Systems and methods for dynamic protection from electronic attacks

US 8,726,379 B1
Filed: 07/16/2012
Issued: 05/13/2014
Est. Priority Date: 07/15/2011
Status: Active Grant

First Claim

Patent Images

1. A system for reducing the security risk of transactions with a computer over a computer network, said system comprising:

a computer network;

a honeypot computer on said computer network;

a first computer on said computer network, said first computer having a first computer network address and said first computer communicating with said honeypot computer over said computer network;

a communication between said first computer and said honeypot computer, the act of said first computer communicating with said honeypot computer being indicative of a user of said first computer being engaged in a risk activity and said communication including said first computer network address;

a monitoring system on said computer network having one or more monitoring agents autonomously obtaining said first computer network address from said communication between said first computer and said honeypot computer;

one or more algorithms assigning a risk score and a risk category indicative of said risk activity to transactions over said computer network from said first computer network address, said risk score based at least in part on the act of said first computer communicating with said honeypot computer and said risk category based at least in part on the content of said honeypot computer;

wherein said monitoring system utilizes said risk score and said risk category to inhibit a communication between said first computer and a third computer.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for gathering, classifying, and evaluating real time security intelligence data concerning security threats presented by an IP address, and reporting in real time the degree and character of such security threats.

399 Citations

14 Claims

1. A system for reducing the security risk of transactions with a computer over a computer network, said system comprising:
- a computer network;
  
  a honeypot computer on said computer network;
  
  a first computer on said computer network, said first computer having a first computer network address and said first computer communicating with said honeypot computer over said computer network;
  
  a communication between said first computer and said honeypot computer, the act of said first computer communicating with said honeypot computer being indicative of a user of said first computer being engaged in a risk activity and said communication including said first computer network address;
  
  a monitoring system on said computer network having one or more monitoring agents autonomously obtaining said first computer network address from said communication between said first computer and said honeypot computer;
  
  one or more algorithms assigning a risk score and a risk category indicative of said risk activity to transactions over said computer network from said first computer network address, said risk score based at least in part on the act of said first computer communicating with said honeypot computer and said risk category based at least in part on the content of said honeypot computer;
  
  wherein said monitoring system utilizes said risk score and said risk category to inhibit a communication between said first computer and a third computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein said computer network is the Internet.
  - 3. The system of claim 1, wherein said first computer network addresses is an Internet Protocol address.
  - 4. The system of claim 1, wherein one or more of said one or more monitoring agents is selected from the group consisting of:
    - a bot;
      
      a daemon;
      
      a terminate-and-stay-resident program;
      
      a honeypot;
      
      a computer;
      
      a virtual computer;
      
      a network device;
      
      a virtual network device;
      
      a spider;
      
      a P2P networking client;
      
      a P2P networking server;
      
      a packet filter;
      
      a packet sniffer;
      
      a firewall;
      
      a chat client;
      
      a chat server;
      
      a file transfer client;
      
      a file transfer server;
      
      a newsgroup reader;
      
      a newsgroup server provider;
      
      a file sharing client;
      
      a file sharing server;
      
      a web server;
      
      a web site;
      
      a web page;
      
      a translation program;
      
      a genetic algorithm;
      
      a learning algorithm;
      
      a self-replicating program;
      
      a worm;
      
      a Trojan horse.
  - 5. The system of claim 1, wherein one or more of said one or more algorithms is selected from the group consisting of:
    - pattern recognition;
      
      inferential algorithm;
      
      planning algorithm;
      
      heuristic algorithm;
      
      logical algorithm;
      
      search algorithm;
      
      decision tree algorithm;
      
      red-black tree algorithm;
      
      Levensthein algorithm;
      
      CacheHill algorithm;
      
      PCRE algorithm;
      
      Oliver decision graph algorithm;
      
      genetic algorithm;
      
      learning algorithm;
      
      self-teaching algorithm;
      
      self-modifying algorithm.
  - 6. The system of claim 1, wherein said risk activity is selected from the group consisting of:
    - fraud;
      
      identify theft;
      
      crime;
      
      cyberbullying;
      
      denial-of-service;
      
      hacking;
      
      virus authoring or distribution;
      
      exploit authoring or distribution;
      
      digital piracy;
      
      intellectual property infringement;
      
      pornography production or distribution;
      
      controlled substance trade;
      
      terrorism;
      
      insurrection;
      
      smuggling;
      
      organized crime;
      
      civil disobedience;
      
      money laundering.
  - 7. The system of claim 1, wherein said risk score and said risk category are provided through an application programming interface.
  - 8. The system of claim 1, wherein said risk score is in the value range 0 to 100 inclusive.

9. A method for reducing the security risk of transactions with a computer over a computer network, said method comprising:
- providing a computer network;
  
  providing a honeypot computer on said computer network;
  
  providing a first computer on said computer network, said first computer having a first computer network address and said first computer communicating with said honeypot computer;
  
  providing a communication between said first computer and said honeypot computer, said communication including said first computer network address and the act of said first computer communicating with said honeypot computer being indicative of a user of said first computer being engaged in a risk activity;
  
  obtaining said first computer network address from said communication between said first computer and said honeypot computer;
  
  assigning a risk score to said first computer network address based at least in part on the act of said first computer communicating with said honeypot computer;
  
  assigning a risk category indicative of said risk activity to said first computer network address based at least in part on the content of said honeypot computer;
  
  transmitting said risk score and said risk category over said computer network to a third computer communicating with said first computer over said computer network;
  
  inhibiting communication between said first computer and said third computer based at least in part on said risk score and said risk category;
  
  reducing the security risk of transactions with said first computer over said computer network.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, wherein said computer network is the Internet.
  - 11. The method of claim 9, wherein said first computer network addresses is an Internet Protocol address.
  - 12. The method of claim 9, wherein said risk category is selected from the group consisting of:
    - commercial risk;
      
      fraud risk;
      
      identify theft risk;
      
      criminal risk;
      
      social risk;
      
      denial-of-service risk;
      
      hacking risk;
      
      virus risk;
      
      exploit risk;
      
      infringement risk;
      
      pornography risk;
      
      drug risk;
      
      terrorism risk.
  - 13. The method of claim 9, wherein said risk score and said risk category are provided autonomously through an application programming interface.
  - 14. The method of claim 9, wherein said risk score is in the value range 0 to 100 inclusive.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Norse Networks, Inc.
Original Assignee
Norse Corporation
Inventors
Glines, Samuel M., Foss, Sheldon H. Jr., Stiansen, Tommy
Primary Examiner(s)
Song, Hosuk

Application Number

US13/550,354
Time in Patent Office

666 Days
Field of Search

726 22- 27, 713/150, 713152-154, 713/162, 705/64
US Class Current

726/22
CPC Class Codes

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

H04L 63/1491   using deception as counterm...

H04L 63/302   gathering intelligence info...

Systems and methods for dynamic protection from electronic attacks

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

399 Citations

14 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for dynamic protection from electronic attacks

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

399 Citations

14 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others