Distributed peer attack alerting

US 7,779,465 B2
Filed: 05/26/2006
Issued: 08/17/2010
Est. Priority Date: 05/26/2006
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for distributed peer attack alerting comprising:

accessing a peer community, said peer community comprising a plurality of nodes comprising a network wherein at least one of said plurality of nodes comprises access to an attack identifier;

identifying an attack at a first one of said plurality of nodes comprising access to said attack identifier;

transmitting an alert petition to others of said plurality of nodes, said alert petition comprising information associated with said attack;

automatically configuring at least one attack detection system associated with one of said plurality of nodes in response to said alert petition;

determining, by a second one of said plurality of nodes, whether said alert petition has expired;

transmitting, from said second one of said plurality of nodes, an indication of an expiration of said alert petition to others of said plurality of nodes to invalidate said alert petition when said alert petition is determined to have expired;

determining, by said second one of said plurality of nodes, whether a threshold value has been reached; and

creating and transmitting a command, based at least partially on said alert petition, to a second plurality of nodes instructing the second plurality of nodes to protect themselves from said attack when said threshold value is determined to have been reached.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for distributed peer attack alerting is disclosed. The method includes accessing a peer community wherein the peer community comprises a plurality of nodes comprising a network and wherein at least one of the plurality of nodes comprises an attack identifier. The method further includes identifying an attack at one of the plurality of nodes. In addition, the method includes transmitting an alert to the plurality of nodes, the alert comprising information associated with the attack and automatically configuring at least one attack identifier associated with one of the plurality of nodes in response to the alert.

Citations

20 Claims

1. A computer implemented method for distributed peer attack alerting comprising:
- accessing a peer community, said peer community comprising a plurality of nodes comprising a network wherein at least one of said plurality of nodes comprises access to an attack identifier;
  
  identifying an attack at a first one of said plurality of nodes comprising access to said attack identifier;
  
  transmitting an alert petition to others of said plurality of nodes, said alert petition comprising information associated with said attack;
  
  automatically configuring at least one attack detection system associated with one of said plurality of nodes in response to said alert petition;
  
  determining, by a second one of said plurality of nodes, whether said alert petition has expired;
  
  transmitting, from said second one of said plurality of nodes, an indication of an expiration of said alert petition to others of said plurality of nodes to invalidate said alert petition when said alert petition is determined to have expired;
  
  determining, by said second one of said plurality of nodes, whether a threshold value has been reached; and
  
  creating and transmitting a command, based at least partially on said alert petition, to a second plurality of nodes instructing the second plurality of nodes to protect themselves from said attack when said threshold value is determined to have been reached.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer implemented method as described in claim 1 further comprising:
    - determining a classification type associated with said attack; and
      
      analyzing a characteristic value associated with said classification type.
  - 3. The computer implemented method of claim 2 further comprising:
    - accessing a threshold value associated with said classification type; and
      
      comparing said accessed threshold value to said characteristic value.
  - 4. The computer implemented method of claim 1 further comprising:
    - electing one of said plurality of nodes to be a leader node of said plurality of nodes.
  - 5. The computer implemented method as described in claim 1 wherein said command comprises instructions to recover from or prevent said attack.
  - 6. The computer implemented method as described in claim 5 wherein said instructions are time-based.
  - 7. The computer implemented method as described in claim 1 wherein said command is digitally signed by one of said plurality of nodes on said network.

8. A storage device having instructions recorded therein, such that when the instructions are executed, a computer system performs a method for distributed peer attack alerting, said computer-implemented method comprising:
- identifying an attack at one of a plurality of nodes of a network, said one of said plurality of nodes comprising access to an attack detector;
  
  generating an alert petition associated with said attack, said alert petition comprising information associated with said attack;
  
  automatically configuring at least one attack detector associated with one of said plurality of nodes in response to said alert petition;
  
  determining whether a threshold value associated with said alert petition has been reached;
  
  creating and circulating a command, based at least partially on said alert petition, to a second plurality of nodes instructing the second plurality of nodes to protect themselves from said attack when said threshold value is determined to have been reached; and
  
  changing said threshold value based on surrounding environmental conditions, whereinthe storage device is one of a computer-usable volatile memory, a computer-usable non-volatile memory, a peripheral computer readable medium, or a data storage unit.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The storage device as described in claim 8, wherein the method further comprises:
    - transmitting said alert petition to one or more of said plurality of nodes.
  - 10. The storage device as described in claim 8, wherein the method further comprises:
    - classifying said alert petition to a particular attack type category; and
      
      determining a characteristic value associated with said attack type category.
  - 11. The storage device as described in claim 10, wherein the method further comprises:
    - comparing said characteristic value associated with said attack type category to a second threshold value associated with said attack type category.
  - 12. The storage device of claim 11, wherein the method further comprises:
    - performing a first action in response to said characteristic value less than said second threshold value and performing a second action in response to said characteristic value greater than said second threshold value.
  - 13. The storage device of claim 8, wherein the method further comprises:
    - determining one of said plurality of nodes to be a leader node of said plurality of nodes.
  - 14. The storage device as described in claim 8 wherein said alert petition comprises instructions to configure said attack detector in response to said attack.

15. A system for distributed peer attack alerting comprising:
- a first node of a plurality of nodes of a network, said first node being configured for detecting an attack at said first node and for transmitting an alert petition to others of said plurality of nodes in response to detection of said attack, said alert petition comprising information associated with said attack, and said alert petition being a petition for proposing to take an action on said detected attack, wherein;
  
  at least one of said plurality of nodes has an associated attack detection system which is further configured in response to said alert petition, andsaid first node is further configured to avoid transmitting a duplicate alert petition by checking whether said first node is about to generate an alert petition with duplicate properties with respect to said transmitted alert petition;
  
  wherein each of said plurality of nodes comprises at least one microprocessor.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system as described in claim 15 wherein one or more of said plurality of nodes is a leader node.
  - 17. The system as described in claim 15, wherein one of said plurality of nodes is configured to classify said attack to a particular type.
  - 18. The system as described in claim 15, wherein one of said plurality of nodes is configured to classify said attack into one or more classification types and to analyze characteristics associated with said attack.
  - 19. The system as described in claim 15, wherein said first node is further configured to vote for said alert petition instead of transmitting said duplicate alert petition when said first node determines that said first node is about to generate said duplicate alert petition.
  - 20. The system of claim 16, wherein:
    - said leader node is configured to create and transmit an alert, based at least partially on said alert petition, when a threshold value has been reached, said alert including instructions to protect against said attack, andsaid threshold value is adjustable based on environmental conditions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Hartrell, Gregory D., Baker, Arthur H., Ellison, Carl
Primary Examiner(s)
Vu; Kimyen
Assistant Examiner(s)
Zee; Edward

Application Number

US11/441,508
Publication Number

US 20070277242A1
Time in Patent Office

1,544 Days
Field of Search

726 22- 25
US Class Current

726/22
CPC Class Codes

G06F 21/554   involving event detection a...

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

Distributed peer attack alerting

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed peer attack alerting

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links