SCARECROW FOR DATA SECURITY

US 20170237771A1
Filed: 02/16/2016
Published: 08/17/2017
Est. Priority Date: 02/16/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving information pertaining to network data traffic being communicated from and/or to a user'"'"'s computer which is operated by a user;

analyzing the information to determine whether the user is engaged in potential hacking transaction(s) with respect to a network accessible resource; and

on condition that the user is determined to be engaged in potential hacking transaction(s);

generating a scarecrow message designed for display in human understandable form and format to the user on a computer operated by the user, andsending the scarecrow message to the user'"'"'s computer;

wherein potential hacking transaction(s) are defined as any set of communication(s) to and/or from the user'"'"'s computer that tend to indicate that the user'"'"'s computer is engaged in subverting computer security for malicious purposes.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, computer program product and/or system receives information pertaining to network data traffic from and/or to a network accessible resource, analyzes the information to determine whether a user is engaged in potential hacking transaction(s) with respect to the resource. On condition that the user is determined to be engaged in potential hacking transaction(s), a “scarecrow” message designed for display to the user, is generated and sent to the user.

14 Citations

View as Search Results

18 Claims

1. A computer-implemented method comprising:
- receiving information pertaining to network data traffic being communicated from and/or to a user'"'"'s computer which is operated by a user;
  
  analyzing the information to determine whether the user is engaged in potential hacking transaction(s) with respect to a network accessible resource; and
  
  on condition that the user is determined to be engaged in potential hacking transaction(s);
  
  generating a scarecrow message designed for display in human understandable form and format to the user on a computer operated by the user, andsending the scarecrow message to the user'"'"'s computer;
  
  wherein potential hacking transaction(s) are defined as any set of communication(s) to and/or from the user'"'"'s computer that tend to indicate that the user'"'"'s computer is engaged in subverting computer security for malicious purposes.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1 wherein potential hacking transaction(s) of the user includes at least one of the following:
    - a transaction by a user previously known to have engaged in hacking transaction(s);
      
      the user requests information from the network accessible resource at a rate that exceeds a pre-determined threshold;
      
      data accessed, by the user, includes information of a predefined format;
      
      data access attempts, by the user, generate errors at a rate exceeding a pre-defined threshold; and
      
      the user'"'"'s computer hostname exists in more than a pre-defined number of sessions with the network accessible resource.
  - 3. The computer-implemented method of claim 1 further comprising:
    - on condition that the user is engaged in potential hacking transaction(s);
      
      receiving data from the network accessible resource,altering the data to generate altered data, andsending the altered data to a computer operated by the user.
  - 4. The computer-implemented method of claim 1 wherein the scarecrow message is sent to the user in a form and format that is displayable by software running on a computer operated by the user.
  - 5. The computer-implemented method of claim 1 wherein the scarecrow message includes at least one of the following:
    - (i) the user'"'"'s internet protocol (IP) address;
      
      (ii) indication that the user'"'"'s activities are being monitored;
      
      (iii) indication that a connection profile of the computer operated by the user is being monitored;
      
      (iv) a phantom background process; and
      
      /or (v) the user'"'"'s log-in chain.
  - 6. The computer-implemented method of claim 3 wherein altering the data includes at least one of the following:
    - (i) adding an electronic watermark;
      
      (ii) adding a warning message; and
      
      /or (iii) preventing transmission to the user'"'"'s computer of at least a portion of the data.

7. A computer program product comprising a computer readable storage medium having stored thereon:
- first program instructions programmed to receive information pertaining to network data traffic being communicated from and/or to a user'"'"'s computer which is operated by a user;
  
  second program instructions programmed to analyze the information to determine whether the user is engaged in potential hacking transaction with respect to a network accessible resource; and
  
  on condition that the user is determined to be engaged in potential hacking conduct;
  
  third program instructions programmed to generate scarecrow message designed for display in human understandable form and format to the user on a computer operated by the user, andfourth program instructions programmed to send the scarecrow message to the user'"'"'s computer;
  
  wherein potential hacking transaction(s) are defined as any set of communication(s) to and/or from the user'"'"'s computer that tend to indicate that the user'"'"'s computer is engaged in subverting computer security for malicious purposes.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer program product of claim 7 wherein potential hacking activity of the user includes at least one of the following:
    - a transaction by a user previously known to have engaged in hacking transactions;
      
      the user requests information from the network accessible resource at a rate that exceeds a pre-determined threshold;
      
      data accessed, by the user, includes information of a predefined format;
      
      data access attempts, by the user, generate errors at a rate exceeding a pre-defined threshold; and
      
      a computer hostname exists in more than a pre-defined number of sessions.
  - 9. The computer program product of claim 7 further comprising:
    - on condition that the user is engaged in potential hacking transactions;
      
      fifth program instructions programmed to receive data from the network accessible resource,sixth program instructions programmed to alter the data to generate altered data, andseventh program instructions programmed to send the altered data to a computer operated by the user.
  - 10. The computer program product of claim 7 wherein the scarecrow message is sent to the user in a form and format that is displayable by software running on the computer operated by the user.
  - 11. The computer program product of claim 7 wherein the scarecrow message includes at least one of the following:
    - (i) the user'"'"'s internet protocol (IP) address;
      
      (ii) indication that the user'"'"'s activities are being monitored;
      
      (iii) indication that a connection profile of the computer operated by the user is being monitored;
      
      (iv) a phantom background process; and
      
      /or (v) the user'"'"'s log-in chain.
  - 12. The computer program product of claim 9 wherein altering the data includes at least one of the following:
    - (i) adding an electronic watermark;
      
      (ii) adding a warning message; and
      
      /or (iii) preventing transmission to the user'"'"'s computer of at least a portion of the data.

13. A computer system comprising:
- a processor(s) set; and
  
  a computer readable storage medium;
  
  wherein;
  
  the processor(s) set is structured, located, connected and/or programmed to run program instructions stored on the computer readable storage medium; and
  
  the program instructions include;
  
  first program instructions programmed to receive information pertaining to network data traffic being communicated from and/or to a user'"'"'s computer which is operated by a user;
  
  second program instructions programmed to analyze the information to determine whether the user is engaged in potential hacking transaction with respect to a network accessible resource; and
  
  on condition that the user is determined to be engaged in potential hacking conduct;
  
  third program instructions programmed to generate scarecrow message designed for display in human understandable form and format to the user on a computer operated by the user, andfourth program instructions programmed to send the scarecrow message to the user'"'"'s computer;
  
  wherein potential hacking transaction(s) are defined as any set of communication(s) to and/or from the user'"'"'s computer that tend to indicate that the user'"'"'s computer is engaged in subverting computer security for malicious purposes.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer system of claim 13 wherein potential hacking activity of the user includes at least one of the following:
    - a transaction by a user previously known to have engaged in hacking transactions;
      
      the user requests information from the network accessible resource at a rate that exceeds a pre-determined threshold;
      
      data accessed, by the user, includes information of a predefined format;
      
      data access attempts, by the user, generate errors at a rate exceeding a pre-defined threshold; and
      
      a computer hostname exists in more than a pre-defined number of sessions.
  - 15. The computer system of claim 13 further comprising:
    - on condition that the user is engaged in potential hacking transactions;
      
      fifth program instructions programmed to receive data from the network accessible resource,sixth program instructions programmed to alter the data to generate altered data, andseventh program instructions programmed to send the altered data to a computer operated by the user.
  - 16. The computer system of claim 13 wherein the scarecrow message is sent to the user in a form and format that is displayable by software running on the computer operated by the user.
  - 17. The computer system of claim 13 wherein the scarecrow message includes at least one of the following:
    - (i) the user'"'"'s internet protocol (IP) address;
      
      (ii) indication that the user'"'"'s activities are being monitored;
      
      (iii) indication that a connection profile of the computer operated by the user is being monitored;
      
      (iv) a phantom background process; and
      
      /or (v) the user'"'"'s log-in chain.
  - 18. The computer system of claim 15 wherein altering the data includes at least one of the following:
    - (i) adding an electronic watermark;
      
      (ii) adding a warning message; and
      
      /or (iii) preventing transmission to the user'"'"'s computer of at least a portion of the data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Miroshnikov, Roza, Rozenblat, David, Sofer, Oded

Granted Patent

US 10,171,494 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/1408 by monitoring network traff...

H04L 63/1466 Active attacks involving in...

SCARECROW FOR DATA SECURITY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

SCARECROW FOR DATA SECURITY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links