Systems and methods for distributed network protection
First Claim
1. A distributed system for monitoring a communications network and for detecting, tracing and retaliating to an unauthorized communications access attempt into the monitored communications network, the system comprising:
- one or more distributed hierarchical monitoring systems; and
one or more alarm signals that represent an unauthorized communications access attempt into one or more localized portions of the monitored communications network;
wherein the one or more distributed hierarchical monitoring systems analyze the unauthorized communications access attempt in response to the unauthorized communications access attempt, and determine a responsive action to the unauthorized communications access attempt, including sending a mechanism for verifying the presence of an attack and for immediately determining a source of the unauthorized communications access attempt;
wherein the verifying mechanism sends a determining mechanism that determines if the source of the unauthorized access attempt is hostile;
wherein the determining mechanism includes an identified packet concealed in the response, and the one or more distributed hierarchical monitoring systems detect passage of the identified packet;
wherein the packet is identified by a flag, and the one or more distributed hierarchical monitoring systems comprise conduit hosts and participating nodes forming a cooperative reporting system to detect passage of the flag and record information related to the flag and associated data, thereby revealing the source of the unauthorized communications access attempt regardless of a number of intermediate steps used to avoid detection by the source of the unauthorized communication access attempt;
wherein the identified packet triggers the reporting and showing of a path to the source of the unauthorized communication access attempt;
wherein subject to applicable laws an immediate counter-attack is launched, anytime after commencement of the unauthorized communication access attemptwherein the counter-attack comprises a concealed program embedded with additional levels of verification to ensure the hostile intent and identity of the source of the unauthorized communication access attempt in addition to destructive means for destroying the files and/or operating system of a computer of the source of the unauthorized communication access attempt;
wherein the additional levels of verification of hostile intent and identity of the source of the unauthorized communication access attempt are based on an historical profile, other previous attempts by the source of the unauthorized communication access attempt or communication with other monitoring centers to determine whether other targets have been attacked with same or similar unauthorized access requests; and
wherein upon verification of hostile intent and identity of the source of the unauthorized communication access attempt, the identification of the source of the unauthorized communication access attempt is secretly forwarded to a target station or monitoring center and via the counter-attack files and/or operating system of the computer of the source of the unauthorized communication access attempt are destroyed.
1 Assignment
0 Petitions
Accused Products
Abstract
By distributing various information and monitoring centers that monitor distributed networks and unauthorized access attempts, it is possible to, for example, more quickly defend against an unauthorized access attempts. For example, a Level 1 monitoring center could monitor a predetermined geographical area serving, for example, a wide variety of commercial and public sites, an organizational structure, or the like, for alarms. Upon analyzing an alarm for various characteristics, the Level 1 monitoring center can refer the unauthorized access attempt to an appropriate Level 2 center for, for example, possible retaliatory and/or legal action. Then, a Level 3 monitoring center can record and maintain an overall picture of the security of one or more networks, the plurality of monitoring centers and information about one or more hacking attempts.
-
Citations
21 Claims
-
1. A distributed system for monitoring a communications network and for detecting, tracing and retaliating to an unauthorized communications access attempt into the monitored communications network, the system comprising:
-
one or more distributed hierarchical monitoring systems; and one or more alarm signals that represent an unauthorized communications access attempt into one or more localized portions of the monitored communications network; wherein the one or more distributed hierarchical monitoring systems analyze the unauthorized communications access attempt in response to the unauthorized communications access attempt, and determine a responsive action to the unauthorized communications access attempt, including sending a mechanism for verifying the presence of an attack and for immediately determining a source of the unauthorized communications access attempt; wherein the verifying mechanism sends a determining mechanism that determines if the source of the unauthorized access attempt is hostile; wherein the determining mechanism includes an identified packet concealed in the response, and the one or more distributed hierarchical monitoring systems detect passage of the identified packet; wherein the packet is identified by a flag, and the one or more distributed hierarchical monitoring systems comprise conduit hosts and participating nodes forming a cooperative reporting system to detect passage of the flag and record information related to the flag and associated data, thereby revealing the source of the unauthorized communications access attempt regardless of a number of intermediate steps used to avoid detection by the source of the unauthorized communication access attempt; wherein the identified packet triggers the reporting and showing of a path to the source of the unauthorized communication access attempt; wherein subject to applicable laws an immediate counter-attack is launched, anytime after commencement of the unauthorized communication access attempt wherein the counter-attack comprises a concealed program embedded with additional levels of verification to ensure the hostile intent and identity of the source of the unauthorized communication access attempt in addition to destructive means for destroying the files and/or operating system of a computer of the source of the unauthorized communication access attempt; wherein the additional levels of verification of hostile intent and identity of the source of the unauthorized communication access attempt are based on an historical profile, other previous attempts by the source of the unauthorized communication access attempt or communication with other monitoring centers to determine whether other targets have been attacked with same or similar unauthorized access requests; and wherein upon verification of hostile intent and identity of the source of the unauthorized communication access attempt, the identification of the source of the unauthorized communication access attempt is secretly forwarded to a target station or monitoring center and via the counter-attack files and/or operating system of the computer of the source of the unauthorized communication access attempt are destroyed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for monitoring a communications network and for detecting, tracing and retaliating to an unauthorized communications access attempt into the monitored communications network, the method comprising:
-
monitoring one or more portions of the monitored communications network through one or more distributed hierarchical monitoring systems; and
receiving one or more alarm signals that represent an unauthorized communications access attempt into one or more localized portions of the monitored communications network,wherein the one or more distributed hierarchical monitoring systems analyze the unauthorized communications access attempt in response to the unauthorized communications access attempt, and determine a responsive action to the unauthorized communications access attempt, including sending a mechanism for verifying the presence of an attack and for immediately determining a source of the unauthorized communications access attempt; wherein the verifying mechanism sends a determining mechanism that determines if the source of the unauthorized access attempt is hostile; wherein the determining mechanism includes an identified packet concealed in the response, and the one or more distributed hierarchical monitoring systems detect passage of the identified packet; wherein the packet is identified by a flag and the one or more distributed hierarchical monitoring systems comprise conduit hosts and participating nodes forming a cooperative reporting system to detect passage of the flag and record information related to the flag and associated data, thereby revealing the source of the unauthorized communications access attempt regardless of a number of intermediate steps used to avoid detection by the source of the unauthorized communication access attempt; wherein the identified packet triggers the reporting and showing of a path to the source of the unauthorized communication access attempt; wherein subject to applicable laws an immediate counter-attack is launched, anytime after commencement of the unauthorized communication access attempt; wherein the counter-attack comprises a concealed program embedded with additional levels of verification to ensure the hostile intent and identity of the source of the unauthorized communication access attempt in addition to destructive means for destroying the files and/or operating system of a computer of the source of the unauthorized communication access attempt; wherein the additional levels of verification of hostile intent and identity of the source of the unauthorized communication access attempt are based on an historical profile, other previous attempts by the source of the unauthorized communication access attempt or communication with other monitoring centers to determine whether other targets have been attacked with same or similar unauthorized access requests; and wherein upon verification of hostile intent and identity of the source of the unauthorized communication access attempt, the identification of the source of the unauthorized communication access attempt is secretly forwarded to a target station or monitoring center and via the counter-attack files and/or operating system of the computer of the source of the unauthorized communication access attempt are destroyed. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
Specification