×

Detecting and defending against man-in-the-middle attacks

  • US 8,522,349 B2
  • Filed: 03/28/2012
  • Issued: 08/27/2013
  • Est. Priority Date: 05/25/2007
  • Status: Expired due to Fees
First Claim
Patent Images

1. A system comprising:

  • at least one computing device configured to defend against man in the middle (MITM) attacks directed at a target server, the at least computing device comprising;

    an activity recording system that records an incoming IP address, user id, andtime of each session occurring with the target server;

    a list checking system for performing the following;

    comparing a single incoming IP address with a white list; and

    comparing the single incoming IP address with a black list afterthe comparing of the single incoming IP address with the white list and after determining that the single incoming IP address is not present on the white list;

    an activity analysis system that performs the following after the list checking system compares the single incoming IP address with the black list, and after determining that the single incoming IP address is not present on the black list;

    searches for records of a previous login attempt from the single incoming IP address;

    determines a number of user ids occurring from the single incoming IP address during a predefined time period;

    compares the number of user ids occurring from the single incoming IP address to a predefined threshold number of user ids specific to the predefined time period; and

    identifies the single incoming IP address as a suspect IP address in response to the number of user ids occurring from the single incoming IP address exceeding the threshold within the predefined time period; and

    a countermeasure system for taking action against the suspect IP address.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×