Network appliance for dynamic protection from risky network activities

US 9,942,250 B2
Filed: 02/26/2015
Issued: 04/10/2018
Est. Priority Date: 08/06/2014
Status: Active Grant

First Claim

Patent Images

1. An electronic appliance on a computer network for enhancing computer security, the appliance comprising:

(a) a data storage configured to store a template of risky addresses, the risky addresses comprising a first numerical address and a portion of a second numerical address;

(b) a receiving module configured to receive data packets from two or more computing devices at two or more distinct geolocations;

(c) a detection module configured to;

1) analyze addresses in the data packets to identify a threat address, wherein the analysis;

(i) is based on one or more artificial intelligence algorithms without using any of the following;

a deep packet inspection, a signature, and a virtual network machine; and

(ii) comprises evaluating a plurality of risk factors of the addresses in the data packets, deriving a single actionable risk score, and determining the threat address based on the single actionable risk score;

wherein the analysis further comprises;

identifying a source address in the data packets, identifying and tracking a location of the data packets, exploring a history of past analyses, and associating a risk category with the data packets;

2) block one or more risky data packets associated with the threat address;

or remove the one or more risky data packets and generate one or more safe data packets; and

3) update the template of the risky addresses based on results of the analysis; and

(d) a transmission module configured to transmit the one or more safe data packets to a destination computing device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Electronic appliances, computer-implemented systems, non-transitory media, and methods are provided to identify risky network activities using intelligent algorithms. The appliances, systems, media, and methods enable rapid detection of risky activities.

76 Citations

View as Search Results

24 Claims

1. An electronic appliance on a computer network for enhancing computer security, the appliance comprising:
- (a) a data storage configured to store a template of risky addresses, the risky addresses comprising a first numerical address and a portion of a second numerical address;
  
  (b) a receiving module configured to receive data packets from two or more computing devices at two or more distinct geolocations;
  
  (c) a detection module configured to;
  
  1) analyze addresses in the data packets to identify a threat address, wherein the analysis;
  
  (i) is based on one or more artificial intelligence algorithms without using any of the following;
  
  a deep packet inspection, a signature, and a virtual network machine; and
  
  (ii) comprises evaluating a plurality of risk factors of the addresses in the data packets, deriving a single actionable risk score, and determining the threat address based on the single actionable risk score;
  
  wherein the analysis further comprises;
  
  identifying a source address in the data packets, identifying and tracking a location of the data packets, exploring a history of past analyses, and associating a risk category with the data packets;
  
  2) block one or more risky data packets associated with the threat address;
  
  or remove the one or more risky data packets and generate one or more safe data packets; and
  
  3) update the template of the risky addresses based on results of the analysis; and
  
  (d) a transmission module configured to transmit the one or more safe data packets to a destination computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The appliance of claim 1, wherein the data storage is further configured to store a template of a risky activity, the risky activity comprising one or more of the following:
    - virus, virus distribution, phishing, intrusion, an attack, malware, fraud, identity theft, crime, cyberbullying, denial-of-service, hacking, digital piracy, intellectual property infringement, pornography production or distribution, controlled substance trade, terrorism, insurrection, smuggling, disobedience, money laundering, and unencrypted data communication.
  - 3. The appliance of claim 1, wherein the risky addresses comprise one or more of the following:
    - an Internet protocol address, a domain name, a portion of a domain name, and an email address.
  - 4. The appliance of claim 1, wherein one of the two or more computing devices is a remote device on the computer network, a local device on the computer network, or a component of the appliance.
  - 5. The appliance of claim 1, wherein the data packets are sent to the receiving module under a single communication protocol or under different communication protocols.
  - 6. The appliance of claim 1, wherein the analyzing the addresses in the data packets comprises analyzing simultaneously two or more data packets.
  - 7. The appliance of claim 1, wherein the one or more artificial intelligence algorithms comprise one or more of the following:
    - pattern recognition, inferential algorithm, planning algorithm, heuristic algorithm, probabilistic reasoning, logical algorithm, search algorithm, decision tree algorithm, red-black tree algorithm, Levensthein algorithm, CacheHill algorithm, PCRE algorithm, Oliver decision graph algorithm, genetic algorithm, learning algorithm, self-teaching algorithm, self-modifying algorithm, optimization, and graphical modeling.
  - 8. The appliance of claim 1, further comprising an alert module configured to generate an alert when the threat address is identified, the alert comprising one or more of the following:
    - a visual alert, a sound alert, a text alert, and an email alert.

9. An electronic appliance on a computer network for enhancing computer security, the appliance comprising:
- (a) a communication module configured to allow the appliance to communicate with one or more honeypot computers;
  
  (b) a data storage configured to store information of risky addresses, wherein the information is provided by the one or more honeypot computers regularly or irregularly and the risky addresses comprise a first numerical address and a portion of a second numerical address;
  
  (c) a receiving module configured to receive data packets from two or more computing devices at two or more distinct geolocations;
  
  (d) a detection module configured to;
  
  1) analyze addresses in the data packets to identify a threat address, wherein the analysis;
  
  (i) is based on one or more artificial intelligence algorithms without using any of the following;
  
  a deep packet inspection, a signature, and a virtual network machine; and
  
  (ii) comprises evaluating a plurality of risk factors of the addresses in the data packets, deriving a single actionable risk score, and determining the threat address based on the single actionable risk score;
  
  wherein the analysis further comprises;
  
  identifying a source address in the data packets, identifying and tracking a location of the data packets, exploring a history of past analyses, and associating a risk category with the data packets;
  
  2) block one or more risky data packets associated with the threat address;
  
  or remove the one or more risky data packets and generate one or more safe data packets; and
  
  3) update the information of the risky addresses based on results of the analysis; and
  
  (e) a transmission module configured to transmit the one or more safe data packets to a destination computing device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The appliance of claim 9, wherein the data storage is further configured to store information of a risky activity, the risky activity comprising one or more of the following:
    - virus, virus distribution, phishing, intrusion, an attack, malware, fraud, identity theft, crime, cyberbullying, denial-of-service, hacking, digital piracy, intellectual property infringement, pornography production or distribution, controlled substance trade, terrorism, insurrection, smuggling, disobedience, money laundering, and unencrypted data communication.
  - 11. The appliance of claim 9, wherein the risky addresses comprise one or more of the following:
    - an Internet protocol address, a domain name, a portion of a domain name, and an email address.
  - 12. The appliance of claim 9, wherein one of the two or more computing devices is a remote device on the computer network, a local device on the computer network, or a component of the appliance.
  - 13. The appliance of claim 9, wherein the data packets are sent to the receiving module under a single communication protocol or under different communication protocols.
  - 14. The appliance of claim 9, wherein the analyzing the addresses in the data packets comprises analyzing simultaneously two or more data packets.
  - 15. The appliance of claim 9, wherein the one or more artificial intelligence algorithms comprise one or more of the following:
    - pattern recognition, inferential algorithm, planning algorithm, heuristic algorithm, probabilistic reasoning, logical algorithm, search algorithm, decision tree algorithm, red-black tree algorithm, Levensthein algorithm, CacheHill algorithm, PCRE algorithm, Oliver decision graph algorithm, genetic algorithm, learning algorithm, self-teaching algorithm, self-modifying algorithm, optimization, and graphical modeling.
  - 16. The appliance of claim 9, further comprising an alert module configured to generate an alert when the threat address is identified, the alert comprising one or more of the following:
    - a visual alert, a sound alert, a text alert, and an email alert.
  - 17. The appliance of claim 9, further comprising an analytics module configured to visualize and summarize one or more risky activities happening within a period of time.

18. A system on a computer network for enhancing computer security, the system comprising:
- (a) a digital signal processor;
  
  (b) memory; and
  
  (c) an operating system configured to execute computer instructions to create a software application comprising;
  
  1) a database configured to store a template of risky addresses, the risky addresses comprising a first numerical address and a portion of a second numerical address;
  
  2) a receiving module configured to receive one or more data packets from two or more computing devices at two or more distinct geolocations;
  
  3) a detection module configured to;
  
  i) analyze addresses in the data packets to identify a threat address, wherein the analysis;
  
  (A) is based on one or more artificial intelligence algorithms without using any of the following;
  
  a deep packet inspection, a signature, and a virtual network machine, and (B) comprises evaluating a plurality of risk factors of the addresses in the data packets, deriving a single actionable risk score, and determining the threat address based on the single actionable risk score;
  
  wherein the analysis further comprises;
  
  identifying a source address in the data packets, identifying and tracking a location of the data packets, exploring a history of past analyses, and associating a risk category with the data packets;
  
  ii) block one or more risky data packets associated with the threat address;
  
  or remove the one or more risky data packets and generate one or more safe data packets; and
  
  iii) update the template of the risky addresses based on results of the analysis; and
  
  4) a transmission module configured to transmit the one or more safe data packets to a destination computing device.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The system of claim 18, wherein the database is further configured to store a template of a risky activity, the risky activity comprising one or more of the following:
    - virus, virus distribution, phishing, intrusion, an attack, malware, fraud, identity theft, crime, cyberbullying, denial-of-service, hacking, digital piracy, intellectual property infringement, pornography production or distribution, controlled substance trade, terrorism, insurrection, smuggling, disobedience, money laundering, and unencrypted data communication.
  - 20. The system of claim 18, wherein the risky addresses comprise one or more of the following:
    - an Internet protocol address, a domain name, a portion of a domain name, and an email address.
  - 21. The system of claim 18, wherein one of the two or more computing devices is a remote device on the computer network, a local device on the computer network, or a component of the system.
  - 22. The system of claim 18, wherein the data packets are sent to the receiving module under a single communication protocol or under different communication protocols.
  - 23. The system of claim 18, wherein the one or more artificial intelligence algorithms comprise one or more of the following:
    - pattern recognition, inferential algorithm, planning algorithm, heuristic algorithm, probabilistic reasoning, logical algorithm, search algorithm, decision tree algorithm, red-black tree algorithm, Levensthein algorithm, CacheHill algorithm, PCRE algorithm, Oliver decision graph algorithm, genetic algorithm, learning algorithm, self-teaching algorithm, self-modifying algorithm, optimization, and graphical modeling.
  - 24. The system of claim 18, wherein the software application further comprises:
    - (a) an alert module configured to generate an alert when the threat address is identified, the alert comprising one or more of the following;
      
      a visual alert, a sound alert, a text alert, and an email alert;
      
      or(b) an analytics module configured to visualize and summarize one or more risky activities happening within a period of time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Norse Networks, Inc.
Original Assignee
Norse Networks, Inc.
Inventors
Stiansen, Tommy, Perlstein, Alfred, Foss, Jr., Sheldon
Primary Examiner(s)
Rahman, Mahfuzur
Assistant Examiner(s)
VICTORIA, NARCISO F

Application Number

US14/632,514
Publication Number

US 20160044054A1
Time in Patent Office

1,139 Days
Field of Search

726 24
US Class Current
CPC Class Codes

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/1458   Denial of Service

H04L 63/1483   service impersonation, e.g....

Network appliance for dynamic protection from risky network activities

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

76 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Network appliance for dynamic protection from risky network activities

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

76 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links