Systems and methods for distributed network protection
First Claim
Patent Images
1. A system for protecting a distributed network from unauthorized access, the system comprising:
- first and second intrusion detection systems, respectively including;
first and second intrusion detection modules, andfirst and second communications management modules respectively coupled to the first and second intrusion detection modules; and
an intrusion analysis system coupled to the first and second intrusion detection systems, and including;
an intrusion analysis module, andan intrusion reaction coordination module coupled to the intrusion analysis module,wherein the first intrusion detection module detects a respective possible unauthorized access attempt into a distributed network being protected,the second intrusion detection module detects a respective possible unauthorized access attempt within the distributed network being protected,the first and second communications management modules are coupled to the intrusion analysis module and forward to the intrusion analysis module respective information regarding the respective detected possible unauthorized access attempt,the intrusion analysis module determines based on the respective information regarding the respective detected possible unauthorized access attempt whether or not the respective detected possible unauthorized access attempt is authorized,if the intrusion analysis module determines that the respective detected possible unauthorized access attempt is authorized, the intrusion analysis module respectively forwards, via the first and second communications management modules, respective information to the first and second intrusion detection modules that the respective possible unauthorized access attempt is authorized, andif the intrusion analysis module determines that the respective detected possible unauthorized access attempt is not authorized, the intrusion analysis module determines, via the intrusion reaction coordination module, appropriate actions, including (i) forwarding respective information regarding the respective detected unauthorized access attempt into the distributed network being protected to a monitoring center external to the distributed network being protected, and processing respective information from the monitoring center regarding the respective detected unauthorized access attempt into the distributed network being protected, (ii) forwarding respective information regarding the respective detected unauthorized access attempt within the distributed network being protected for handling internally within the distributed network being protected, and processing respective information for internally handling the respective detected unauthorized access attempt within the distributed network being protected, and (iii) forwarding respective information regarding the respective detected unauthorized access attempt within the distributed network being protected to the monitoring center external to the distributed network being protected, and processing respective information from the monitoring center regarding the respective detected unauthorized access attempt within the distributed network being protected,wherein the intrusion analysis system in cooperation with the first and second intrusion detection systems enable communications between the monitoring center and an entity attempting the respective unauthorized access attempt without the entity being made aware that the entity attempting the respective unauthorized access attempt is communicating with the monitoring center,wherein the monitoring center sends information to the analysis system and intended for the entity attempting the unauthorized access attempt, the analysis system substitutes origin information of the monitoring center from the received information with origin information of a target of the respective unauthorized access attempt and forwards the substituted information to the entity attempting the respective unauthorized access attempt, whereby it appears to the entity attempting the respective unauthorized access attempt that communications are continuing with the target of the respective unauthorized access attempt, andwherein the intrusion analysis system in cooperation with the first intrusion detection system engages the entity attempting the respective unauthorized access attempt to determine the location or origin of the entity attempting the respective unauthorized access attempt.
1 Assignment
0 Petitions
Accused Products
Abstract
Through the use of an intermediate party, a first party is given the ability to communicate with a second party, with the communication appearing as if it originated with the intermediate party. Specifically, in a protected network system, the protected network is capable of acting as a conduit through which an entity, such as law enforcement, can communicate with an entity attempting an unauthorized access attempt unbeknownst to the entity attempting the unauthorized access attempt. This allows, for example, the detection and identification of the entity attempting the unauthorized access attempt.
37 Citations
55 Claims
-
1. A system for protecting a distributed network from unauthorized access, the system comprising:
-
first and second intrusion detection systems, respectively including; first and second intrusion detection modules, and first and second communications management modules respectively coupled to the first and second intrusion detection modules; and an intrusion analysis system coupled to the first and second intrusion detection systems, and including; an intrusion analysis module, and an intrusion reaction coordination module coupled to the intrusion analysis module, wherein the first intrusion detection module detects a respective possible unauthorized access attempt into a distributed network being protected, the second intrusion detection module detects a respective possible unauthorized access attempt within the distributed network being protected, the first and second communications management modules are coupled to the intrusion analysis module and forward to the intrusion analysis module respective information regarding the respective detected possible unauthorized access attempt, the intrusion analysis module determines based on the respective information regarding the respective detected possible unauthorized access attempt whether or not the respective detected possible unauthorized access attempt is authorized, if the intrusion analysis module determines that the respective detected possible unauthorized access attempt is authorized, the intrusion analysis module respectively forwards, via the first and second communications management modules, respective information to the first and second intrusion detection modules that the respective possible unauthorized access attempt is authorized, and if the intrusion analysis module determines that the respective detected possible unauthorized access attempt is not authorized, the intrusion analysis module determines, via the intrusion reaction coordination module, appropriate actions, including (i) forwarding respective information regarding the respective detected unauthorized access attempt into the distributed network being protected to a monitoring center external to the distributed network being protected, and processing respective information from the monitoring center regarding the respective detected unauthorized access attempt into the distributed network being protected, (ii) forwarding respective information regarding the respective detected unauthorized access attempt within the distributed network being protected for handling internally within the distributed network being protected, and processing respective information for internally handling the respective detected unauthorized access attempt within the distributed network being protected, and (iii) forwarding respective information regarding the respective detected unauthorized access attempt within the distributed network being protected to the monitoring center external to the distributed network being protected, and processing respective information from the monitoring center regarding the respective detected unauthorized access attempt within the distributed network being protected, wherein the intrusion analysis system in cooperation with the first and second intrusion detection systems enable communications between the monitoring center and an entity attempting the respective unauthorized access attempt without the entity being made aware that the entity attempting the respective unauthorized access attempt is communicating with the monitoring center, wherein the monitoring center sends information to the analysis system and intended for the entity attempting the unauthorized access attempt, the analysis system substitutes origin information of the monitoring center from the received information with origin information of a target of the respective unauthorized access attempt and forwards the substituted information to the entity attempting the respective unauthorized access attempt, whereby it appears to the entity attempting the respective unauthorized access attempt that communications are continuing with the target of the respective unauthorized access attempt, and wherein the intrusion analysis system in cooperation with the first intrusion detection system engages the entity attempting the respective unauthorized access attempt to determine the location or origin of the entity attempting the respective unauthorized access attempt. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A method for protecting a distributed network from unauthorized access for use in a system including first and second intrusion detection systems respectively having first and second intrusion detection modules, and first and second communications management modules coupled to the first and second intrusion detection modules, and intrusion analysis system coupled to the first and second intrusion detection systems, and including an intrusion analysis module, and an intrusion reaction coordination module coupled to the intrusion analysis module, the method comprising:
-
detecting, by the first intrusion detection module, a respective possible unauthorized access attempt into a distributed network being protected; detecting, by the second intrusion detection module, a respective possible unauthorized access attempt within the distributed network being protected; forwarding, by the first and second communications management modules, respective information regarding the respective detected possible unauthorized access attempt to the intrusion analysis module; determining, by the intrusion analysis module, based on the respective information regarding the respective detected possible unauthorized access attempt whether or not the respective detected possible unauthorized access attempt is authorized; if the intrusion analysis module determines that the respective detected possible unauthorized access attempt is authorized, respectively forwarding, by the intrusion analysis module, via the first and second communications management, respective information to the first and second intrusion detection modules that the respective possible unauthorized access attempt is authorized, and if the intrusion analysis module determines that the respective detected possible unauthorized access attempt is not authorized, determining, by the intrusion analysis module, via the intrusion reaction coordination module, appropriate actions, including (i) forwarding respective information regarding the respective detected unauthorized access attempt into the distributed network being protected to a monitoring center extemal to the distributed network being protected, and processing respective information from the monitoring center regarding the respective detected unauthorized access attempt into the distributed network being protected, (ii) forwarding respective information regarding the respective detected unauthorized access attempt within the distributed network being protected for handling internally within the distributed network being protected, and processing respective information for internally handling the respective detected unauthorized access attempt within the distributed network being protected, and (iii) forwarding respective information regarding the respective detected unauthorized access attempt within the distributed network being protected to the monitoring center external to the distributed network being protected. and processing respective information from the monitoring center regarding the respective detected unauthorized access attempt within the distributed network being protected, wherein the intrusion analysis system in cooperation with the first and second intrusion detection systems enable communications between the monitoring center and an entity attempting the respective unauthorized access attempt without the entity being made aware that the entity attempting the respective unauthorized access attempt is communicating with the monitoring center, wherein the monitoring center sends information to the analysis system and intended for the entity attempting the unauthorized access attempt, the analysis system substitutes origin information of the monitoring center from the received information with origin information of a target of the respective unauthorized access attempt and forwards the substituted information to the entity attempting the respective unauthorized access attempt, whereby it appears to the entity attempting the respective unauthorized access attempt that communications are continuing with the target of the respective unauthorized access attempt, and wherein the intrusion analysis system in cooperation with the first intrusion detection system engages the entity attempting the respective unauthorized access attempt to determine the location or origin of the entity attempting the respective unauthorized access attempt. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55)
-
Specification