation of the services requested by the network element are indicative of one or more of an attempt to distribute malicious network content or an attempt to disrupt a computer network service.

15. A system, comprising:
- a memory; and
  
  a processor coupled with the memory to execute a threat detection system toreceive, at a first computer network, a request for a service from a threat sensor of a second computer network, the service requested of the threat sensor within the second computer network in an unsolicited request received from a network element of the second computer network,emulate the service identified in the request to generate a response to the request,send the response to the threat sensor, the threat sensor to forward the response generated by the threat detection system to the network element within the second computer network, andanalyze one or more communications between the threat detection system and the network element during emulation of the service requested by the network element to determine whether the network element is a threat to the second network.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The system of claim 15, wherein the threat sensor and the network element are collocated within the second computer network, and the first computer network and the second computer network are different computer networks.
  - 17. The system of claim 15, further comprising:
    - receiving a request for a second service from a second threat sensor of a third computer network, wherein the first computer network, the second computer network and the third computer network are different computer networks, and wherein the threat detection system analyzes communications with the threat sensor and the second threat sensor for potential threats to their respective computer networks in parallel.
  - 18. The system of claim 17, wherein the first computer network, the second computer network, and the third computer network are different physical computer networks.
  - 19. The system of claim 17, wherein the second computer network and the third computer network are different logical computer networks deployed within the same physical computer network.
  - 20. The system of claim 15, wherein the threat detection system is executed by a server computer system within the first computer network.
  - 21. The system of claim 15, wherein the network element is determined to be a threat to the second network when the communications exchanged between the threat detection system and the threat sensor during emulation of the services requested by the network element are indicative of one or more of an attempt to distribute malicious network content or an attempt to disrupt a computer network service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
vArmour Networks Inc
Original Assignee
vArmour Networks Inc
Inventors
Shieh, Choung-Yaw Michael

Granted Patent

US 9,621,568 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

H04L 63/1491   using deception as counterm...

SYSTEMS AND METHODS FOR DISTRIBUTED THREAT DETECTION IN A COMPUTER NETWORK

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

42 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR DISTRIBUTED THREAT DETECTION IN A COMPUTER NETWORK

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links