UNAUTHORIZED ACCESS DETECTING SYSTEM AND UNAUTHORIZED ACCESS DETECTING METHOD

US 20160134658A1
Filed: 06/19/2014
Published: 05/12/2016
Est. Priority Date: 07/05/2013
Status: Active Grant

First Claim

Patent Images

1. An unauthorized access detecting system, comprising:

a generating unit that generates authentication information to be leaked outside;

a detecting unit that detects unauthorized access to a content using the authentication information generated by the generating unit;

a monitoring unit that monitors falsification of the content when the unauthorized access has been detected by the detecting unit; and

a first detecting unit that detects, based on a result of the monitoring by the monitoring unit, falsification of the content.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an unauthorized access detecting system, authentication information to be leaked outside is generated, and unauthorized access to a content using the generated authentication information is detected. In the unauthorized access detecting system, if the unauthorized access has been detected, content falsification is monitored. If, as a result of the monitoring, content falsification has been detected, the unauthorized access detecting system extracts a character string, which has been newly added to the content.

22 Citations

View as Search Results

18 Claims

1. An unauthorized access detecting system, comprising:
- a generating unit that generates authentication information to be leaked outside;
  
  a detecting unit that detects unauthorized access to a content using the authentication information generated by the generating unit;
  
  a monitoring unit that monitors falsification of the content when the unauthorized access has been detected by the detecting unit; and
  
  a first detecting unit that detects, based on a result of the monitoring by the monitoring unit, falsification of the content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The unauthorized access detecting system according to claim 1, wherein the first detecting unit extracts a character string that has been newly added to the content, when falsification of the content has been detected as a result of the monitoring by the monitoring unit.
  - 3. The unauthorized access detecting system according to claim 2, wherein the first detecting unit obtains, when falsification of the content has been monitored by the monitoring unit, a difference between the content before the falsification and the content after the falsification and extracts a character string that has been newly added to the content by using the difference.
  - 4. The unauthorized access detecting system according to claim 2, further comprising a second detecting unit that detects, by using the character string extracted by the first detecting unit as a signature, unauthorized access that causes falsification of a content.
  - 5. The unauthorized access detecting system according to claim 2, further comprising an examination unit that examines whether or not the character string extracted by the first detecting unit is included in a content held by a Web site, and detects a content including the character string as a content that has been falsified by unauthorized access.
  - 6. The unauthorized access detecting system according to claim 1, wherein when, as a result of the monitoring by the monitoring unit, falsification of the content has been detected, the first detecting unit examines the content and obtains information on a malicious Web site.
  - 7. The unauthorized access detecting system according to claim 6, wherein the first detecting unit examines the content, and obtains, from a redirection code inserted by falsification of the content, information on a malicious Web site of a redirection destination.
  - 8. The unauthorized access detecting system according to claim 7, wherein the first detecting unit obtains, as the information on the malicious Web site of the redirection destination, a uniform resource locator (URL), a fully qualified domain name (FQDN), or an interne protocol (IP) address assigned to the FQDN.
  - 9. The unauthorized access detecting system according to claim 6, further comprising a storage unit that stores therein the authentication information generated by the generating unit, whereinthe detecting unit determines whether authentication information used in access to the content coincides with the authentication information stored in the storage unit, and if there is coincidence, the detecting unit detects the access as unauthorized access.

10. An unauthorized access detecting method executed by an unauthorized access detecting system, the unauthorized access detecting method including:
- a generating step of generating authentication information to be leaked outside;
  
  a detecting step of detecting unauthorized access to a content using the authentication information generated by the generating step;
  
  a monitoring step of monitoring falsification of the content when the unauthorized access has been detected by the detecting step; and
  
  a first detecting step of detecting, based on a result of the monitoring by the monitoring step, falsification of the content.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The unauthorized access detecting method according to claim 10, wherein in the first detecting step, when falsification of the content has been detected as a result of the monitoring by the monitoring step, a character string that has been newly added to the content is extracted.
  - 12. The unauthorized access detecting method according to claim 11, wherein in the first detecting step, when falsification of the content has been monitored by the monitoring step, a difference between the content before the falsification and the content after the falsification is obtained, and a character string that has been newly added to the content is extracted by using the difference.
  - 13. The unauthorized access detecting method according to claim 11, further including a second detecting step of detecting, by using the character string extracted by the first detecting step as a signature, unauthorized access that causes falsification of a content.
  - 14. The unauthorized access detecting method according to claim 11, further including an examination step of examining whether or not the character string extracted by the first detecting step is included in a content held by a Web site and detecting a content including the character string as a content that has been falsified by unauthorized access.
  - 15. The unauthorized access detecting method according to claim 10, wherein in the first detecting step, when falsification of the content is detected as a result of the monitoring by the monitoring step, the content is examined and information on a malicious Web site is obtained.
  - 16. The unauthorized access detecting method according to claim 15, wherein in the first detecting step, the content is examined, and information on a malicious Web site of a redirection destination is obtained from a redirection code that has been inserted by the falsification of the content.
  - 17. The unauthorized access detecting method according to claim 16, wherein in the first detecting step, as the information on the malicious Web site of the redirection destination, a uniform resource locator (URL), a fully qualified domain name (FQDN), or an internet protocol (IP) address assigned to the FQDN is obtained.
  - 18. The unauthorized access detecting method according to claim 15, further including a storing step of storing the authentication information generated by the generating step into a storage unit, whereinin the detecting step, whether authentication information used in access to the content coincides with the authentication information stored in the storage unit is determined, and if there is coincidence, the access is detected as unauthorized access.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nippon Telegraph and Telephone Corporation
Original Assignee
Nippon Telegraph and Telephone Corporation
Inventors
YAGI, Takeshi, AKIYAMA, Mitsuaki

Granted Patent

US 10,033,761 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/62   Protecting access to data v...

H04L 63/102   Entity profiles

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

H04L 63/1491   using deception as counterm...

UNAUTHORIZED ACCESS DETECTING SYSTEM AND UNAUTHORIZED ACCESS DETECTING METHOD

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

UNAUTHORIZED ACCESS DETECTING SYSTEM AND UNAUTHORIZED ACCESS DETECTING METHOD

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others