Systems and methods for dynamic protection from electronic attacks

US 9,553,888 B2
Filed: 09/01/2015
Issued: 01/24/2017
Est. Priority Date: 07/15/2011
Status: Active Grant

First Claim

Patent Images

1. A system for reducing the security risk of computer transactions over a computer network, the system comprising:

(a) a first computer on the computer network, wherein the first computer has a first computer network address and communicates with a second computer on the computer network;

(b) a communication between the first computer and the second computer, wherein the act of the first computer communicating with the second computer comprises an indication of the first computer being engaged in a risk, wherein the communication comprises the first computer network address;

(c) one or more real-time risk rating engines on the computer network, wherein the one or more real-time risk rating engines;

(i) receive data from one or more collection agents, the data comprising a plurality of network addresses; and

(ii) autonomously detect and analyze the communication by an inductive logic algorithm to rate, classify and rank the risk of the first computer network address based on the plurality of network addresses in real-time.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for gathering, classifying, and evaluating real time security intelligence data concerning security threats presented by an IP address, and reporting in real time the degree and character of such security threats.

Citations

30 Claims

1. A system for reducing the security risk of computer transactions over a computer network, the system comprising:
- (a) a first computer on the computer network, wherein the first computer has a first computer network address and communicates with a second computer on the computer network;
  
  (b) a communication between the first computer and the second computer, wherein the act of the first computer communicating with the second computer comprises an indication of the first computer being engaged in a risk, wherein the communication comprises the first computer network address;
  
  (c) one or more real-time risk rating engines on the computer network, wherein the one or more real-time risk rating engines;
  
  (i) receive data from one or more collection agents, the data comprising a plurality of network addresses; and
  
  (ii) autonomously detect and analyze the communication by an inductive logic algorithm to rate, classify and rank the risk of the first computer network address based on the plurality of network addresses in real-time.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the second computer comprises a honeypot and the honeypot is intentionally deployed with security vulnerabilities to encourage malicious software attacks.
  - 3. The system of claim 2, wherein the honeypot comprises an unpatched operating system.
  - 4. The system of claim 2, wherein the one or more collection agents monitor the honeypot and record a network address of an attack on the honeypot.
  - 5. The system of claim 4, wherein the network address of the attack is added to the data.
  - 6. The system of claim 1, wherein the one or more real-time risk rating engines are controlled by one or more of filters or rules.
  - 7. The system of claim 1, wherein the one or more real-time risk rating engines generate analysis conclusions and collect the analysis conclusions as background knowledge for future rating, future classifying, and future ranking.
  - 8. The system of claim 1, wherein the system comprises a plurality of real-time risk rating engines and at least two real-time risk rating engines operate based on different rating methodologies.
  - 9. The system of claim 1, wherein the system comprises a plurality of real-time risk rating engines and at least two real-time risk rating engines operate based on different types of threats.
  - 10. The system of claim 1, wherein the system comprises a plurality of real-time risk rating engines and at least two real-time risk rating engines operate based on different types of gathered intelligence.

11. A non-transitory computer readable media for reducing the security risk of computer transactions over a computer network, the media comprising:
- (a) instructions for detecting a communication between a first computer and a second computer, wherein the first computer has a first network address, wherein the communication comprises an indication of the first computer being engaged in a risk, and wherein the communication comprises the first computer network address; and
  
  (b) instructions for rating risk in real-time, wherein the rating comprises;
  
  (i) receiving data from one or more collection agents, the data comprising a plurality of network addresses; and
  
  (ii) autonomously detecting and analyzing the communication by an inductive logic algorithm to rate, classify, and rank the risk of the first computer network address based on the plurality of network addresses in real-time.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The media of claim 11, wherein the second computer comprises a honeypot and the honeypot is intentionally deployed with security vulnerabilities to encourage malicious software attacks.
  - 13. The media of claim 12, wherein the honeypot comprises an unpatched operating system.
  - 14. The media of claim 12, wherein a collection agent monitors the honeypot and records a network address of an attack when the attack happens to the honeypot.
  - 15. The media of claim 14, wherein the network address of the attack is added to the data.
  - 16. The media of claim 11, wherein the rating is controlled by one or more of filters or rules.
  - 17. The media of claim 11, wherein the rating generates analysis conclusions and collects the analysis conclusions as background knowledge for future rating, future classifying and future ranking.
  - 18. The media of claim 11, wherein the rating is performed by at least two real-time risk rating engines operating based on different rating methodologies.
  - 19. The media of claim 11, wherein the rating is performed by at least two real-time risk rating engines operating based on different types of threats.
  - 20. The media of claim 11, wherein the rating is performed by at least two real-time risk rating engines operating based on different types of gathered intelligence.

21. A method for reducing the security risk of computer transactions over a computer network, the method comprising:
- (a) detecting a communication between a first computer and a second computer, wherein the first computer has a first network address, wherein the communication comprises an indication of the first computer being engaged in a risk, and wherein the communication comprises the first computer network address; and
  
  (b) rating the risk in real-time, wherein the rating comprises;
  
  (i) receiving data from one or more collection agents, the data comprising a plurality of network addresses; and
  
  (ii) autonomously detecting and analyzing the communication by an inductive logic algorithm to rate, classify, and rank the risk of the first computer network address based on the plurality of network addresses in real-time.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The method of claim 21, wherein the second computer comprises a honeypot and the honeypot is intentionally deployed with security vulnerabilities to encourage malicious software attacks.
  - 23. The method of claim 22, wherein the honeypot comprises an unpatched operating system.
  - 24. The method of claim 22, wherein a collection agent monitors the honeypot and records a network address of an attack when the attack happens to the honeypot.
  - 25. The method of claim 24, wherein the network address of the attack is added to the data.
  - 26. The method of claim 21, wherein the rating is controlled by one or more of filters or rules.
  - 27. The method of claim 21, wherein the rating generates analysis conclusions and collects the analysis conclusions as background knowledge for future rating, future classifying and future ranking.
  - 28. The method of claim 21, wherein the rating is performed by at least two real-time risk rating engines operating based on different rating methodologies.
  - 29. The method of claim 21, wherein the rating is performed by at least two real-time risk rating engines operating based on different types of threats.
  - 30. The method of claim 21, wherein the rating is performed by at least two real-time risk rating engines operating based on different types of gathered intelligence.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Norse Networks, Inc.
Original Assignee
Norse Networks, Inc.
Inventors
Stiansen, Tommy, Glines, Samuel M., Foss, Sheldon H. Jr.
Primary Examiner(s)
Song, Hosuk

Application Number

US14/842,603
Publication Number

US 20150373044A1
Time in Patent Office

511 Days
Field of Search

726 22- 27, 709223-225, 713/150, 713152-154, 713/162, 705/64
US Class Current

1/1
CPC Class Codes

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

H04L 63/1491   using deception as counterm...

H04L 63/302   gathering intelligence info...

Systems and methods for dynamic protection from electronic attacks

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for dynamic protection from electronic attacks

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links