Method and system for protection against information stealing software
First Claim
1. A computer-implemented method for reducing exposure to a dictionary attack while verifying whether data transmitted over a computer network is any organizational password of a plurality of organizational passwords, wherein each organizational password may be used to accessing an account or other sensitive resources inside the organization, the method comprising:
- performing, using an electronic processor, a search of outgoing network traffic from at least one computerized device within an organizational perimeter to a site outside the organizational perimeter based, at least in part, on a weak validation, the weak validation produced using a Bloom filter, wherein the Bloom filter generates a probabilistic indication of an existence of an organizational password in the searched outgoing network traffic;
determining, using an electronic processor, the existence based only on the weak validation; and
determining, using an electronic processor, whether to block, alert, or quarantine the network traffic based at least in part on the existence; and
enforcing, using an electronic processor, the determination of whether to block, alert, or quarantine the searched outgoing network traffic.
14 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems reduce exposure to a dictionary attack while verifying whether data transmitted over a computer network is a password. In one aspect, a method includes performing a search of network traffic based, at least in part, on a weak validation using a Bloom filter based on an organizational password file, determining the existence of a password in the network traffic based only on the weak validation, and determining whether to block, alert, or quarantine the network traffic based at least in part on the existence of the password in the network traffic.
172 Citations
11 Claims
-
1. A computer-implemented method for reducing exposure to a dictionary attack while verifying whether data transmitted over a computer network is any organizational password of a plurality of organizational passwords, wherein each organizational password may be used to accessing an account or other sensitive resources inside the organization, the method comprising:
-
performing, using an electronic processor, a search of outgoing network traffic from at least one computerized device within an organizational perimeter to a site outside the organizational perimeter based, at least in part, on a weak validation, the weak validation produced using a Bloom filter, wherein the Bloom filter generates a probabilistic indication of an existence of an organizational password in the searched outgoing network traffic; determining, using an electronic processor, the existence based only on the weak validation; and determining, using an electronic processor, whether to block, alert, or quarantine the network traffic based at least in part on the existence; and enforcing, using an electronic processor, the determination of whether to block, alert, or quarantine the searched outgoing network traffic. - View Dependent Claims (2, 3, 4)
-
-
5. A system for reducing exposure to a dictionary attack while verifying whether data transmitted over a computer network is any organizational password of a plurality of organizational passwords, wherein each organizational password may be used to access an account or other sensitive resources inside the organization, the system comprising:
-
an electronic processor configured to execute computer instructions, wherein the computer instructions include a traffic analyzer in communication with the computer network, the traffic analyzer being configured to perform a search of outgoing network traffic from at least one computerized device within an organizational perimeter to a site outside the organizational perimeter based at least in part on a weak validation indicating whether the outgoing network traffic includes an organizational password, the weak validation produced using a Bloom filter, wherein the Bloom filter generates a probabilistic indication of an existence of an organizational password in the searched outgoing network traffic, and determining the existence based only on the weak validation; and a decision system configured to decide whether to do at least one of block, alert or quarantine the searched outgoing network traffic based at least in part on the existence; and enforcing the determination of whether to block, alert, or quarantine the searched outgoing network traffic. - View Dependent Claims (6, 7, 8)
-
-
9. A system for reducing exposure to a dictionary attack while verifying whether data transmitted over a computer network is any organizational password of a plurality of organizational passwords, wherein each organizational password may be used to access an account or other sensitive resources inside the organization, the system comprising:
-
an electronic processor configured to execute computer instructions, wherein the computer instructions include data traffic analyzer means in communication with the computer network, the data traffic analyzer means configured to perform a search of outgoing network traffic from at least one computerized device within an organizational perimeter to a site outside the organizational perimeter based, at least in part, on a weak validation indicating whether the outgoing network traffic includes an organizational password, the weak validation produced using a Bloom filter, wherein the Bloom filter generates a probabilistic indication of an existence of an organization password in the searched outgoing network traffic, and configured to determine the existence based only on the weak validation; decision means for deciding whether to do at least one of block, alert or quarantine the searched outgoing network traffic based at least in part on the existence; and means for enforcing the determination of whether to block, alert, or quarantine the searched outgoing network traffic. - View Dependent Claims (10, 11)
-
Specification