System, method and apparatus for detecting, identifying and responding to fraudulent requests on a network
First Claim
1. A system for identifying and diverting problematic information packets transmitted from a first network device to a second network device, comprising:
- a switching system that provides a network address of the second network device to the first network device, said switching system receiving information packets from the first network device and directing the information packets to the second network device;
a route arbitration system that monitors the information packets received by said switching system, said route arbitration system determining whether the information packets comprise abnormal network activity in accordance with a first predetermined criteria and, if said route arbitration system determines that the information packets comprise abnormal network activity, identifying the information packets as being abnormal information packets;
a traffic analysis system that monitors the abnormal information packets identified by said route arbitration system, said traffic analysis system determining whether the abnormal information packets are problematic in accordance with a second predetermined criteria and, if said traffic analysis system determines that the abnormal information packets are problematic, identifying the abnormal information packets as being the problematic information packets and inhibiting said switching system from broadcasting the network address of the second network device to the first network device,wherein said switching system, when inhibited, renders the second network device unreachable and prevents the first network device from transmitting the problematic information packets to said switching system; and
a firewall system that identifies suspect information packets received from the first network device, said switching system directing the information packets to the second network device via said firewall system, wherein said traffic analysis system determines whether the suspect information packets are problematic and, if said traffic analysis system determines that the suspect information packets are problematic, inhibits said switching system from broadcasting the network address of the second network device to the first network device.
3 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the invention are directed to a detection system, method and apparatus that identifies and eradicates fraudulent requests on a network. Embodiments of the detection system comprise at least one router, a server, and an activity monitoring system. The activity monitoring system comprises a route arbiter and a traffic analyzer, wherein the route arbiter monitors the activity on the router. The route arbiter continuously monitors the router and firewall device to determine if abnormal activity or traffic patterns are emerging. If a determination is made that abnormal activity or abnormal traffic patterns exist, the activity monitoring system responds by blocking the activity or redirecting the traffic.
174 Citations
35 Claims
-
1. A system for identifying and diverting problematic information packets transmitted from a first network device to a second network device, comprising:
-
a switching system that provides a network address of the second network device to the first network device, said switching system receiving information packets from the first network device and directing the information packets to the second network device; a route arbitration system that monitors the information packets received by said switching system, said route arbitration system determining whether the information packets comprise abnormal network activity in accordance with a first predetermined criteria and, if said route arbitration system determines that the information packets comprise abnormal network activity, identifying the information packets as being abnormal information packets; a traffic analysis system that monitors the abnormal information packets identified by said route arbitration system, said traffic analysis system determining whether the abnormal information packets are problematic in accordance with a second predetermined criteria and, if said traffic analysis system determines that the abnormal information packets are problematic, identifying the abnormal information packets as being the problematic information packets and inhibiting said switching system from broadcasting the network address of the second network device to the first network device, wherein said switching system, when inhibited, renders the second network device unreachable and prevents the first network device from transmitting the problematic information packets to said switching system; and
a firewall system that identifies suspect information packets received from the first network device, said switching system directing the information packets to the second network device via said firewall system, wherein said traffic analysis system determines whether the suspect information packets are problematic and, if said traffic analysis system determines that the suspect information packets are problematic, inhibits said switching system from broadcasting the network address of the second network device to the first network device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for identifying and diverting problematic information packets transmitted from a first network device to a second network device, comprising:
-
a switching system that provides a network address to the first network device, said switching system receiving information packets from the first network device and directing the information packets to the second network device; an activity monitoring system that monitors the information packets received by said switching system, said activity monitoring system determining whether the information packets are problematic in accordance with at least one predetermined criteria and, if said activity monitoring system determines that the information packets are problematic, identifying the information packets as being the problematic information packets and inhibiting said switching system from broadcasting the network address of the second network device to the first network device, wherein said switching system, when inhibited, renders the second network device unreachable and prevents the first network device from transmitting the problematic information packets to said switching system; and
said activity monitoring system includes;
a route arbitration system that monitors the information packets received by said switching system, said route arbitration system determining whether the information packets comprise abnormal network activity in accordance with a first information packets comprise abnormal network activity, identifying the information packets are being abnormal information packets; and
a traffic analysis system that monitors the abnormal information packets identified by said route arbitration system, said analysis system determining whether the abnormal information packets comprises the problematic information packets in accordance with a second predetermined criteria and, if said traffic analysis system determines that the abnormal information packets comprise the problematic information packets, inhibiting said switching system from providing the network information packets, inhibiting said switching system from broadcasting the network address of the second network device to the first network device. - View Dependent Claims (16, 17)
-
-
18. A system for identifying and diverting problematic information packets received from an external network device, comprising:
-
a protected network device having a network address; a switching system that provides said network address to the external network device, said switching system receiving information packets from the external network device and directing the information packets to said protected network device; a route arbitration system that monitors the information packets received by said switching system, said route arbitration system determining whether the information packets comprise abnormal network activity in accordance with a first predetermined criteria and, if said route arbitration system determines that the information packets comprise abnormal network activity, identifying the information packets as being abnormal information packets; a traffic analysis system that monitors the abnormal information packets identified by said route arbitration system, said traffic analysis system determining whether the abnormal information packets are problematic in accordance with a second predetermined criteria and, if said traffic analysis system determines that the abnormal information packets are problematic, identifying the abnormal information packets as being the problematic information packets and inhibiting said switching system from broadcasting the network address of said protected network device to the external network device, wherein said switching system, when inhibited, renders said protected network device unreachable and prevents the external network device from transmitting the problematic information packets to said switching system; and
a firewall system that identifies suspect information packets received from the external network device, said switching system directing the information packets to the protected network device via said firewall system, said traffic analysis system determining whether the suspect information packets are problematic and, if said traffic analysis system determines that the suspect information packets are problematic, inhibiting said switching system from broadcasting the network address of the protected network device to the external network device. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A method for identifying and diverting problematic information packets transmitted from a first network device to a second network device, comprising:
-
providing a network address of the second network device to the first network device via a switching system receiving information packets from the first network device and directing the information packets to said second network device; monitoring the information packets received from the first network device; determining whether the information packets comprise abnormal network activity in accordance with a first predetermined criteria; if the information packets are determined to comprise abnormal network activity, identifying the information packets as being abnormal information packets; monitoring the abnormal information packets; determining whether the abnormal information packets are problematic in accordance with a second predetermined criteria; and if the abnormal information packets are determined to be problematic, identifying the abnormal information packets as being the problematic information packets; inhibiting said switching system from broadcasting the network address of said second network device to the first network device, wherein said switching system, when inhibited, renders the second network device unreachable and prevents the first network device from transmitting the problematic information packets to said switching system; and
a firewall system that identifies suspect information packets received from the external network device, said switching system directing the information packets to the protected network device via said firewall system, said monitoring system determining whether the suspect information packets are problematic and, if said monitoring system determines that the suspect information packets are problematic, inhibiting said switching system from broadcasting the network address of the protected network device to the external network device. - View Dependent Claims (29, 30, 31, 32, 33)
-
-
34. A method for identifying and diverting problematic information packets transmitted from a first network device to a second network device, comprising:
-
providing a network address of the second network device to the first network device via a switching system receiving information packets from the first network device and directing the information packets to said second network device; monitoring the information packets received from the first network device; determining whether the information packets are problematic in accordance with at least one predetermined criteria; if the information packets are determined to be problematic, identifying the information packets as being the problematic information packets; and inhibiting said switching system from broadcasting the network address of said second device to the first network device, wherein said switching system, when inhibited, renders the second network device unreachable and prevents the first network device from transmitting the problematic information packets to said switching system; and
a firewall system that identifies suspect information packets received from the external network device, said switching System directing the information packets to the protected network device via said firewall system, said monitoring system determining whether the suspect information packets are problematic and if said monitoring system determines that the suspect information packets are problematic, inhibiting said switching system from broadcasting the network address of the protected network device to the external network device. - View Dependent Claims (35)
-
Specification