×

Method and system for detecting network compromise

  • US 9,356,942 B1
  • Filed: 03/04/2013
  • Issued: 05/31/2016
  • Est. Priority Date: 03/05/2012
  • Status: Active Grant
First Claim
Patent Images

1. A method for detecting an attack on a network of victim computers in a victim cloud that connect to one or more Domain Name System (DNS) or Dynamic Domain Name System (DDNS) servers, comprising:

  • operating one or more decoy bot computers in the victim cloud;

    operating one or more decoy control computers among one or more control computers that communicates with one or more victim computers and decoy bot computers in the victim cloud;

    identifying threats by analyzing data traffic communicated with the one or more victim computers, the one or more decoy bot computers and the one or more decoy control computers; and

    upon identifying information suspected of being stolen by a hacker,if the identified information was identified from a victim computer from among the one or more victim computers in communication with a control computer used by the hacker, modifying a lookup table in a DNS or DDNS server from among the one or more DNS or DDNS servers to replace an Internet Protocol (IP) address for the control computer with an Internet Protocol (IP) address for a sinkhole computer for connecting the victim computer to the sinkhole computer; and

    if the identified information was identified from a decoy bot computer from among the one or more decoy bot computers or a decoy control computer from among the one or more decoy control computers, intercepting a transmission and removing data suspected of being stolen from the data traffic while maintaining ongoing communications between the decoy control computer or the decoy bot computer and the hacker.

View all claims
  • 7 Assignments
Timeline View
Assignment View
    ×
    ×