Apparatus and method for defending against internet-based attacks

US 8,707,428 B2
Filed: 08/05/2010
Issued: 04/22/2014
Est. Priority Date: 08/05/2010
Status: Expired due to Fees

First Claim

Patent Images

1. A method for defending against internet-based attacks, the method comprising:

receiving a script request when a web request is transmitted by a device to a customer server to access a web page, wherein the script request is generated based on a code segment of the web page;

determining that the web request was generated by a script if the script request is not received and if there is no data for a challenge status associated with the device;

receiving information associated with the device based on the script request generated based on the code segment;

determining, utilizing instructions stored in memory and executed by a processor, whether traffic associated with the web request from the device to the customer server is suspected of being used for malicious activity;

enabling the device to access the web page if the traffic is determined not to be suspected of being used for malicious activity;

transmitting a challenge to the device if the traffic is determined to be suspected of being used for malicious activity;

receiving information associated with the web request, wherein the information associated with the web request is provided by a uniform resource locator invoked in response to the traffic being determined to be suspected of being used for malicious activity; and

authorizing the device to access the web page based on a correct response to the challenge being received from the device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for defending against internet-based attacks is disclosed. The system may include a processor which may be configured to receive information associated with a device when a web request is transmitted by the device to access a web page monitored by the processor. The processor may also determine whether traffic associated with the web request from the device is suspected of being used for malicious activity and, if not, enable the device to access the web page. If the traffic is suspected of being used for malicious activity, then the processor may transmit a challenge to the device if the traffic is determined to be suspected. Furthermore, the processor may receive information associated with the web request, which may be provided by a uniform resource locator invoked in response to the traffic being determined to be suspected.

18 Citations

View as Search Results

20 Claims

1. A method for defending against internet-based attacks, the method comprising:
- receiving a script request when a web request is transmitted by a device to a customer server to access a web page, wherein the script request is generated based on a code segment of the web page;
  
  determining that the web request was generated by a script if the script request is not received and if there is no data for a challenge status associated with the device;
  
  receiving information associated with the device based on the script request generated based on the code segment;
  
  determining, utilizing instructions stored in memory and executed by a processor, whether traffic associated with the web request from the device to the customer server is suspected of being used for malicious activity;
  
  enabling the device to access the web page if the traffic is determined not to be suspected of being used for malicious activity;
  
  transmitting a challenge to the device if the traffic is determined to be suspected of being used for malicious activity;
  
  receiving information associated with the web request, wherein the information associated with the web request is provided by a uniform resource locator invoked in response to the traffic being determined to be suspected of being used for malicious activity; and
  
  authorizing the device to access the web page based on a correct response to the challenge being received from the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising transmitting an alternate web page to the device based on data selected from the group consisting of an incorrect response being received from the device in response to the challenge, no response being received from the device in response to the challenge, the information associated with the device, and the information associated with the web request.
  - 3. The method of claim 1, further comprising transmitting an additional challenge to the device if an incorrect response to the challenge is received from the device.
  - 4. The method of claim 1, further comprising adding an internet protocol address associated with the device to a black list if one of an incorrect response to the challenge is received from the device and no response to the challenge is received from the device.
  - 5. The method of claim 1, further comprising determining a traffic pattern associated with the traffic based on the information associated with the web request, adding an identifier associated with the device to a black list if the traffic pattern is determined to be abusive, and adding an identifier associated with the device to a white list if the traffic pattern is determined to not be abusive.
  - 6. The method of claim 1, further comprising inserting the code segment into the web page, wherein the code segment is utilized to provide the information associated with the device attempting to access the web page.
  - 7. The method of claim 1, further comprising authorizing the device to access the web page based on the information associated with the device, wherein the information associated with the device is selected from the group consisting of an internet protocol address, a uniform resource locator associated with the web page, and header field information.
  - 8. The method of claim 1, further comprising authorizing the device to access the web page based on the information associated with the web request, wherein the information associated with the web request is selected from the group consisting of a session identifier, an internet protocol address, a user agent string associated with a header, and a uniform resource locator associated with the web page.
  - 9. The method of claim 1, wherein the challenge is selected from the group consisting of a puzzle, a captcha, a questionnaire, and a password request.

10. A system for defending against internet-based attacks, the system comprising:
- a memory that stores instructions;
  
  a processor that executes the instructions to perform operations, the operations comprising;
  
  receiving a script request when a web request is transmitted by a device to a customer server to access a web page, wherein the script request is generated based on a code segment of the web page;
  
  determining that the web request was generated by a script if the script request is not received and if there is no data for a challenge status associated with the device;
  
  receiving information associated with the device when the web request is transmitted by the device to access the web page monitored by the electronic data processor;
  
  determining if traffic associated with the web request from the device is suspected of being used for malicious activity;
  
  enabling the device to access the web page if the traffic is determined not to be suspected of being used for malicious activity;
  
  transmitting a challenge to the device if the traffic is determined to be suspected of being used for malicious activity;
  
  receiving information associated with the web request, wherein the information associated with the web request is provided by a uniform resource locator invoked in response to the traffic being determined to be suspected of being used for malicious activity; and
  
  authorizing the device to access the web page based on a correct response to the challenge being received from the device.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The system of claim 10, wherein the operations further comprise denying the device access to the web page based on data selected from the group consisting of an incorrect response to the challenge being received from the device, a response to the challenge not being received from the device, negative results from analysis of the information associated with the device, and negative results from analysis of the information associated with the web request.
  - 12. The system of claim 10, wherein operations further comprise adding an internet protocol address associated with the device to a black list if the script request is not received.
  - 13. The system of claim 10, wherein the operations further comprise determining that the web request was not generated by a web browser of the device if the script request is not received.
  - 14. The system of claim 10, wherein the information associated with the device is received based on the script request generated from a code segment of the web page.
  - 15. The system of claim 10, wherein the operations further comprise transmitting an alternate web page to the device if a condition is met, wherein the condition is selected from the group consisting of an incorrect response to the challenge is received from the device and a response to the challenge is not received from the device.
  - 16. The system of claim 10, wherein the operations further comprise determining a traffic pattern based on analysis of the information associated with the web request, and wherein the operations further comprise adding an identifier associated with the device to a black list if the traffic pattern is determined to be abusive.

17. A computer-readable device comprising instructions, which, when loaded and executed by a processor, cause the processor to perform operations comprising:
- receiving a script request when a web request is transmitted by a device to a customer server to access a web page, wherein the script request is generated based on a code segment of the web page;
  
  determining that the web request was generated by a script if the script request is not received and if there is no data for a challenge status associated with the device;
  
  receiving information associated with a device when the web request is transmitted by the device to access the web page;
  
  determining if traffic associated with the web request from the device is suspected of being used for malicious activity;
  
  enabling the device to access the web page if the traffic is determined not to be suspected of being used for malicious activity;
  
  transmitting a challenge to the device if the traffic is determined to be suspected of being used for malicious activity;
  
  receiving information associated with the web request, wherein the information associated with the web request is provided by a uniform resource locator invoked in response to the traffic being determined to be suspected of being used for malicious activity; and
  
  authorizing the device to access the web page based on a correct response to the challenge being received from the device.
- View Dependent Claims (18, 19, 20)
- - 18. The computer-readable device of claim 17, wherein the operations further comprise denying the device access to the web page based on data selected from the group consisting of an incorrect response to the challenge being received from the device, a response to the challenge not being received from the device, negative results from analysis of the information associated with the device, and negative results from analysis of the information associated with the web request.
  - 19. The computer-readable device claim 17, wherein the operations further comprise transmitting an additional challenge to the device if an incorrect response to the challenge is received from the device.
  - 20. The computer-readable device of claim 17, wherein the operations further comprise determining that the web request was not generated by a web browser of the device if the script request is not received.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Iyer, Savitha
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
AMORIN, CARLOS E

Application Number

US12/851,279
Publication Number

US 20120036576A1
Time in Patent Office

1,356 Days
Field of Search

726/12, 726 22- 30
US Class Current

726/22
CPC Class Codes

G06F 21/554   involving event detection a...

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

Apparatus and method for defending against internet-based attacks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for defending against internet-based attacks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links