Method and system for protection against information stealing software

US 8,959,634 B2
Filed: 03/22/2013
Issued: 02/17/2015
Est. Priority Date: 03/19/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for reducing exposure to a dictionary attack while verifying whether data transmitted over a computer network is any organizational password of a plurality of organizational passwords, wherein each organizational password may be used to accessing an account or other sensitive resources inside the organization, the method comprising:

performing, using an electronic processor, a search of outgoing network traffic from at least one computerized device within an organizational perimeter to a site outside the organizational perimeter based, at least in part, on a weak validation, the weak validation produced using a Bloom filter, wherein the Bloom filter generates a probabilistic indication of an existence of an organizational password in the searched outgoing network traffic;

determining, using an electronic processor, the existence based only on the weak validation; and

determining, using an electronic processor, whether to block, alert, or quarantine the network traffic based at least in part on the existence; and

enforcing, using an electronic processor, the determination of whether to block, alert, or quarantine the searched outgoing network traffic.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems reduce exposure to a dictionary attack while verifying whether data transmitted over a computer network is a password. In one aspect, a method includes performing a search of network traffic based, at least in part, on a weak validation using a Bloom filter based on an organizational password file, determining the existence of a password in the network traffic based only on the weak validation, and determining whether to block, alert, or quarantine the network traffic based at least in part on the existence of the password in the network traffic.

172 Citations

11 Claims

1. A computer-implemented method for reducing exposure to a dictionary attack while verifying whether data transmitted over a computer network is any organizational password of a plurality of organizational passwords, wherein each organizational password may be used to accessing an account or other sensitive resources inside the organization, the method comprising:
- performing, using an electronic processor, a search of outgoing network traffic from at least one computerized device within an organizational perimeter to a site outside the organizational perimeter based, at least in part, on a weak validation, the weak validation produced using a Bloom filter, wherein the Bloom filter generates a probabilistic indication of an existence of an organizational password in the searched outgoing network traffic;
  
  determining, using an electronic processor, the existence based only on the weak validation; and
  
  determining, using an electronic processor, whether to block, alert, or quarantine the network traffic based at least in part on the existence; and
  
  enforcing, using an electronic processor, the determination of whether to block, alert, or quarantine the searched outgoing network traffic.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising encoding an organization password file storing the plurality of organizational passwords with the Bloom filter.
  - 3. The method of claim 1, wherein a traffic analyzer in communication with the computer network is configured to block the searched data from being transmitted over the network if the probabilistic indication is greater than zero.
  - 4. The method of claim 1, wherein a percent of false positives provided by the Bloom Filter is tunable.

5. A system for reducing exposure to a dictionary attack while verifying whether data transmitted over a computer network is any organizational password of a plurality of organizational passwords, wherein each organizational password may be used to access an account or other sensitive resources inside the organization, the system comprising:
- an electronic processor configured to execute computer instructions, wherein the computer instructions include a traffic analyzer in communication with the computer network, the traffic analyzer being configured to perform a search of outgoing network traffic from at least one computerized device within an organizational perimeter to a site outside the organizational perimeter based at least in part on a weak validation indicating whether the outgoing network traffic includes an organizational password, the weak validation produced using a Bloom filter, wherein the Bloom filter generates a probabilistic indication of an existence of an organizational password in the searched outgoing network traffic, and determining the existence based only on the weak validation; and
  
  a decision system configured to decide whether to do at least one of block, alert or quarantine the searched outgoing network traffic based at least in part on the existence; and
  
  enforcing the determination of whether to block, alert, or quarantine the searched outgoing network traffic.
- View Dependent Claims (6, 7, 8)
- - 6. The system of claim 5, further comprising a gateway configured to receive instructions from the decision system.
  - 7. The system of claim 6, wherein the traffic analyzer is installed on the gateway.
  - 8. The system of claim 5, wherein a percent of false positives provided by the Bloom Filter is tunable.

9. A system for reducing exposure to a dictionary attack while verifying whether data transmitted over a computer network is any organizational password of a plurality of organizational passwords, wherein each organizational password may be used to access an account or other sensitive resources inside the organization, the system comprising:
- an electronic processor configured to execute computer instructions, wherein the computer instructions include data traffic analyzer means in communication with the computer network,the data traffic analyzer means configured to perform a search of outgoing network traffic from at least one computerized device within an organizational perimeter to a site outside the organizational perimeter based, at least in part, on a weak validation indicating whether the outgoing network traffic includes an organizational password, the weak validation produced using a Bloom filter, wherein the Bloom filter generates a probabilistic indication of an existence of an organization password in the searched outgoing network traffic, and configured to determine the existence based only on the weak validation;
  
  decision means for deciding whether to do at least one of block, alert or quarantine the searched outgoing network traffic based at least in part on the existence; and
  
  means for enforcing the determination of whether to block, alert, or quarantine the searched outgoing network traffic.
- View Dependent Claims (10, 11)
- - 10. The system of claim 9, wherein the data traffic analyzer means blocks the data from being transmitted over the network if the probabilistic indication is greater than zero.
  - 11. The system of claim 9, wherein a percent of false positives provided by the Bloom Filter is tunable.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forcepoint LLC
Original Assignee
Forcepoint LLC
Inventors
Troyansky, Lidror
Primary Examiner(s)
Le, Chau
Assistant Examiner(s)
ZHAO, DON GORDON

Application Number

US13/849,377
Publication Number

US 20130227684A1
Time in Patent Office

697 Days
Field of Search

726/5, 726/6, 726/18, 726/22
US Class Current

726/22
CPC Class Codes

G06F 21/46   by designing passwords or c...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1433   Vulnerability analysis

Method and system for protection against information stealing software

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

172 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for protection against information stealing software

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

172 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links