Device for and method of computer intrusion anticipation, detection, and remediation
First Claim
1. An electronic network, comprising:
- a) an electronic hardware network in a user-definable topology, where the electronic network includes multiple devices, where the electronic network includes a command and control layer for controlling the electronic network, where the electronic network includes a transport layer for transporting electronic messages to and from the electronic network, and where the command and control layer is changeable by the transport layer and vice versa;
b) a user-definable number of electronic hardware sensors for collecting computer traffic associated with phases of intrusion activity, where the phases are selected from the group of phases consisting of survey phase, reconnaissance phase, actual intrusion attempt phase, operating malware phase, maintenance phase and any combination of survey, reconnaissance, actual intrusion attempt, operating malware and maintenance phases;
c) a threat-assessment function block embodied in a computing device and connected to the user-definable sensors and producing an assessment of the threat to the electronic network by analyzing information collected by the sensors in user-definable combinations and permutations over a user-definable number of dimensions selected from the group of dimensions consisting of time, space, intrusion choreography, type of intrusion actor, number of intrusion actors, and any combination of time, space, intrusion choreography, type of intrusion actor and number of intrusion actors; and
d) a response function block embodied in a computing device and connected to the threat-assessment block for responding to the threat assessed by the threat-assessment function block, where the response is selected from the group of responses consisting of leaving the topology of the network unchanged, changing the topology of the network to a degree commensurate with the level of perceived threat assessed, modifying the computer traffic associated with an intrusion attempt, modifying the computer traffic associated with functioning malware, stopping computer traffic associated with an intrusion attempt within the network, stopping computer traffic associated with an intrusion attempt at a source of the computer traffic associated with the intrusion attempt, and any combination of leaving the topology of the network unchanged, changing the topology of the network to a degree commensurate with the level of perceived threat assessed, modifying the computer traffic associated with an intrusion attempt, modifying the computer traffic associated with functioning malware, stopping computer traffic associated with an intrusion attempt within the network and stopping computer traffic associated with an intrusion attempt at a source of the computer traffic associated with the intrusion attempt.
1 Assignment
0 Petitions
Accused Products
Abstract
Electronic network security by establishing a network topology, including multiple devices, where the network includes a command and control layer and a transport layer, where the command and control layer is changeable by the transport layer and vice versa. All phases of an intrusion attempt are monitored to anticipate an intrusion, prevent an intrusion, and remedy a successful intrusion. An assessment of the threat is made in multiple dimensions. The topology of the network may be changed in accordance with the threat assessment. In addition, computer traffic in the network and from the intrusion source may be modified or stopped to guard against an intrusion, prevent an intrusion, and remedy a successful intrusion. The command and control layer is changeable by the transport layer and vice versa.
50 Citations
12 Claims
-
1. An electronic network, comprising:
-
a) an electronic hardware network in a user-definable topology, where the electronic network includes multiple devices, where the electronic network includes a command and control layer for controlling the electronic network, where the electronic network includes a transport layer for transporting electronic messages to and from the electronic network, and where the command and control layer is changeable by the transport layer and vice versa; b) a user-definable number of electronic hardware sensors for collecting computer traffic associated with phases of intrusion activity, where the phases are selected from the group of phases consisting of survey phase, reconnaissance phase, actual intrusion attempt phase, operating malware phase, maintenance phase and any combination of survey, reconnaissance, actual intrusion attempt, operating malware and maintenance phases; c) a threat-assessment function block embodied in a computing device and connected to the user-definable sensors and producing an assessment of the threat to the electronic network by analyzing information collected by the sensors in user-definable combinations and permutations over a user-definable number of dimensions selected from the group of dimensions consisting of time, space, intrusion choreography, type of intrusion actor, number of intrusion actors, and any combination of time, space, intrusion choreography, type of intrusion actor and number of intrusion actors; and d) a response function block embodied in a computing device and connected to the threat-assessment block for responding to the threat assessed by the threat-assessment function block, where the response is selected from the group of responses consisting of leaving the topology of the network unchanged, changing the topology of the network to a degree commensurate with the level of perceived threat assessed, modifying the computer traffic associated with an intrusion attempt, modifying the computer traffic associated with functioning malware, stopping computer traffic associated with an intrusion attempt within the network, stopping computer traffic associated with an intrusion attempt at a source of the computer traffic associated with the intrusion attempt, and any combination of leaving the topology of the network unchanged, changing the topology of the network to a degree commensurate with the level of perceived threat assessed, modifying the computer traffic associated with an intrusion attempt, modifying the computer traffic associated with functioning malware, stopping computer traffic associated with an intrusion attempt within the network and stopping computer traffic associated with an intrusion attempt at a source of the computer traffic associated with the intrusion attempt. - View Dependent Claims (2, 3, 4)
-
-
5. A method of electronic network security, comprising the steps of:
-
a) establishing a topology in an electronic network, where the electronic network includes multiple devices, where the electronic network includes a command and control layer for controlling the network, where the electronic network includes a transport layer for transporting electronic messages to and from the electronic network, and where the command and control layer is changeable by the transport layer and vice versa; b) monitoring computer traffic to collect information associated with intrusion phases, where the intrusion phases are selected from the group of intrusion phases consisting of survey phase, reconnaissance phase, actual intrusion attempt phase, malware operation phase, and maintenance phase; c) generating an assessment of the threat to the electronic network by analyzing information collected in step (b) in user-definable combinations and permutations over user-definable dimensions selected from the group of dimensions consisting of time, space, intrusion choreography, type of intrusion actor, number of intrusion actors, and any combination of time, space, intrusion choreography, type of intrusion actor and number of intrusion actors; and d) responding to the threat assessed in step (c), where the response is selected from the group of responses consisting of leaving the topology of the network unchanged, changing the topology of the network to a degree commensurate with the threat assessment, modifying the computer traffic associated with an intrusion attempt, modifying the computer traffic associated with functioning malware, stopping computer traffic associated with an intrusion attempt within the network, stopping computer traffic associated with an intrusion attempt at a source of the computer traffic associated with the intrusion attempt, and any combination of leaving the topology of the network unchanged, changing the topology of the network to a degree commensurate with the threat assessment, modifying the computer traffic associated with an intrusion attempt, modifying the computer traffic associated with functioning malware, stopping computer traffic associated with an intrusion attempt within the network and stopping computer traffic associated with an intrusion attempt at a source of the computer traffic associated with the intrusion attempt. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
-
Specification