Systems and methods for distributed network protection
First Claim
1. A communications network protection system, the system comprising:
- one or more protected communications networks, including one or more computers or devices that serve as a target of a hacker attack over the protected communications networks;
one or more first level monitoring centers monitoring hacker attacks over the protected communications networks in a geographical area or an organizational structure corresponding to the protected communications networks;
one or more second level monitoring centers receiving from the first level monitoring centers information regarding the hacker attacks in the geographical area or the organizational structure corresponding to the protected communications networks and determining appropriate retaliatory or legal action against the hacker attacks;
one or more third level monitoring centers receiving from the second level monitoring centers information regarding the hacker attacks and determining an overall security condition of the protected communications networks;
one or more centralized databases located within respective of the third level monitoring centers for maintaining information regarding the overall security condition of the protected communications networks; and
one or more distributed databases linked to the centralized databases and located within respective of the first and second level monitoring centers for maintaining respective information regarding the monitored hacker attacks in the geographical area or the organizational structure corresponding to the protected communications networks and the determined appropriate retaliatory or legal action against the hacker attacks,wherein the first level monitoring centers receive information on a hacker attack in progress over the protected communications networks from the protected communications networks and based on a referral from a site of the protected communications networks that was attacked pose as the attacked site to an attacker for positive identification of the attacker, andonce the hacker attack is confirmed, the attacked site or one of the first level monitoring centers sends a response to the attacker and including a concealed flag in the response for detection of the response via the flag, as the response passes through communications networks, for identifying the origin of the hacker attack and locations of previous attacks related to the hacker attack.
1 Assignment
0 Petitions
Accused Products
Abstract
By distributing various information and monitoring centers that monitor distributed networks and unauthorized access attempts, it is possible to, for example, more quickly defend against an unauthorized access attempts. For example, a Level 1 monitoring center could monitor a predetermined geographical area serving, for example, a wide variety of commercial and public sites, an organizational structure, or the like, for alarms. Upon analyzing an alarm for various characteristics, the Level 1 monitoring center can refer the unauthorized access attempt to an appropriate Level 2 center for, for example, possible retaliatory and/or legal action. Then, a Level 3 monitoring center can record and maintain an overall picture of the security of one or more networks, the plurality of monitoring centers and information about one or more hacking attempts.
-
Citations
27 Claims
-
1. A communications network protection system, the system comprising:
-
one or more protected communications networks, including one or more computers or devices that serve as a target of a hacker attack over the protected communications networks; one or more first level monitoring centers monitoring hacker attacks over the protected communications networks in a geographical area or an organizational structure corresponding to the protected communications networks; one or more second level monitoring centers receiving from the first level monitoring centers information regarding the hacker attacks in the geographical area or the organizational structure corresponding to the protected communications networks and determining appropriate retaliatory or legal action against the hacker attacks; one or more third level monitoring centers receiving from the second level monitoring centers information regarding the hacker attacks and determining an overall security condition of the protected communications networks; one or more centralized databases located within respective of the third level monitoring centers for maintaining information regarding the overall security condition of the protected communications networks; and one or more distributed databases linked to the centralized databases and located within respective of the first and second level monitoring centers for maintaining respective information regarding the monitored hacker attacks in the geographical area or the organizational structure corresponding to the protected communications networks and the determined appropriate retaliatory or legal action against the hacker attacks, wherein the first level monitoring centers receive information on a hacker attack in progress over the protected communications networks from the protected communications networks and based on a referral from a site of the protected communications networks that was attacked pose as the attacked site to an attacker for positive identification of the attacker, and once the hacker attack is confirmed, the attacked site or one of the first level monitoring centers sends a response to the attacker and including a concealed flag in the response for detection of the response via the flag, as the response passes through communications networks, for identifying the origin of the hacker attack and locations of previous attacks related to the hacker attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A communications network protection method, the method comprising:
-
monitoring, via one or more first level monitoring centers, hacker attacks for one or more protected communications networks, including one or more computers or devices that serve as a target of a hacker attack over the protected communications networks, including monitoring hacker attacks over the protected communications networks in a geographical area or an organizational structure corresponding to the protected communications networks; receiving, via one or more second level monitoring centers, information from the first level monitoring centers regarding the hacker attacks in the geographical area or the organizational structure corresponding to the protected communications networks, including determining appropriate retaliatory or legal action against the hacker attacks; receiving, via one or more third level monitoring centers, information from the second level monitoring centers regarding the hacker attacks, including determining an overall security condition of the protected communications networks; maintaining, via one or more centralized databases located within respective of the third level monitoring centers, information regarding the overall security condition of the protected communications networks; and maintaining, via one or more distributed databases linked to the centralized databases and located within respective of the first and second level monitoring centers, respective information regarding the monitored hacker attacks in the geographical area or the organizational structure corresponding to the protected communications networks and the determined appropriate retaliatory or legal action against the hacker attacks, wherein the first level monitoring centers receive information on a hacker attack in progress over the protected communications networks from the protected communications networks and based on a referral from a site of the protected communications networks that was attacked pose as the attacked site to an attacker for positive identification of the attacker and once the hacker attack is confirmed, the attacked site or one of the first level monitoring centers sends a response to the attacker and including a concealed flag in the response for detection of the response via the flag, as the response passes through communications networks, for identifying the origin of the hacker attack and locations of previous attacks related to the hacker attack. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer program product for communications network protection, including one or more computer readable instructions stored on a computer readable medium and configured to cause one or more computer processors to perform the steps of:
-
monitoring, via one or more first level monitoring centers, hacker attacks for one or more protected communications networks, including one or more computers or devices that serve as a target of a hacker attack over the protected communications networks, including monitoring hacker attacks over the protected communications networks in a geographical area or an organizational structure corresponding to the protected communications networks; receiving, via one or more second level monitoring centers, information from the first level monitoring centers regarding the hacker attacks in the geographical area or the organizational structure corresponding to the protected communications networks, including determining appropriate retaliatory or legal action against the hacker attacks; receiving, via one or more third level monitoring centers, information from the second level monitoring centers regarding the hacker attacks, including determining an overall security condition of the protected communications networks; maintaining, via one or more centralized databases located within respective of the third level monitoring centers, information regarding the overall security condition of the protected communications networks; and maintaining, via one or more distributed databases linked to the centralized databases and located within respective of the first and second level monitoring centers, respective information regarding the monitored hacker attacks in the geographical area or the organizational structure corresponding to the protected communications networks and the determined appropriate retaliatory or legal action against the hacker attacks, wherein the first level monitoring centers receive information on a hacker attack in progress over the protected communications networks from the protected communications networks and based on a referral from a site of the protected communications networks that was attacked pose as the attacked site to an attacker for positive identification of the attacker, and once the hacker attack is confirmed, the attacked site or one of the first level monitoring centers sends a response to the attacker and including a concealed flag in the response for detection of the response via the flag, as the response passes through communications networks, for identifying the origin of the hacker attack and locations of previous attacks related to the hacker attack. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
Specification