METHOD AND SYSTEM FOR PROTECTION AGAINST INFORMATION STEALING SOFTWARE
First Claim
1. A computer-implemented method for reducing exposure to a dictionary attack while verifying whether data transmitted over a computer network is a password, the method comprising:
- performing a search of network traffic based, at least in part, on a weak validation using a Bloom filter, wherein the Bloom filter is based on an organizational password file;
determining the existence of a password in the network traffic based only on the weak validation; and
determining whether to block, alert, or quarantine the network traffic based at least in part on the existence of the password in the network traffic.
14 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems reduce exposure to a dictionary attack while verifying whether data transmitted over a computer network is a password. In one aspect, a method includes performing a search of network traffic based, at least in part, on a weak validation using a Bloom filter based on an organizational password file, determining the existence of a password in the network traffic based only on the weak validation, and determining whether to block, alert, or quarantine the network traffic based at least in part on the existence of the password in the network traffic.
22 Citations
18 Claims
-
1. A computer-implemented method for reducing exposure to a dictionary attack while verifying whether data transmitted over a computer network is a password, the method comprising:
-
performing a search of network traffic based, at least in part, on a weak validation using a Bloom filter, wherein the Bloom filter is based on an organizational password file; determining the existence of a password in the network traffic based only on the weak validation; and determining whether to block, alert, or quarantine the network traffic based at least in part on the existence of the password in the network traffic. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for reducing exposure to a dictionary attack while verifying whether data transmitted over a computer network is a password, the system comprising:
-
a processor configured to execute computer instructions, wherein the computer instructions include a traffic analyzer in communication with the computer network, the traffic analyzer being configured to perform a search of network traffic based at least in part on a weak validation using a Bloom filter, wherein the Bloom filter is based on an organizational password file, and determining the existence of a password in the network traffic based only on the weak validation; and a decision system configured to decide whether to do at least one of “
block”
, “
alert”
or “
quarantine”
the traffic based at least in part on the existence of a password in the traffic. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A system for reducing exposure to a dictionary attack while verifying whether data transmitted over a computer network is a password, the system comprising:
-
a processor configured to execute computer instructions, wherein the computer instructions include data traffic analyzer means in communication with the computer network, the traffic analyzer means configured to perform a search of the network traffic based, at least in part, on a weak validation using a Bloom filter encoding an organization password file, and configured to determine the existence of a password in the network traffic based only on the weak validation; and decision means for deciding whether to do at least one of “
block”
, “
alert”
or “
quarantine”
the network traffic based at least in part on the existence of the password in the network traffic. - View Dependent Claims (15, 16, 17, 18)
-
Specification