UNAUTHORIZED ACCESS INFORMATION COLLECTION SYSTEM

US 20100118717A1
Filed: 12/27/2007
Published: 05/13/2010
Est. Priority Date: 01/12/2007
Status: Active Grant

First Claim

Patent Images

1. An unauthorized access information collection system for monitoring unauthorized access to a honeynet so as to collect unauthorized access information, the system comprising:

a plurality of honey pots in which a private address or a global address is respectively set and which construct the honeynet; and

an unauthorized access information collection device which is disposed between an Internet and the honeynet and which allocates a plurality of global addresses to the private address or the global address by setting of a routing table to transfer a received packet and which performs a communication control from the honeynet side to the Internet side based on a communication control list and records the packets passing through the unauthorized access information collection device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an unauthorized access information collection system for monitoring unauthorized access to a honeynet so as to collect unauthorized access information, the system includes: a plurality of honey pots in which a private address or a global address is respectively set and which construct the honeynet; and an unauthorized access information collection device which is disposed between an Internet and the honeynet and which allocates a plurality of global addresses to the private address or the global address by setting of a routing table to transfer a received packet and which performs a communication control from the honeynet side to the Internet side based on a communication control list and records the packets passing through the unauthorized access information collection device.

41 Citations

View as Search Results

12 Claims

1. An unauthorized access information collection system for monitoring unauthorized access to a honeynet so as to collect unauthorized access information, the system comprising:
- a plurality of honey pots in which a private address or a global address is respectively set and which construct the honeynet; and
  
  an unauthorized access information collection device which is disposed between an Internet and the honeynet and which allocates a plurality of global addresses to the private address or the global address by setting of a routing table to transfer a received packet and which performs a communication control from the honeynet side to the Internet side based on a communication control list and records the packets passing through the unauthorized access information collection device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The unauthorized access information collection system as claimed in claim 1, wherein the unauthorized access information collection device comprises:
    - a first communication unit for conducting a communication through the Internet;
      
      a second communication unit for conducting a communication through the honeynet;
      
      a storage unit which stores the routing table; and
      
      an arithmetic control unit which controls the entire device and records a packet received through the first communication unit in the storage unit and which writes a first detection point identifier, a destination global address and a destination port number into the recorded packet and which, if the destination global address is present in the routing table, rewrites a destination address of the received packet into the private address or the global address and which rewrites a destination address of the previously recorded packet into the private address or the global address and writes a second detection point identifier and stores the second detection point identifier in the storage unit and which transfers the received packet rewritten into the private address or the global address through the second communication unit and which discards the received packet when the destination global address is not present in the routing table.
  - 3. The unauthorized access information collection system as claimed in claim 1, wherein the unauthorized access information collection device comprises:
    - a first communication unit for conducting a communication through the Internet;
      
      a second communication unit for conducting a communication through the honeynet;
      
      a storage unit which stores the communication control list; and
      
      an arithmetic control unit which controls the entire device and which, if limit information about a source global address or a source private address of a packet received through the second communication unit is not registered in the communication control list, records the received packet in the storage unit and writes a third detection point identifier into the recorded packet and which rewrites a source address of the received packet into a global address and transfers the global address through the first communication unit and which, if the limit information is present in the communication control list, records the received packet in the storage unit, writes a fourth detection point identifier into the recorded packet and discards the received packet.
  - 4. The unauthorized access information collection system as claimed in claim 2, wherein the arithmetic control unit:
    - displays an Internet plane, an device plane and a honeynet plane which use an IP address and a port number as each of coordinate axes on a display unit and reads a recorded packet out of the storage unit;
      
      makes a drawing between the Internet plane and the device plane when the first detection point identifier is written;
      
      makes a drawing between the device plane and the honeynet plane when the second detection point identifier is written;
      
      makes a drawing between the honeynet plane and the Internet plane when the third detection point identifier is written; and
      
      makes a drawing between the honeynet plane and the device plane when the fourth detection point identifier is written.
  - 5. The unauthorized access information collection system as claimed in claim 4wherein when the first detection point identifier is written, the arithmetic control unit displays a source address in coordinates of the Internet plane and displays the destination address in coordinates of the device plane and makes a drawing such that two points are connected to each other with a line segment.
  - 6. The unauthorized access information collection system as claimed in claim 4wherein when the second detection point identifier is written, the arithmetic control unit displays a destination global address before rewriting in coordinates of the device plane and displays the rewritten private address or the rewritten global address in coordinates of the honeynet plane and makes a drawing such that two points are connected to each other with a line segment.
  - 7. The unauthorized access information collection system as claimed in claim 4wherein when the third detection point identifier is written, the arithmetic control unit displays a source address in coordinates of the honeynet plane and displays a destination address in coordinates of the Internet plane and makes a drawing such that two points are connected to each other with a line segment.
  - 8. The unauthorized access information collection system as claimed in claim 4wherein when the fourth detection point identifier is written, the arithmetic control unit displays a source address in coordinates of the honeynet plane and displays a destination address in coordinates of the device plane and makes a drawing such that two points are connected to each other with a line segment.
  - 9. The unauthorized access information collection system as claimed in any one of claims 5 to 8, wherein the arithmetic control unit performs a color coding display on the line segment.
  - 10. The unauthorized access information collection system as claimed in any one of claims 5 to 8, wherein the arithmetic control unit moves a marker toward a packet propagation direction such that the marker traces the line segment.
  - 11. The unauthorized access information collection system as claimed in any one of claims 5 to 8, wherein the arithmetic control unit displays the marker in any shape.
  - 12. The unauthorized access information collection system as claimed in any one of claims 5 to 8, wherein the arithmetic control unit sets luminance of the marker such thatluminance of the marker is different from ambient luminance.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Yokogawa Electric Corporation
Original Assignee
Yokogawa Electric Corporation
Inventors
Suzuki, Koei, Baba, Shunsuke

Granted Patent

US 8,331,251 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/252
CPC Class Codes

H04L 61/2514   between local and global IP...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04L 63/1491   using deception as counterm...

UNAUTHORIZED ACCESS INFORMATION COLLECTION SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

41 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

UNAUTHORIZED ACCESS INFORMATION COLLECTION SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links