Systems and methods for distributed network protection

US 7,089,303 B2
Filed: 05/31/2001
Issued: 08/08/2006
Est. Priority Date: 05/31/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A distributed system for monitoring a communications network and for detecting, tracing and retaliating to an unauthorized communications access attempt into the monitored communications network, the system comprising:

one or more distributed hierarchical monitoring systems; and

one or more alarm signals that represent an unauthorized communications access attempt into one or more localized portions of the monitored communications network;

wherein the one or more distributed hierarchical monitoring systems analyze the unauthorized communications access attempt in response to the unauthorized communications access attempt, and determine a responsive action to the unauthorized communications access attempt, including sending a mechanism for verifying the presence of an attack and for immediately determining a source of the unauthorized communications access attempt;

wherein the verifying mechanism sends a determining mechanism that determines if the source of the unauthorized access attempt is hostile;

wherein the determining mechanism includes an identified packet concealed in the response, and the one or more distributed hierarchical monitoring systems detect passage of the identified packet;

wherein the packet is identified by a flag, and the one or more distributed hierarchical monitoring systems comprise conduit hosts and participating nodes forming a cooperative reporting system to detect passage of the flag and record information related to the flag and associated data, thereby revealing the source of the unauthorized communications access attempt regardless of a number of intermediate steps used to avoid detection by the source of the unauthorized communication access attempt;

wherein the identified packet triggers the reporting and showing of a path to the source of the unauthorized communication access attempt;

wherein subject to applicable laws an immediate counter-attack is launched, anytime after commencement of the unauthorized communication access attemptwherein the counter-attack comprises a concealed program embedded with additional levels of verification to ensure the hostile intent and identity of the source of the unauthorized communication access attempt in addition to destructive means for destroying the files and/or operating system of a computer of the source of the unauthorized communication access attempt;

wherein the additional levels of verification of hostile intent and identity of the source of the unauthorized communication access attempt are based on an historical profile, other previous attempts by the source of the unauthorized communication access attempt or communication with other monitoring centers to determine whether other targets have been attacked with same or similar unauthorized access requests; and

wherein upon verification of hostile intent and identity of the source of the unauthorized communication access attempt, the identification of the source of the unauthorized communication access attempt is secretly forwarded to a target station or monitoring center and via the counter-attack files and/or operating system of the computer of the source of the unauthorized communication access attempt are destroyed.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

By distributing various information and monitoring centers that monitor distributed networks and unauthorized access attempts, it is possible to, for example, more quickly defend against an unauthorized access attempts. For example, a Level 1 monitoring center could monitor a predetermined geographical area serving, for example, a wide variety of commercial and public sites, an organizational structure, or the like, for alarms. Upon analyzing an alarm for various characteristics, the Level 1 monitoring center can refer the unauthorized access attempt to an appropriate Level 2 center for, for example, possible retaliatory and/or legal action. Then, a Level 3 monitoring center can record and maintain an overall picture of the security of one or more networks, the plurality of monitoring centers and information about one or more hacking attempts.

54 Citations

View as Search Results

21 Claims

1. A distributed system for monitoring a communications network and for detecting, tracing and retaliating to an unauthorized communications access attempt into the monitored communications network, the system comprising:
- one or more distributed hierarchical monitoring systems; and
  
  one or more alarm signals that represent an unauthorized communications access attempt into one or more localized portions of the monitored communications network;
  
  wherein the one or more distributed hierarchical monitoring systems analyze the unauthorized communications access attempt in response to the unauthorized communications access attempt, and determine a responsive action to the unauthorized communications access attempt, including sending a mechanism for verifying the presence of an attack and for immediately determining a source of the unauthorized communications access attempt;
  
  wherein the verifying mechanism sends a determining mechanism that determines if the source of the unauthorized access attempt is hostile;
  
  wherein the determining mechanism includes an identified packet concealed in the response, and the one or more distributed hierarchical monitoring systems detect passage of the identified packet;
  
  wherein the packet is identified by a flag, and the one or more distributed hierarchical monitoring systems comprise conduit hosts and participating nodes forming a cooperative reporting system to detect passage of the flag and record information related to the flag and associated data, thereby revealing the source of the unauthorized communications access attempt regardless of a number of intermediate steps used to avoid detection by the source of the unauthorized communication access attempt;
  
  wherein the identified packet triggers the reporting and showing of a path to the source of the unauthorized communication access attempt;
  
  wherein subject to applicable laws an immediate counter-attack is launched, anytime after commencement of the unauthorized communication access attemptwherein the counter-attack comprises a concealed program embedded with additional levels of verification to ensure the hostile intent and identity of the source of the unauthorized communication access attempt in addition to destructive means for destroying the files and/or operating system of a computer of the source of the unauthorized communication access attempt;
  
  wherein the additional levels of verification of hostile intent and identity of the source of the unauthorized communication access attempt are based on an historical profile, other previous attempts by the source of the unauthorized communication access attempt or communication with other monitoring centers to determine whether other targets have been attacked with same or similar unauthorized access requests; and
  
  wherein upon verification of hostile intent and identity of the source of the unauthorized communication access attempt, the identification of the source of the unauthorized communication access attempt is secretly forwarded to a target station or monitoring center and via the counter-attack files and/or operating system of the computer of the source of the unauthorized communication access attempt are destroyed.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, further comprising a monitoring device that monitors information on one or more monitored communications networks.
  - 3. The system of claim 2, wherein the monitored information relates to one or more geographic or organizational portions of the monitored communications networks.
  - 4. The system of claim 1, further comprising an intrusion analysis system that receives the one or more alarm signals and at least one of determines the origin of the unauthorized communications access attempt, logs communications and evaluates the threat of the unauthorized communications access attempt.
  - 5. The system of claim 1, further comprising an intrusion interaction system that is capable of communicating with the origin of the unauthorized communications access attempt.
  - 6. The system of claim 1, further comprising an escalation determination system that, based on an evaluation of the unauthorized communications access attempt and a comparison to one or more other unauthorized communications access attempts, forwards information regarding the unauthorized communications access attempt to one or more of the one or more distributed hierarchical monitoring systems.
  - 7. The system of claim 1, wherein the one or more alarm signals is generated by one or more recipients of the unauthorized communications access attempt.
  - 8. The system of claim 1, further comprising a response system that communicates information regarding the unauthorized communications access attempt to one or more of a monitored site and a law enforcement agency.
  - 9. The system of claim 1, wherein the one or more distributed hierarchical monitoring systems forward information regarding the unauthorized communications access attempt to one or more of the one or more distributed hierarchical monitoring systems.
  - 10. The system of claim 1, wherein the concealed program is concealed in an HTML page sent as part of the response.

11. A method for monitoring a communications network and for detecting, tracing and retaliating to an unauthorized communications access attempt into the monitored communications network, the method comprising:
- monitoring one or more portions of the monitored communications network through one or more distributed hierarchical monitoring systems; and
  
  receiving one or more alarm signals that represent an unauthorized communications access attempt into one or more localized portions of the monitored communications network,wherein the one or more distributed hierarchical monitoring systems analyze the unauthorized communications access attempt in response to the unauthorized communications access attempt, and determine a responsive action to the unauthorized communications access attempt, including sending a mechanism for verifying the presence of an attack and for immediately determining a source of the unauthorized communications access attempt;
  
  wherein the verifying mechanism sends a determining mechanism that determines if the source of the unauthorized access attempt is hostile;
  
  wherein the determining mechanism includes an identified packet concealed in the response, and the one or more distributed hierarchical monitoring systems detect passage of the identified packet;
  
  wherein the packet is identified by a flag and the one or more distributed hierarchical monitoring systems comprise conduit hosts and participating nodes forming a cooperative reporting system to detect passage of the flag and record information related to the flag and associated data, thereby revealing the source of the unauthorized communications access attempt regardless of a number of intermediate steps used to avoid detection by the source of the unauthorized communication access attempt;
  
  wherein the identified packet triggers the reporting and showing of a path to the source of the unauthorized communication access attempt;
  
  wherein subject to applicable laws an immediate counter-attack is launched, anytime after commencement of the unauthorized communication access attempt;
  
  wherein the counter-attack comprises a concealed program embedded with additional levels of verification to ensure the hostile intent and identity of the source of the unauthorized communication access attempt in addition to destructive means for destroying the files and/or operating system of a computer of the source of the unauthorized communication access attempt;
  
  wherein the additional levels of verification of hostile intent and identity of the source of the unauthorized communication access attempt are based on an historical profile, other previous attempts by the source of the unauthorized communication access attempt or communication with other monitoring centers to determine whether other targets have been attacked with same or similar unauthorized access requests; and
  
  wherein upon verification of hostile intent and identity of the source of the unauthorized communication access attempt, the identification of the source of the unauthorized communication access attempt is secretly forwarded to a target station or monitoring center and via the counter-attack files and/or operating system of the computer of the source of the unauthorized communication access attempt are destroyed.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 12. The method of claim 11, further comprising monitoring information relating to one or more geographic or organizational portions of the monitored communications networks.
  - 13. The method of claim 11, further comprising receiving the one or more alarm signals and at least one of determining the origin of the unauthorized communications access attempt, logging communications and evaluating the threat of the unauthorized communications access attempt.
  - 14. The method of claim 13, wherein the logging can be restricted based on an analysis of the unauthorized communications access attempt.
  - 15. The method of claim 11, further comprising communicating with the origin of the unauthorized communications access attempt.
  - 16. The method of claim 11, further comprising forwarding, based on an evaluation of the unauthorized communications access attempt and a comparison to one or more other unauthorized communications access attempts, information regarding the unauthorized communications access attempt to one or more of the one or more distributed hierarchical monitoring systems.
  - 17. The method of claim 11, wherein the one or more alarm signals is generated by one or more recipients of the unauthorized communications access attempt.
  - 18. The method of claim 11, further comprising communicating information regarding the unauthorized communications access attempt to one or more of a monitored site and a law enforcement agency.
  - 19. The method of claim 11, wherein the one or more distributed hierarchical monitoring systems forward information regarding the unauthorized communications access attempt to one or more of the one or more distributed hierarchical monitoring systems.
  - 20. The method of claim 11, wherein the concealed program is concealed in an HTML page sent as part of the response.
  - 21. The method of claim 11, further comprising implementing said method via a computer program product including one or more computer-readable instructions configured to cause one or more computer processors to perform the steps of the method.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Invicta Networks, Inc.
Original Assignee
Invicta Networks, Inc.
Inventors
Sheymov, Victor I, Turner, Roger B
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
Lezak, Arrienne M.

Application Number

US09/867,442
Publication Number

US 20010052014A1
Time in Patent Office

1,895 Days
Field of Search

365/514, 340/438, 342/457, 307/10.5, 713150-194, 380255-273, 380 31- 43, 709201-253
US Class Current

709/224
CPC Class Codes

H04L 63/1408 by monitoring network traff...

Systems and methods for distributed network protection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

54 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for distributed network protection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links