Systems and methods for distributed network protection

US 7,197,563 B2
Filed: 07/21/2006
Issued: 03/27/2007
Est. Priority Date: 05/31/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A distributed system for monitoring a communications network and for detecting, tracing and responding to an unauthorized communications access attempt into the monitored communications network, the system comprising:

one or more distributed hierarchical monitoring systems; and

one or more alarm signals that represent an unauthorized communications access attempt into one or more localized portions of the monitored communications network;

wherein the one or more distributed hierarchical monitoring systems analyze the unauthorized communications access attempt in response to the unauthorized communications access attempt, and determine a responsive action to the unauthorized communications access attempt, including sending a mechanism for verifying the presence of an attack and for immediately determining a source of the unauthorized communications access attempt;

wherein the verifying mechanism sends a determining mechanism that determines if the source of the unauthorized access attempt is hostile;

wherein the determining mechanism includes an identified packet concealed in the response, and the one or more distributed hierarchical monitoring systems detect passage of the identified packet;

wherein the packet is identified by a flag, and the one or more distributed hierarchical monitoring systems comprise conduit hosts and participating nodes forming a cooperative reporting system to detect passage of the flag and record information related to the flag and associated data, thereby revealing the source of the unauthorized communications access attempt regardless of a number of intermediate steps used to avoid detection by the source of the unauthorized communication access attempt;

wherein the identified packet triggers the reporting and showing of a path to the source of the unauthorized communication access attempt;

wherein an immediate response is launched, anytime after commencement of the unauthorized communication access attempt;

wherein the response comprises a concealed program embedded with additional levels of verification to ensure the hostile intent and identity of the source of the unauthorized communication access attempt;

wherein the additional levels of verification of hostile intent and identity of the source of the unauthorized communication access attempt are based on an historical profile, other previous attempts by the source of the unauthorized communication access attempt or communication with other monitoring centers to determine whether other targets have been attacked with same or similar unauthorized access requests;

wherein upon verification of hostile intent and identity of the source of the unauthorized communication access attempt, the identification of the source of the unauthorized communication access attempt is secretly forwarded to a target station or monitoring center; and

wherein one or more distributed hierarchical monitoring systems include first through third level monitoring systems, with the first level monitoring system configured to monitor a predetermined geographical area, an organizational structure or defined cyber boundaries, and refer the unauthorized access attempt to an appropriate second level monitoring system, with the second level monitoring system configured to receive the referral from the first level monitoring system and make a decision on a possible response based a nature of the unauthorized access attempt, and receive and analyze cumulative information on unauthorized access attempts from underlying first level monitoring systems, and with the third level monitoring system configured to collect and analyze information from the second level monitoring system, and monitor an overall security condition of the monitored communications network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

By distributing various information and monitoring centers that monitor distributed networks and unauthorized access attempts, it is possible to, for example, more quickly defend against an unauthorized access attempts. For example, a Level 1 monitoring center could monitor a predetermined geographical area serving, for example, a wide variety of commercial and public sites, an organizational structure, or the like, for alarms. Upon analyzing an alarm for various characteristics, the Level 1 monitoring center can refer the unauthorized access attempt to an appropriate Level 2 center for, for example, possible retaliatory and/or legal action. Then, a Level 3 monitoring center can record and maintain an overall picture of the security of one or more networks, the plurality of monitoring centers and information about one or more hacking attempts.

76 Citations

View as Search Results

23 Claims

1. A distributed system for monitoring a communications network and for detecting, tracing and responding to an unauthorized communications access attempt into the monitored communications network, the system comprising:
- one or more distributed hierarchical monitoring systems; and
  
  one or more alarm signals that represent an unauthorized communications access attempt into one or more localized portions of the monitored communications network;
  
  wherein the one or more distributed hierarchical monitoring systems analyze the unauthorized communications access attempt in response to the unauthorized communications access attempt, and determine a responsive action to the unauthorized communications access attempt, including sending a mechanism for verifying the presence of an attack and for immediately determining a source of the unauthorized communications access attempt;
  
  wherein the verifying mechanism sends a determining mechanism that determines if the source of the unauthorized access attempt is hostile;
  
  wherein the determining mechanism includes an identified packet concealed in the response, and the one or more distributed hierarchical monitoring systems detect passage of the identified packet;
  
  wherein the packet is identified by a flag, and the one or more distributed hierarchical monitoring systems comprise conduit hosts and participating nodes forming a cooperative reporting system to detect passage of the flag and record information related to the flag and associated data, thereby revealing the source of the unauthorized communications access attempt regardless of a number of intermediate steps used to avoid detection by the source of the unauthorized communication access attempt;
  
  wherein the identified packet triggers the reporting and showing of a path to the source of the unauthorized communication access attempt;
  
  wherein an immediate response is launched, anytime after commencement of the unauthorized communication access attempt;
  
  wherein the response comprises a concealed program embedded with additional levels of verification to ensure the hostile intent and identity of the source of the unauthorized communication access attempt;
  
  wherein the additional levels of verification of hostile intent and identity of the source of the unauthorized communication access attempt are based on an historical profile, other previous attempts by the source of the unauthorized communication access attempt or communication with other monitoring centers to determine whether other targets have been attacked with same or similar unauthorized access requests;
  
  wherein upon verification of hostile intent and identity of the source of the unauthorized communication access attempt, the identification of the source of the unauthorized communication access attempt is secretly forwarded to a target station or monitoring center; and
  
  wherein one or more distributed hierarchical monitoring systems include first through third level monitoring systems, with the first level monitoring system configured to monitor a predetermined geographical area, an organizational structure or defined cyber boundaries, and refer the unauthorized access attempt to an appropriate second level monitoring system, with the second level monitoring system configured to receive the referral from the first level monitoring system and make a decision on a possible response based a nature of the unauthorized access attempt, and receive and analyze cumulative information on unauthorized access attempts from underlying first level monitoring systems, and with the third level monitoring system configured to collect and analyze information from the second level monitoring system, and monitor an overall security condition of the monitored communications network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, further comprising a monitoring device that monitors information on one or more monitored communications networks.
  - 3. The system of claim 2, wherein the monitored information relates to one or more geographic or organizational portions of the monitored communications networks.
  - 4. The system of claim 2, wherein the system is implemented using one or more hardware and software components.
  - 5. The system of claim 1, further comprising an intrusion analysis system that receives the one or more alarm signals and at least one of determines the origin of the unauthorized communications access attempt, logs communications and evaluates the threat of the unauthorized communications access attempt.
  - 6. The system of claim 1, further comprising an intrusion interaction system that is capable of communicating with the origin of the unauthorized communications access attempt.
  - 7. The system of claim 1, further comprising an escalation determination system that, based on an evaluation of the unauthorized communications access attempt and a comparison to one or more other unauthorized communications access attempts, forwards information regarding the unauthorized communications access attempt to one or more of the one or more distributed hierarchical monitoring systems.
  - 8. The system of claim 1, wherein the one or more alarm signals is generated by one or more recipients of the unauthorized communications access attempt.
  - 9. The system of claim 1, further comprising a response system that communicates information regarding the unauthorized communications access attempt to one or more of a monitored site and a law enforcement agency.
  - 10. The system of claim 1, wherein the one or more distributed hierarchical monitoring systems forward information regarding the unauthorized communications access attempt to one or more of the one or more distributed hierarchical monitoring systems.
  - 11. The system of claim 1, wherein the concealed program is concealed in an HTML page sent as part of the response.

12. A method for monitoring a communications network and for detecting, tracing and responding to an unauthorized communications access attempt into the monitored communications network, the method comprising:
- providing one or more distributed hierarchical monitoring systems; and
  
  representing with one or more alarm signals an unauthorized communications access attempt into one or more localized portions of the monitored communications network;
  
  wherein the one or more distributed hierarchical monitoring systems analyze the unauthorized communications access attempt in response to the unauthorized communications access attempt, and determine a responsive action to the unauthorized communications access attempt, including sending a mechanism for verifying the presence of an attack and for immediately determining a source of the unauthorized communications access attempt;
  
  wherein the verifying mechanism sends a determining mechanism that determines if the source of the unauthorized access attempt is hostile;
  
  wherein the determining mechanism includes an identified packet concealed in the response, and the one or more distributed hierarchical monitoring systems detect passage of the identified packet;
  
  wherein the packet is identified by a flag, and the one or more distributed hierarchical monitoring systems comprise conduit hosts and participating nodes forming a cooperative reporting system to detect passage of the flag and record information related to the flag and associated data, thereby revealing the source of the unauthorized communications access attempt regardless of a number of intermediate steps used to avoid detection by the source of the unauthorized communication access attempt;
  
  wherein the identified packet triggers the reporting and showing of a path to the source of the unauthorized communication access attempt;
  
  wherein an immediate response is launched, anytime after commencement of the unauthorized communication access attempt;
  
  wherein the response comprises a concealed program embedded with additional levels of verification to ensure the hostile intent and identity of the source of the unauthorized communication access attempt;
  
  wherein the additional levels of verification of hostile intent and identity of the source of the unauthorized communication access attempt are based on an historical profile, other previous attempts by the source of the unauthorized communication access attempt or communication with other monitoring centers to determine whether other targets have been attacked with same or similar unauthorized access requests;
  
  wherein upon verification of hostile intent and identity of the source of the unauthorized communication access attempt, the identification of the source of the unauthorized communication access attempt is secretly forwarded to a target station or monitoring center; and
  
  wherein one or more distributed hierarchical monitoring systems include first through third level monitoring systems, with the first level monitoring system configured to monitor a predetermined geographical area, an organizational structure or defined cyber boundaries, and refer the unauthorized access attempt to an appropriate second level monitoring system, with the second level monitoring system configured to receive the referral from the first level monitoring system and make a decision on a possible response based a nature of the unauthorized access attempt, and receive and analyze cumulative information on unauthorized access attempts from underlying first level monitoring systems, and with the third level monitoring system configured to collect and analyze information from the second level monitoring system, and monitor an overall security condition of the monitored communications network.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 13. The method of claim 12, further comprising providing a monitoring device that monitors information on one or more monitored communications networks.
  - 14. The method of claim 13, wherein the monitored information relates to one or more geographic or organizational portions of the monitored communications networks.
  - 15. The method of claim 12, further comprising providing an intrusion analysis system that receives the one or more alarm signals and at least one of determines the origin of the unauthorized communications access attempt, logs communications and evaluates the threat of the unauthorized communications access attempt.
  - 16. The method of claim 12, further comprising providing an intrusion interaction system that is capable of communicating with the origin of the unauthorized communications access attempt.
  - 17. The method of claim 12, further comprising providing an escalation determination system that, based on an evaluation of the unauthorized communications access attempt and a comparison to one or more other unauthorized communications access attempts, forwards information regarding the unauthorized communications access attempt to one or more of the one or more distributed hierarchical monitoring systems.
  - 18. The method of claim 12, wherein the one or more alarm signals is generated by one or more recipients of the unauthorized communications access attempt.
  - 19. The method of claim 12, further comprising providing a response system that communicates information regarding the unauthorized communications access attempt to one or more of a monitored site and a law enforcement agency.
  - 20. The method of claim 12, wherein the one or more distributed hierarchical monitoring systems forward information regarding the unauthorized communications access attempt to one or more of the one or more distributed hierarchical monitoring systems.
  - 21. The method of claim 12, wherein the concealed program is concealed in an HTML page sent as part of the response.
  - 22. The method of claim 12, further comprising implementing said method via one or more hardware and software components.
  - 23. The method of claim 12, further comprising implementing said method via a computer program product including one or more computer-readable instructions embedded therein and configured to cause one or more computer processors to perform the steps of the method.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Invicta Networks, Inc.
Original Assignee
Invicta Networks, Inc.
Inventors
Sheymov, Victor I., Turner, Roger B.
Primary Examiner(s)
Jaroenchonwanit; Bunjob
Assistant Examiner(s)
WILEY, DAVID ARMAND

Application Number

US11/490,046
Publication Number

US 20060259970A1
Time in Patent Office

249 Days
Field of Search

365/514, 340/438, 342/457, 307/10.5, 380255-273, 380 31- 43, 713150-194, 709201-253
US Class Current

709/224
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/554   involving event detection a...

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/30   for supporting lawful inter...

Systems and methods for distributed network protection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

76 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for distributed network protection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

76 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others