System and method for monitoring network traffic

US 8,375,447 B2
Filed: 12/09/2009
Issued: 02/12/2013
Est. Priority Date: 08/19/2004
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

reserving a plurality of network addresses within a public network;

by a network server, creating a virtual private network using the plurality of network addresses;

by the network server, assigning a network address to a trap, the network address being a dark address of the virtual private network;

by the network server, monitoring network traffic destined for the network address;

by the network server, gathering data regarding the network traffic including determining a level of the network traffic destined for the network address; and

by the network server, comparing the level of traffic to a predetermined threshold level to determine whether the network traffic is unauthorized.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described is a method of assigning a network address to a trap, the network address being a dark address of a virtual private network. The network traffic destined for the network address is monitored and a classification of the network traffic is determined. After the classification, a predetermined response is executed based on the classification of the traffic.

48 Citations

View as Search Results

19 Claims

1. A method, comprising:
- reserving a plurality of network addresses within a public network;
  
  by a network server, creating a virtual private network using the plurality of network addresses;
  
  by the network server, assigning a network address to a trap, the network address being a dark address of the virtual private network;
  
  by the network server, monitoring network traffic destined for the network address;
  
  by the network server, gathering data regarding the network traffic including determining a level of the network traffic destined for the network address; and
  
  by the network server, comparing the level of traffic to a predetermined threshold level to determine whether the network traffic is unauthorized.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method according to claim 1, wherein the trap is a honeypot.
  - 3. The method according to claim 2, wherein the honeypot includes at least one of an application, an object, a document, a page, a file, a portion of computer code, a computational resource, a communication-type resource, a server and a network of servers.
  - 4. The method according to claim 1, wherein the dark address is an unassigned network address from the plurality of network addresses.
  - 5. The method according to claim 1, further comprising:
    - identifying a weakness of the virtual private network; and
      
      eliminating the weakness.
  - 6. The method according to claim 1, further comprising:
    - sharing the data with at least one further virtual private network.

7. A system, comprising:
- a server coupled to a first computer network and a second computer network, the server comprising a processor and computer readable media that, when executed by the processor, causes the processor to;
  
  reserve an address space within the second computer network for the first computer network;
  
  install a trap in the address space for monitoring network traffic to the address space;
  
  monitor network traffic destined for the network address, and gather data regarding the network traffic including a level of the network traffic destined for the network address; and
  
  compare the level of traffic to a predetermined threshold level to determine whether the network traffic is unauthorized.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The system according to claim 7, wherein the trap is a honeypot.
  - 9. The system according to claim 8, wherein the honeypot includes at least one of an application, an object, a document, a page, a file, a portion of computer code, a computational resource, a communication-type resource, a server and a network of servers.
  - 10. The system according to claim 7, wherein the address space includes a dark address space and the trap is installed in the dark address space.
  - 11. The system according to claim 10, wherein the dark address space includes at least one unassigned network address within the address space.
  - 12. The system according to claim 7, wherein the server shares the data with at least one further virtual private network.
  - 13. The system according to claim 7, wherein the first computer network is a virtual private network.

14. A computer-readable storage device storing a set of instructions, the set of instructions capable of being executed by a processor, the set of instructions performing the steps of:
- reserving a plurality of network addresses within a public network;
  
  creating a virtual private network using the plurality of network addresses;
  
  assigning a network address to a trap, the network address being a dark address of the virtual private network;
  
  monitoring network traffic destined for the network addresses;
  
  gathering data regarding the network traffic including determining a level of the network traffic destined for the network address; and
  
  comparing the level of traffic to a predetermined threshold level to determine whether the network traffic is unauthorized.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The computer-readable storage device according to claim 14, wherein the trap is a honeypot.
  - 16. The computer-readable storage device according to claim 15, wherein the honeypot includes at least one of an application, an object, a document, a page, a file, a portion of computer code, a computational resource, a communication-type resource, a server, and a network of servers.
  - 17. The computer-readable storage device according to claim 14, wherein the dark address is an unassigned network address from the plurality of network addresses.
  - 18. The computer-readable storage device according to claim 14, wherein the instructions further perform the steps of:
    - identifying a weakness of the virtual private network; and
      
      eliminating the weakness.
  - 19. The computer-readable storage device according to claim 14, wherein the instructions further perform the step of:
    - sharing the data with at least one further virtual private network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property II LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property II LP (AT&T, Inc.)
Inventors
Amoroso, Edward, Krishnamurthy, Balachander, Greenberg, Albert
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US12/653,135
Publication Number

US 20100115622A1
Time in Patent Office

1,161 Days
Field of Search

None
US Class Current

726/23
CPC Class Codes

H04L 43/00   Arrangements for monitoring...

H04L 61/00   Network arrangements, proto...

H04L 61/35   involving non-standard use ...

H04L 63/0272   Virtual private networks

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/1491   using deception as counterm...

System and method for monitoring network traffic

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for monitoring network traffic

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links