Unauthorized access information collection system

US 8,331,251 B2
Filed: 12/27/2007
Issued: 12/11/2012
Est. Priority Date: 01/12/2007
Status: Active Grant

First Claim

Patent Images

1. An unauthorized access information collection system for monitoring unauthorized access to a honeynet so as to collect unauthorized access information, the system comprising:

a honeynet comprising a plurality of honey pots, each honey pot being allocated an internet protocol (IP) address; and

an unauthorized access information collection device which is disposed between an Internet and the honeynet and which allocates a plurality of global addresses to each of the IP addresses and generates a routing table comprising the IP addresses and their respective corresponding global addresses,wherein the unauthorized access information collection device uses the routing table to transfer packets received from the Internet to the honeynet, and transfers received packets from the honeynet to the Internet according to a communication control list, andthe unauthorized access information collection device records packets that pass through the unauthorized access information collection device from the Internet to the honeynet and vice versa, and wherein the unauthorized access information collection device comprises;

a first communication unit that conducts communication with the Internet;

a second communication unit that conducts communication with the honeynet;

a storage unit which stores the routing table; and

an arithmetic control unit which controls the unauthorized access information collection device and which;

records a packet received through the first communication unit in the storage unit;

writes a first detection point identifier, a destination global address of the received packet, and a destination port number of the received packet into a payload of the recorded packet;

if the destination global address of the received packet is present in the routing table, records a new packet in the storage unit, the new packet having an IP address from the routing table that corresponds to the destination global address of the received packet as a destination address and writes a second detection point identifier, the destination global address of the received packet and the destination port number of the received packet into a payload of the new recorded packet, and transfers the new recorded packet through the second communication unit to the honeynet,wherein the first detection point identifier indicates a point of receipt of a packet from the Internet and the second detection point identifier indicates a point of rewriting into a private address; and

if the destination global address of the received packet is not present in the routing table, discards the received packet.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an unauthorized access information collection system for monitoring unauthorized access to a honeynet so as to collect unauthorized access information, the system includes: a plurality of honey pots in which a private address or a global address is respectively set and which construct the honeynet; and an unauthorized access information collection device which is disposed between an Internet and the honeynet and which allocates a plurality of global addresses to the private address or the global address by setting of a routing table to transfer a received packet and which performs a communication control from the honeynet side to the Internet side based on a communication control list and records the packets passing through the unauthorized access information collection device.

39 Citations

View as Search Results

11 Claims

1. An unauthorized access information collection system for monitoring unauthorized access to a honeynet so as to collect unauthorized access information, the system comprising:
- a honeynet comprising a plurality of honey pots, each honey pot being allocated an internet protocol (IP) address; and
  
  an unauthorized access information collection device which is disposed between an Internet and the honeynet and which allocates a plurality of global addresses to each of the IP addresses and generates a routing table comprising the IP addresses and their respective corresponding global addresses,wherein the unauthorized access information collection device uses the routing table to transfer packets received from the Internet to the honeynet, and transfers received packets from the honeynet to the Internet according to a communication control list, andthe unauthorized access information collection device records packets that pass through the unauthorized access information collection device from the Internet to the honeynet and vice versa, and wherein the unauthorized access information collection device comprises;
  
  a first communication unit that conducts communication with the Internet;
  
  a second communication unit that conducts communication with the honeynet;
  
  a storage unit which stores the routing table; and
  
  an arithmetic control unit which controls the unauthorized access information collection device and which;
  
  records a packet received through the first communication unit in the storage unit;
  
  writes a first detection point identifier, a destination global address of the received packet, and a destination port number of the received packet into a payload of the recorded packet;
  
  if the destination global address of the received packet is present in the routing table, records a new packet in the storage unit, the new packet having an IP address from the routing table that corresponds to the destination global address of the received packet as a destination address and writes a second detection point identifier, the destination global address of the received packet and the destination port number of the received packet into a payload of the new recorded packet, and transfers the new recorded packet through the second communication unit to the honeynet,wherein the first detection point identifier indicates a point of receipt of a packet from the Internet and the second detection point identifier indicates a point of rewriting into a private address; and
  
  if the destination global address of the received packet is not present in the routing table, discards the received packet.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The unauthorized access information collection system as claimed in claim 1, wherein the arithmetic control unit which further controls the unauthorized access information collection device to:
    - if limit information about a source IP address of a packet received from the honeynet through the second communication unit is not registered in the communication control list, records the received packet in the storage unit and writes a third detection point identifier into a payload of the recorded packet and writes a source global address from the routing table that corresponds to the source IP address of the received packet as a source address of the recorded packet, and transfers the recorded packet through the first communication unit; and
      
      if the limit information is present in the communication control list, records the received packet in the storage unit, writes a fourth detection point identifier into a payload of the recorded packet, and discards the received packet.
  - 3. The unauthorized access information collection system as claimed in claim 2,wherein the unauthorized access information collection device further comprises a display unit, andwherein the arithmetic control unit:
    - displays, on the display unit, an Internet plane, an device plane and a honeynet plane which use an IP address and a port number, respectively, as coordinate axes;
      
      reads a recorded packet from the storage unit;
      
      if the recorded packet includes the first detection point identifier, draws a line between the Internet plane and the device plane using the information recorded in the recorded packet;
      
      if the recorded packet includes the second detection point identifier, draws a line between the device plane and the honeynet plane using the information recorded the recorded packet;
      
      if the recorded packet includes the third detection point identifier, draws a line between the honeynet plane and the Internet plane using the information recorded in the recorded packet; and
      
      if the recorded packet includes the fourth detection point identifier, draws a line between the honeynet plane and the device plane using the information recorded in the recorded packet.
  - 4. The unauthorized access information collection system as claimed in claim 3,wherein when the recorded packet includes the first detection point identifier, the arithmetic control unit displays the source address of the recorded packet as a point in coordinates of the Internet plane and displays the destination address of the recorded packet as a point in coordinates of the device plane and draws the line such that the two points are connected to each other with a line segment.
  - 5. The unauthorized access information collection system as claimed in claim 3,wherein when the recorded packet includes the second detection point identifier, the arithmetic control unit displays the destination global address from the payload of the recorded packet as a point in coordinates of the device plane and displays the destination IP address of the recorded packet as a point in coordinates of the honeynet plane and draws the line such that the two points are connected to each other with a line segment.
  - 6. The unauthorized access information collection system as claimed in claim 3,wherein when the recorded packet includes the third detection point identifier, the arithmetic control unit displays the source address of the recorded packet as a point in coordinates of the honeynet plane and displays the destination address of the recorded packet as a point in coordinates of the Internet plane and draws the line such that the two points are connected to each other with a line segment.
  - 7. The unauthorized access information collection system as claimed in claim 3,wherein when the recorded packet includes the fourth detection point identifier, the arithmetic control unit displays the source address of the recorded packet as a point in coordinates of the honeynet plane and displays the destination address of the recorded packet as a point in coordinates of the device plane and draws the line such that the two points are connected to each other with a line segment.
  - 8. The unauthorized access information collection system as claimed in any one of claims 4 to 7, wherein the arithmetic control unit displays the line segment using a color coding display.
  - 9. The unauthorized access information collection system as claimed in any one of claims 4 to 7, wherein the arithmetic control unit displays a marker which moves in a packet propagation direction and traces the line segment.
  - 10. The unauthorized access information collection system as claimed in any one of claims 4 to 7, wherein the arithmetic control unit sets luminance of the marker such that luminance of the marker is different from ambient luminance.

11. An unauthorized access information collection system for monitoring unauthorized access to a honeynet so as to collect unauthorized access information, the system comprising:
- a honeynet comprising a plurality of honey pots, each honey pot being allocated an internet protocol (IP) address; and
  
  an unauthorized access information collection device which is disposed between an Internet and the honeynet and which allocates a plurality of global addresses to each of the IP addresses and generates a routing table comprising the IP addresses and their respective corresponding global addresses,wherein the unauthorized access information collection device uses the routing table to transfer packets received from the Internet to the honeynet, and transfers received packets from the honeynet to the Internet according to a communication control list, andthe unauthorized access information collection device records packets that pass through the unauthorized access information collection device from the Internet to the honeynet and vice versa, wherein the unauthorized access information collection device comprises;
  
  a first communication unit that conducts communication with the Internet;
  
  a second communication unit that conducts communication with the honeynet;
  
  a storage unit which stores the communication control list; and
  
  an arithmetic control unit which controls the unauthorized access information collection device and which;
  
  records a packet received through the first communication unit in the storage unit;
  
  writes a first detection point identifier, a destination global address of the received packet, and a destination port number of the received packet into a payload of the recorded packet;
  
  if the destination global address of the received packet is present in the routing table, records a new packet in the storage unit, the new packet having an IP address from the routing table that corresponds to the destination global address of the received packet as a destination address and writes a second detection point identifier, the destination global address of the received packet and the destination port number of the received packet into a payload of the new recorded packet, and transfers the new recorded packet through the second communication unit to the honeynet,if limit information about a source IP address of a packet received from the honeynet through the second communication unit is not registered in the communication control list, records the received packet in the storage unit and writes a third detection point identifier into a payload of the recorded packet and writes a source global address from the routing table that corresponds to the source IP address of the received packet as a source address of the recorded packet, and transfers the recorded packet through the first communication unit,wherein the first detection point identifier indicates a point of receipt of a packet from the Internet and the second detection point identifier indicates a point of rewriting into a private address; and
  
  if the limit information is present in the communication control list, records the received packet in the storage unit, writes a fourth detection point identifier into a payload of the recorded packet, and discards the received packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Yokogawa Electric Corporation
Original Assignee
Yokogawa Electric Corporation
Inventors
Suzuki, Koei, Baba, Shunsuke
Primary Examiner(s)
Thier, Michael
Assistant Examiner(s)
LOUIS, VINNCELAS

Application Number

US12/522,653
Publication Number

US 20100118717A1
Time in Patent Office

1,811 Days
Field of Search

370/252, 370351-409, 726/22, 726/23, 726/11, 726/25, 726/12, 726/14, 726/24, 709/245, 709/228, 382/313, 340/539.1, 347/230
US Class Current

370/252
CPC Class Codes

H04L 61/2514   between local and global IP...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04L 63/1491   using deception as counterm...

Unauthorized access information collection system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

39 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Unauthorized access information collection system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links