System and method of active remediation and passive protection against cyber attacks

US 9,648,029 B2
Filed: 07/30/2013
Issued: 05/09/2017
Est. Priority Date: 07/30/2012
Status: Active Grant

First Claim

Patent Images

1. A method for active remediation and/or passive protection against cyberattacks, the method comprising:

monitoring at least a portion of network data between at least one first network and at least one second network to detect one or more attacks and/or unauthorized access to at least one first agent in the at least one first network by at least one initiating agent in the at least one second network;

initiating a traceback to an identified source of the attack for generating a range of possible rogue agents compromised by unauthorized accesses and used by the identified source for the attack in the second network and sending a message to the range of possible rogue agents comprising notification to rogue agent administrators that their computer is being used in an attack; and

sending a response to the identified source of the attack, wherein requested data is replaced with protected data comprising a protection module embedded within non-confidential data, which is executed when the protected data is accessed to create an evidentiary trail for legal prosecution of the unauthorized access.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for active remediation and/or passive protection against cyber attacks includes an active remediation and passive protection server computer for monitoring at least a portion of network data between at least one first network and at least one second network to detect one or more attacks and/or unauthorized access to at least one first agent in the at least one first network by at least one second agent in the at least one second network. The active remediation and passive protection server computer executes at least one of (i) one or more active remediation mechanisms to actively respond to the one or more detected attacks and/or unauthorized access and (ii) one or more passive protection mechanisms to passively protect against the one or more detected attacks and/or unauthorized access.

18 Citations

View as Search Results

15 Claims

1. A method for active remediation and/or passive protection against cyberattacks, the method comprising:
- monitoring at least a portion of network data between at least one first network and at least one second network to detect one or more attacks and/or unauthorized access to at least one first agent in the at least one first network by at least one initiating agent in the at least one second network;
  
  initiating a traceback to an identified source of the attack for generating a range of possible rogue agents compromised by unauthorized accesses and used by the identified source for the attack in the second network and sending a message to the range of possible rogue agents comprising notification to rogue agent administrators that their computer is being used in an attack; and
  
  sending a response to the identified source of the attack, wherein requested data is replaced with protected data comprising a protection module embedded within non-confidential data, which is executed when the protected data is accessed to create an evidentiary trail for legal prosecution of the unauthorized access.
- View Dependent Claims (2, 3, 4, 5, 6, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising:
    - determining at least one source of the one or more attacks and/or unauthorized access.
  - 3. The method of claim 2, further comprising:
    - determining at least one of an operating system, open and/or closed ports, and a type of malware or virus infection of the at least one source of the one or more attacks and/or unauthorized access.
  - 4. The method of claim 1, wherein an active remediation response further comprises at least one of providing one or more payloads to the identified source to remove malware or virus infections or exploit one or more vulnerabilities on the identified source of the one or more attacks and/or unauthorized access and sending one or more notification messages including information associated with the one or more attacks and/or unauthorized access to one or more enforcement agencies.
  - 5. The method of claim 1, wherein the one or more passive protections comprise at least one of throttling the one or more attacks and/or unauthorized access, interrupting the one or more attacks and/or unauthorized access, performing or executing a passive protection counter measure to protect the at least one first agent, and sending one or more messages including information associated with the one or more attacks and/or unauthorized access to the at least one first agent.
  - 6. The method of claim 1, further comprising:
    - selecting, by the active remediation and passive protection server computer, the one or more passive protections and the active remediation response from a plurality of different passive protections and a plurality of different active remediation responses, and based on a type of the one or more detected attacks and/or unauthorized access.
  - 9. The method for active remediation and/or passive protection against cyber attacks of claim 1, further comprising sending a reconnaissance payload to the identified source to gather reconnaissance data relating to the identified source.
  - 10. The method for active remediation and/or passive protection against cyber attacks of claim 1, further comprising when an associated application accesses the protected data, the protection module is executed.
  - 11. The method for active remediation and/or passive protection against cyber attacks of claim 1, further comprising replacing the requested data with alternate data.
  - 12. The method for active remediation and/or passive protection against cyber attacks of claim 1, wherein the protection module renders inaccessible the protected data if the protection module determines an unauthorized agent attempts to access the protected data.

7. A system for active remediation and/or passive protection against cyber attacks, the system comprising:
- an active remediation and passive protection server computer between at least one first network and at least one second network, wherein the active remediation and passive protection server computer is configured to;
  
  monitor at least a portion of network data between the at least one first network and the at least one second network to detect one or more attacks and/or unauthorized access to at least one first agent in the at least one first network by at least one initiating agent in the at least one second network; and
  
  execute (i) an active remediation response to actively respond to the one or more detected attacks and/or unauthorized access by initiating a traceback to an identified source of the attack to generate a range of possible rogue agents compromised by unauthorized accesses and used by the identified source for the attack in the second network and sending a message to the range of possible rogue agents comprising notification to rogue agent administrators that their computer is being used in an attack, and (ii) one or more passive protections to passively protect against the one or more detected attacks and/or unauthorized access, wherein passive protections include replacing requested data with protected data comprising a protection module embedded within new non-confidential data, which is executed when the protected data is accessed to create an evidentiary trail for legal prosecution of the unauthorized access.
- View Dependent Claims (13, 14, 15)
- - 13. The system for active remediation and/or passive protection of claim 7, further comprising a reconnaissance payload.
  - 14. The system for active remediation and/or passive protection of claim 7, further comprising a protection payload embedded in the protection module wherein, when an associated application accesses the protected data, the protection module is executed.
  - 15. The system for active remediation and/or passive protection of claim 14, further comprising a protection payload wherein the protection module renders inaccessible the protected data if the protection module determines an unauthorized agent attempts to access the protected data.

8. A non-transitory computer readable medium storing a computer program which when executed by a processor of a computer is capable of performing a method for active remediation and/or passive protection against cyber attacks, the method comprising:
- monitoring at least a portion of network data between at least one first network and at least one second network to detect one or more attacks and/or unauthorized access to at least one first agent in the at least one first network by at least one initiating agent in the at least one second network; and
  
  (generating a traceback to an identified source of the attack and generating a range of possible rogue agents compromised by unauthorized accesses and used by the identified source for the attack in the second network and sending a message to the range of possible rogue agents comprising notification to rogue agent administrators that their computer is being used in an attack; and
  
  sending a response to the identified source of the attack, wherein requested data is replaced with protected data comprising a protection module embedded within new non-confidential data, which is executed when the protected data is accessed to create an evidentiary trail for legal prosecution of the unauthorized access.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Newegg Incorporated (Newegg Commerce, Inc.)
Original Assignee
Newegg Incorporated (Newegg Commerce, Inc.)
Inventors
Cheng, Lee C.
Primary Examiner(s)
Desrosiers, Evans
Assistant Examiner(s)
Farooqui, Quazi

Application Number

US13/953,790
Publication Number

US 20140033310A1
Time in Patent Office

1,379 Days
Field of Search

726 11- 13, 726 22- 30, 713150, 713156, 713175-177
US Class Current
CPC Class Codes

H04L 63/1408 by monitoring network traff...

H04L 63/1416 Event detection, e.g. attac...

System and method of active remediation and passive protection against cyber attacks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

System and method of active remediation and passive protection against cyber attacks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others