Illegal access data handling apparatus and method for handling illegal access data

US 7,360,250 B2
Filed: 11/26/2001
Issued: 04/15/2008
Est. Priority Date: 02/14/2001
Status: Expired due to Fees

First Claim

Patent Images

1. An illegal access data handling apparatus, comprising:

a control system; and

a decoy server, functionally coupled to the control system, wherein the apparatus is placed outside a given internal communication network, for receiving illegal access data transmitted from a data communication device placed outside the internal communication network for a purpose of illegally accessing the internal communication network, and for taking countermeasures against the illegal access data received, further wherein the countermeasures include providing a response pretending to originate from the internal communication network,the response being encapsulated and sent to a network device within said given internal communication network to be decapsulated and transmitted by the network device to said data communication device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To provide a centralized control system for defending and taking countermeasures against an illegal access. A network device 3 detects an illegal access packet P1 transmitted from an illegal accessor'"'"'s terminal 6, and transfers an encapsulated packet P2 of the illegal access packet P1 to a data center 1. A control system 11 in the data center 1 analyzes the packet P2, encapsulates a response packet P4 from a decoy server 13 pretending to be a response from a target server to be attacked 5 to acquire a packet P3, and then transmits the packet P3 to the network device 3. The network device 3 decapsulates the packet P3 so as to extract a response packet P4, and transmits the response packet P4 to the illegal accessor'"'"'s terminal 6. The illegal accessor'"'"'s terminal 6, upon reception of the response packet P4, would believe that the response packet P4 should be transmitted from the server 5, and start to illegally access the decoy server 13.

17 Citations

View as Search Results

16 Claims

1. An illegal access data handling apparatus, comprising:
- a control system; and
  
  a decoy server, functionally coupled to the control system, wherein the apparatus is placed outside a given internal communication network, for receiving illegal access data transmitted from a data communication device placed outside the internal communication network for a purpose of illegally accessing the internal communication network, and for taking countermeasures against the illegal access data received, further wherein the countermeasures include providing a response pretending to originate from the internal communication network,the response being encapsulated and sent to a network device within said given internal communication network to be decapsulated and transmitted by the network device to said data communication device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The illegal access data handling apparatus of claim 1, wherein the illegal access data handling apparatus is connected to an illegal access data detection device for relaying a data communication between a data communication device placed within the internal communication network and a data communication device placed outside the internal n communication network, and for detecting the illegal access data, andwherein the illegal access data handling apparatus receives the illegal access data from the illegal access data detection device.
  - 3. The illegal access data handling apparatus of claim 2, further comprising:
    - a data reception section for receiving the illegal access data from the illegal access data detection device;
      
      a data analysis section for analyzing the illegal access data received by the data reception section;
      
      a response data generation section for generating response data to the illegal access data based upon an analysis result from the data analysis section; and
      
      a data transmission section for transmitting the response data generated by the response data generation section to the illegal access data detection device.
  - 4. The illegal access data handling apparatus of claim 3, wherein the data reception section receives an encapsulated illegal access data from the illegal access data detection device,wherein the illegal access data handling apparatus further includes a capsulation section for decapsulating the encapsulated illegal access data received by the data reception section to extract the illegal access data, and encapsulates the response data, andwherein the data transmission section transmits the response data encapsulated by the capsulation section to the illegal access data detection device.
  - 5. The illegal access data handling apparatus of claim 3, wherein the response data generation section generates response data having same contents as those of response data that would be generated by a specific data communication device placed in the internal communication network in response to the illegal access data if the specific data communication device received the illegal access data.
  - 6. The illegal access data handling apparatus of claim 3, wherein the data reception section receives from the illegal access data detection device communication history information indicating a communication history of the illegal access data detection device,wherein the data analysis section analyzes the communication history information received by the data reception section, and generates illegal access data designation information designating data transmitted from a given data communication device placed outside the internal communication network as the illegal access data based upon an analysis result of the communication history information, andwherein the data transmission section transmits the illegal access data designation information generated by the data analysis section to the illegal data detection device.
  - 7. The illegal access data handling apparatus of claim 4, wherein the data reception section receives the illegal access data having authentication information attached to be used for data authentication from the illegal access data detection device, andwherein the capsulation section performs the data authentication for the illegal access data by using the authentication information.
  - 8. The illegal access data handling apparatus of claim 7, wherein the capsulation section attaches the authentication information to be used for the data authentication for the response data to the response data, andwherein the data transmission section transmits the response data having the authentication information attached by the capsulation section to the illegal access data detection device.

9. A method for handling illegal access data outside a given internal communication network, the method comprising:
- receiving illegal access data transmitted from a data communication device placed outside the internal communication network for a purpose of illegally accessing the internal communication network; and
  
  taking countermeasures against the illegal access data received by a data center remotely located over the Internet from the internal network, wherein the countermeasures include providing a response pretending to originate from the internal communication network,the response being encapsulated by the data center and sent to a network device within said internal communication network to be decapsulated and transmitted by the network device to said data communication device.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, comprising:
    - communicating with an illegal access data detection device for relaying a data communication between a data communication device placed within the internal communication network and a data communication device placed outside the internal communication network, and for detecting the illegal access data; and
      
      receiving the illegal access data from the illegal access data detection device.
  - 11. The method of claim 10, comprising:
    - receiving the illegal access data from the illegal access data detection device;
      
      analyzing the illegal access data received by the receiving;
      
      generating response data to the illegal access data based upon an analysis result from the analyzing; and
      
      transmitting the response data generated by the generating to the illegal access data detection device.
  - 12. The method of claim 10, generates response data having same contents as those of response data that would be generated by a specific data communication device placed in the internal communication network in response to the illegal access data if the specific data communication device received the illegal access data.

13. A method for responding to unauthorized access packet to an internal communications network, comprising:
- receiving an encapsulated unauthorized access packet at a data center placed outside the internal network, and wherein the unauthorized access packet is redirected from a target server residing within the internal network;
  
  analyzing the received packet to formulate a response packet;
  
  encapsulating the response packet so that it appears to originate from the target server; and
  
  sending the encapsulated response packet to a network device, wherein the network device is within the internal network, andwherein the network device decapsulates the encapsulated response packet and forwards the decapsulated packet to the source of the unauthorized access packet.
- View Dependent Claims (14, 15, 16)
- - 14. The method according to claim 13, further comprising:
    - determining if the encapsulated unauthorized access packet was transmitted from a client;
      
      judging whether data of the encapsulated unauthorized access packet came from an unauthorized source;
      
      analyzing the encapsulated unauthorized access packet based upon data from a knowledge base; and
      
      notifying a decoy server of the analysis result.
  - 15. The method according to claim 14, further comprising:
    - referring to a client database; and
      
      collating the encapsulated unauthorized access packet with information contained in the client database.
  - 16. The method according to claim 14, further comprising:
    - accessing a knowledge base having information associated with past encapsulated unauthorized access packets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mitsubishi Denki Kabushiki Kaisha (Mitsubishi Electric Corporation)
Original Assignee
Mitsubishi Denki Kabushiki Kaisha (Mitsubishi Electric Corporation)
Inventors
Inada, Toru, Miyagawa, Akiko, Ushirozawa, Shinobu
Primary Examiner(s)
Barron; Gilberto
Assistant Examiner(s)
Nobahar; Abdulhakim

Application Number

US09/991,932
Publication Number

US 20020112190A1
Time in Patent Office

2,332 Days
Field of Search

713/201, 713/182, 726/23, 726/27
US Class Current

726/23
CPC Class Codes

H04L 63/12   Applying verification of th...

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

H04L 63/1491   using deception as counterm...

H04L 63/20   for managing network securi...

Illegal access data handling apparatus and method for handling illegal access data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Illegal access data handling apparatus and method for handling illegal access data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others