ACTIVE ATTACK DETECTION SYSTEM

US 20150358345A1
Filed: 06/09/2015
Published: 12/10/2015
Est. Priority Date: 06/09/2014
Status: Active Grant

First Claim

Patent Images

1. A method of detecting security attacks on a wireless networked computer system, comprising:

activating a remote sensor, the remote sensor having a wireless adapter, processor, storage and memory, the remote sensor configured and arranged to emulate a client workstation;

connecting the remote sensor to a wireless computer network, the wireless computer network having an unknown security status;

establishing a secure communications tunnel between the remote sensor and a server, the server configured and arranged to issue commands to the remote sensor and receive alert information from the remote sensor;

detecting a security event with the remote sensor;

with the server, determining a threat level the security event poses to a user of the wireless computer network; and

issuing a threat assessment from the sever to the user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system of detecting security attacks on a wireless networked computer system includes a remote sensor having a wireless adapter, processor, storage and memory, the remote sensor configured and arranged to emulate a client workstation that is activated and instructed to connect to a wireless computer network having an unknown security status. A secure communications tunnel is established via wired or wireless means between the remote sensor and a server. The server is configured to issue commands to the remote sensor and receive alert information from the remote sensor which detects security events on the wireless computer network. The server determines the threat level the security event poses to a user of the wireless computer network and issues a threat assessment to the user.

31 Citations

View as Search Results

20 Claims

1. A method of detecting security attacks on a wireless networked computer system, comprising:
- activating a remote sensor, the remote sensor having a wireless adapter, processor, storage and memory, the remote sensor configured and arranged to emulate a client workstation;
  
  connecting the remote sensor to a wireless computer network, the wireless computer network having an unknown security status;
  
  establishing a secure communications tunnel between the remote sensor and a server, the server configured and arranged to issue commands to the remote sensor and receive alert information from the remote sensor;
  
  detecting a security event with the remote sensor;
  
  with the server, determining a threat level the security event poses to a user of the wireless computer network; and
  
  issuing a threat assessment from the sever to the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising creating a database on the server, the database having a plurality of tables configured and arranged to tabulate security events.
  - 3. The method of claim 2, further comprising calculating a total of security events by type.
  - 4. The method of claim 2, further comprising classifying a security event by severity.
  - 5. The method of claim 2, further comprising creating and storing signatures for comparison, sharing, and cross-referencing.
  - 6. The method of claim 1, wherein the step of detecting a security event comprises capturing open systems interconnection layer 2 events.
  - 7. The method of claim 1, wherein the step of detecting a security event comprises capturing open systems interconnection layer 3 events.
  - 8. The method of claim 1, wherein the step of detecting a security event comprises capturing address resolution protocol events.
  - 9. The method of claim 1, wherein the step of detecting a security event comprises capturing internet control message protocol events.

10. A system of detecting security attacks on a wireless networked computer system, comprising:
- a remote sensor having a wireless adapter, processor, storage and memory, the remote sensor configured and arranged to emulate a client workstation connected to a wireless computer network through the wireless adapter;
  
  a server having a processor, storage, memory, and network adapter, the server configured and arranged to selectively connected to the remote sensor through a secure tunnel established between the network adapter and wireless adapter;
  
  the remote sensor further configured and arranged to report security threats to the server; and
  
  the server further configured and arranged to create a threat assessment of the security threats received from the remote sensor and report the threat assessment to a user.
- View Dependent Claims (11, 12, 13, 14, 16, 17, 18, 19, 20)
- - 11. The system of claim 10, further comprising a virtual client subsystem on the remote sensor and a sensor monitor module on the server communicatingly connected through the secure tunnel, the virtual client subsystem configured and arranged to.
  - 12. The system of claim 10, further comprising a combined network detector, packet sniffer and intrusion detection system including a drone on the remote sensor and a drone server module on the server communicatingly connected through the secure tunnel.
  - 13. The system of claim 10, further comprising a database on the server, the database containing a plurality of tables configured and arranged to store and retrieve security threat information received from the remote sensor.
  - 14. The system of claim 13, further comprising alerts monitor module configured and arranged to read the database and create a log of alert summaries received form the remote sensor.
  - 16. The system of claim 10, wherein the remote sensor captures open systems interconnection layer 2 events.
  - 17. The system of claim 10, wherein the remote sensor captures open systems interconnection layer 3 events.
  - 18. The system of claim 10, wherein the remote sensor captures address resolution protocol events.
  - 19. The system of claim 10, wherein the remote sensor captures address resolution protocol/internet protocol mapping changes.
  - 20. The system of claim 10, wherein the remote sensor captures internet control message protocol events.

15. The system of claim 15, wherein the log of alert summaries is in XML format.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meadow Hills LLC
Original Assignee
Meadow Hills LLC
Inventors
Clark, David, Strand, John, Thyer, Jonathan

Granted Patent

US 9,628,502 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/556   involving covert channels, ...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/1466   Active attacks involving in...

H04W 12/122   Counter-measures against at...

ACTIVE ATTACK DETECTION SYSTEM

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ACTIVE ATTACK DETECTION SYSTEM

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links