Systems and methods for distributed network protection

US 7,698,444 B2
Filed: 03/22/2007
Issued: 04/13/2010
Est. Priority Date: 05/31/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A communications network protection system, the system comprising:

one or more protected communications networks, including one or more computers or devices that serve as a target of a hacker attack over the protected communications networks;

one or more first level monitoring centers monitoring hacker attacks over the protected communications networks in a geographical area or an organizational structure corresponding to the protected communications networks;

one or more second level monitoring centers receiving from the first level monitoring centers information regarding the hacker attacks in the geographical area or the organizational structure corresponding to the protected communications networks and determining appropriate retaliatory or legal action against the hacker attacks;

one or more third level monitoring centers receiving from the second level monitoring centers information regarding the hacker attacks and determining an overall security condition of the protected communications networks;

one or more centralized databases located within respective of the third level monitoring centers for maintaining information regarding the overall security condition of the protected communications networks; and

one or more distributed databases linked to the centralized databases and located within respective of the first and second level monitoring centers for maintaining respective information regarding the monitored hacker attacks in the geographical area or the organizational structure corresponding to the protected communications networks and the determined appropriate retaliatory or legal action against the hacker attacks,wherein the first level monitoring centers receive information on a hacker attack in progress over the protected communications networks from the protected communications networks and based on a referral from a site of the protected communications networks that was attacked pose as the attacked site to an attacker for positive identification of the attacker, andonce the hacker attack is confirmed, the attacked site or one of the first level monitoring centers sends a response to the attacker and including a concealed flag in the response for detection of the response via the flag, as the response passes through communications networks, for identifying the origin of the hacker attack and locations of previous attacks related to the hacker attack.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

By distributing various information and monitoring centers that monitor distributed networks and unauthorized access attempts, it is possible to, for example, more quickly defend against an unauthorized access attempts. For example, a Level 1 monitoring center could monitor a predetermined geographical area serving, for example, a wide variety of commercial and public sites, an organizational structure, or the like, for alarms. Upon analyzing an alarm for various characteristics, the Level 1 monitoring center can refer the unauthorized access attempt to an appropriate Level 2 center for, for example, possible retaliatory and/or legal action. Then, a Level 3 monitoring center can record and maintain an overall picture of the security of one or more networks, the plurality of monitoring centers and information about one or more hacking attempts.

Citations

27 Claims

1. A communications network protection system, the system comprising:
- one or more protected communications networks, including one or more computers or devices that serve as a target of a hacker attack over the protected communications networks;
  
  one or more first level monitoring centers monitoring hacker attacks over the protected communications networks in a geographical area or an organizational structure corresponding to the protected communications networks;
  
  one or more second level monitoring centers receiving from the first level monitoring centers information regarding the hacker attacks in the geographical area or the organizational structure corresponding to the protected communications networks and determining appropriate retaliatory or legal action against the hacker attacks;
  
  one or more third level monitoring centers receiving from the second level monitoring centers information regarding the hacker attacks and determining an overall security condition of the protected communications networks;
  
  one or more centralized databases located within respective of the third level monitoring centers for maintaining information regarding the overall security condition of the protected communications networks; and
  
  one or more distributed databases linked to the centralized databases and located within respective of the first and second level monitoring centers for maintaining respective information regarding the monitored hacker attacks in the geographical area or the organizational structure corresponding to the protected communications networks and the determined appropriate retaliatory or legal action against the hacker attacks,wherein the first level monitoring centers receive information on a hacker attack in progress over the protected communications networks from the protected communications networks and based on a referral from a site of the protected communications networks that was attacked pose as the attacked site to an attacker for positive identification of the attacker, andonce the hacker attack is confirmed, the attacked site or one of the first level monitoring centers sends a response to the attacker and including a concealed flag in the response for detection of the response via the flag, as the response passes through communications networks, for identifying the origin of the hacker attack and locations of previous attacks related to the hacker attack.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the hacker attacks are determined by the first level monitoring centers based on real-time unauthorized access attempt alarms received from the protected communications networks.
  - 3. The system of claim 1, wherein the geographical area includes commercial and public sites corresponding to the protected communications networks.
  - 4. The system of claim 1, wherein the organizational structure includes law enforcement, Department of Defense, Armed Forces, government, commercial organizations, or e-commerce sites corresponding to the protected communications networks.
  - 5. The system of claim 1, wherein the second level monitoring centers receive referrals from the first level monitoring centers and make a decision on possible retaliatory action or other action if warranted based on a nature of an attack.
  - 6. The system of claim 1, wherein the third level monitoring centers collect and analyze information received from the second level monitoring centers to monitor the overall security condition of the protected communications networks, including a national cyberspace of one or more countries.
  - 7. The system of claim 1, wherein the protected communications networks include one or more unauthorized access attempt detection systems for determining the hacker attacks and reporting the hacker attacks to the first level monitoring centers.
  - 8. The system of claim 7, wherein the unauthorized access attempt detection systems are embedded in a firewall or operating system of the protected communications networks to gather information about an unauthorized access in real-time or near real-time and provide the gathered information to the first level monitoring centers.
  - 9. The system of claim 1, wherein the centralized and distributed databases include mechanisms to shield from unauthorized access, to host data, to store detailed data regarding a hacker or attacker, and to store data regarding law enforcement and links to law enforcement agencies.

10. A communications network protection method, the method comprising:
- monitoring, via one or more first level monitoring centers, hacker attacks for one or more protected communications networks, including one or more computers or devices that serve as a target of a hacker attack over the protected communications networks, including monitoring hacker attacks over the protected communications networks in a geographical area or an organizational structure corresponding to the protected communications networks;
  
  receiving, via one or more second level monitoring centers, information from the first level monitoring centers regarding the hacker attacks in the geographical area or the organizational structure corresponding to the protected communications networks, including determining appropriate retaliatory or legal action against the hacker attacks;
  
  receiving, via one or more third level monitoring centers, information from the second level monitoring centers regarding the hacker attacks, including determining an overall security condition of the protected communications networks;
  
  maintaining, via one or more centralized databases located within respective of the third level monitoring centers, information regarding the overall security condition of the protected communications networks; and
  
  maintaining, via one or more distributed databases linked to the centralized databases and located within respective of the first and second level monitoring centers, respective information regarding the monitored hacker attacks in the geographical area or the organizational structure corresponding to the protected communications networks and the determined appropriate retaliatory or legal action against the hacker attacks,wherein the first level monitoring centers receive information on a hacker attack in progress over the protected communications networks from the protected communications networks and based on a referral from a site of the protected communications networks that was attacked pose as the attacked site to an attacker for positive identification of the attacker andonce the hacker attack is confirmed, the attacked site or one of the first level monitoring centers sends a response to the attacker and including a concealed flag in the response for detection of the response via the flag, as the response passes through communications networks, for identifying the origin of the hacker attack and locations of previous attacks related to the hacker attack.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, wherein the hacker attacks are determined by the first level monitoring centers based on real-time unauthorized access attempt alarms received from the protected communications networks.
  - 12. The method of claim 10, wherein the geographical area includes commercial and public sites corresponding to the protected communications networks.
  - 13. The method of claim 10, wherein the organizational structure includes law enforcement, Department of Defense, Armed Forces, government, commercial organizations, or e-commerce sites corresponding to the protected communications networks.
  - 14. The method of claim 10, wherein the second level monitoring centers receive referrals from the first level monitoring centers and make a decision on possible retaliatory action or other action if warranted based on a nature of an attack.
  - 15. The method of claim 10, wherein the third level monitoring centers collect and analyze information received from the second level monitoring centers to monitor the overall security condition of the protected communications networks, including a national cyberspace of one or more countries.
  - 16. The method of claim 10, wherein the protected communications networks include one or more unauthorized access attempt detection systems for determining the hacker attacks and reporting the hacker attacks to the first level monitoring centers.
  - 17. The method of claim 16, wherein the unauthorized access attempt detection systems are embedded in a firewall or operating system of the protected communications networks to gather information about an unauthorized access in real-time or near real-time and provide the gathered information to the first level monitoring centers.
  - 18. The method of claim 10, wherein the centralized and distributed databases include mechanisms to shield from unauthorized access, to host data, to store detailed data regarding a hacker or attacker, and to store data regarding law enforcement and links to law enforcement agencies.

19. A computer program product for communications network protection, including one or more computer readable instructions stored on a computer readable medium and configured to cause one or more computer processors to perform the steps of:
- monitoring, via one or more first level monitoring centers, hacker attacks for one or more protected communications networks, including one or more computers or devices that serve as a target of a hacker attack over the protected communications networks, including monitoring hacker attacks over the protected communications networks in a geographical area or an organizational structure corresponding to the protected communications networks;
  
  receiving, via one or more second level monitoring centers, information from the first level monitoring centers regarding the hacker attacks in the geographical area or the organizational structure corresponding to the protected communications networks, including determining appropriate retaliatory or legal action against the hacker attacks;
  
  receiving, via one or more third level monitoring centers, information from the second level monitoring centers regarding the hacker attacks, including determining an overall security condition of the protected communications networks;
  
  maintaining, via one or more centralized databases located within respective of the third level monitoring centers, information regarding the overall security condition of the protected communications networks; and
  
  maintaining, via one or more distributed databases linked to the centralized databases and located within respective of the first and second level monitoring centers, respective information regarding the monitored hacker attacks in the geographical area or the organizational structure corresponding to the protected communications networks and the determined appropriate retaliatory or legal action against the hacker attacks,wherein the first level monitoring centers receive information on a hacker attack in progress over the protected communications networks from the protected communications networks and based on a referral from a site of the protected communications networks that was attacked pose as the attacked site to an attacker for positive identification of the attacker, andonce the hacker attack is confirmed, the attacked site or one of the first level monitoring centers sends a response to the attacker and including a concealed flag in the response for detection of the response via the flag, as the response passes through communications networks, for identifying the origin of the hacker attack and locations of previous attacks related to the hacker attack.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The computer program product of claim 19, wherein the hacker attacks are determined by the first level monitoring centers based on real-time unauthorized access attempt alarms received from the protected communications networks.
  - 21. The computer program product of claim 19, wherein the geographical area includes commercial and public sites corresponding to the protected communications networks.
  - 22. The computer program product of claim 19, wherein the organizational structure includes law enforcement, Department of Defense, Armed Forces, government, commercial organizations, or e-commerce sites corresponding to the protected communications networks.
  - 23. The computer program product of claim 19, wherein the second level monitoring centers receive referrals from the first level monitoring centers and make a decision on possible retaliatory action or other action if warranted based on a nature of an attack.
  - 24. The computer program product of claim 19, wherein the third level monitoring centers collect and analyze information received from the second level monitoring centers to monitor the overall security condition of the protected communications networks, including a national cyberspace of one or more countries.
  - 25. The computer program product of claim 19, wherein the protected communications networks include one or more unauthorized access attempt detection systems for determining the hacker attacks and reporting the hacker attacks to the first level monitoring centers.
  - 26. The computer program product of claim 25, wherein the unauthorized access attempt detection systems are embedded in a firewall or operating system of the protected communications networks to gather information about an unauthorized access in real-time or near real-time and provide the gathered information to the first level monitoring centers.
  - 27. The computer program product of claim 19, wherein the centralized and distributed databases include mechanisms to shield from unauthorized access, to host data, to store detailed data regarding a hacker or attacker, and to store data regarding law enforcement and links to law enforcement agencies.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Invicta Networks, Inc.
Original Assignee
Invicta Networks, Inc.
Inventors
Sheymov, Victor I., Turner, Roger B.
Primary Examiner(s)
Pwu; Jeffrey
Assistant Examiner(s)
Smarth; Gerald

Application Number

US11/723,793
Publication Number

US 20070168532A1
Time in Patent Office

1,118 Days
Field of Search

709/224, 709/227, 709/229, 726/16, 726/23, 726/27, 726/22
US Class Current

709/229
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/554   involving event detection a...

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/30   for supporting lawful inter...

Systems and methods for distributed network protection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for distributed network protection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links