DEVICE, SYSTEM AND METHOD FOR DEFENDING A COMPUTER NETWORK

US 20180041473A1
Filed: 10/23/2017
Published: 02/08/2018
Est. Priority Date: 11/17/2003
Status: Active Grant

First Claim

Patent Images

1-18. -18. (canceled)

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device, system, and method for defending a computer network are described. network communications are received by a traffic filter, which dynamically determines whether the communications include an anomaly (i.e., are “anomalous” communications), or whether the communications are normal, and do not include an anomaly. The traffic filter routes normal communications to the correct device within its network for servicing he service requested by the communications. The traffic filter routes any anomalous communications to a virtual space engine, which is configured to fake a requested service (e.g., to entice deployment of a malicious payload). Anomalous communications are analyzed using an analytical engine, which can dynamically develop rules for handling anomalous communications in-line, and the rules developed by the analytical engine can be employed by the traffic filter against future received communications.

9 Citations

38 Claims

1-18. -18. (canceled)

19. A router, comprising:
- a processor-readable medium including code representing instructions to cause a processor to perform operations includingrouting received information communicated from a first network to a component associated with a service within a second network, responsive to a determination that the received information is to be handled by a service that exists within the second network; and
  
  routing the received information to a predetermined component, responsive to a determination that the received information is to be handled by a service that does not exist within the second network.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The router of claim 19, wherein the operations further include:
    - determining, based on information above a data link layer of the received information, if the received information is to be handled by the service that exists within the second network.
  - 21. The router of claim 19, wherein the operations further include:
    - routing the received information to a similar service to the service that does not exist within the second network, responsive to the determination that the received information is to be handled by the service that does not exist within the second network, andresponding to the first network based on information from the similar service.
  - 22. The router of claim 19, wherein the operations further include:
    - removing network traits from internet protocol (IP) datagrams of information during transmission of information from a component within the second network.
  - 23. The router of claim 19, wherein the operations further include:
    - modifying a payload of a packet to remove traits of the second network and to provide apparent traits.
  - 24. The router of claim 19, wherein the operations further include:
    - performing network address translation at least partially based on a determination that a match of content of a payload of the received information is a known good packet.
  - 25. The router of claim 19, wherein the received information is received with a wireless connection.

26. A processor-readable medium including code representing instructions to cause a processor to perform operations comprising:
- routing received information communicated from a first network to a component associated with a service within a second network, responsive to a determination that the received information is to be handled by a service that exists within the second network; and
  
  routing the received information to a predetermined component, responsive to a determination that the received information is to be handled by a service that does not exist within the second network.
- View Dependent Claims (27, 28, 29, 30, 31, 32)
- - 27. The medium of claim 26, wherein the operations further comprise:
    - determining, based on information above a data link layer of the received information, if the received information is to be handled by the service that exists within the second network.
  - 28. The medium of claim 26, wherein the operations further comprise:
    - routing the received information to a similar service to the service that does not exist within the second network, responsive to the determination that the received information is to be handled by the service that does not exist within the second network; and
      
      responding to the first network based on information from the similar service.
  - 29. The medium of claim 26, wherein the operations further comprise:
    - removing network traits from internet protocol (IP) datagrams of information during transmission of information from a component within the second network.
  - 30. The medium of claim 26, wherein the operations further comprise:
    - modifying a payload of a packet to remove traits of the second network and to provide apparent traits.
  - 31. The medium of claim 26, wherein the operations further comprise:
    - performing network address translation at least partially based on a determination that a match of content of a payload of the received information is a known good packet.
  - 32. The medium of claim 26, wherein the received information is received with a wireless connection.

33. A method, comprising:
- routing received information communicated from a first network to a component associated with a service within a second network, responsive to a determination that the received information is to be handled by a service that exists within the second network; and
  
  routing the received information to a predetermined component, responsive to a determination that the received information is to be handled by a service that does not exist within the second network.
- View Dependent Claims (34, 35, 36, 37, 38)
- - 34. The method of claim 33, further comprising:
    - determining, based on information above a data link layer of the received information, if the received information is to be handled by the service that exists within the second network.
  - 35. The method of claim 33, further comprising:
    - routing the received information to a similar service to the service that does not exist within the second network, responsive to the determination that the received information is to be handled by the service that does not exist within the second network, andresponding to the first network based on information from the similar service.
  - 36. The method of claim 33, further comprising:
    - removing network traits from internet protocol (IP) datagrams of information during transmission of information from a component within the second network.
  - 37. The method of claim 33, further comprising:
    - performing network address translation at least partially based on a determination that a match of content of a payload of the received information is a known good packet.
  - 38. The method of claim 33, wherein the received information is received with a wireless connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, LLC
Inventors
Jordan, Christopher J.

Granted Patent

US 10,785,191 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/0245   Filtering by information in...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1491   using deception as counterm...

DEVICE, SYSTEM AND METHOD FOR DEFENDING A COMPUTER NETWORK

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

9 Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

DEVICE, SYSTEM AND METHOD FOR DEFENDING A COMPUTER NETWORK

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links