Methods, systems, and media for baiting inside attackers
US-9009829-B2 · Apr 14, 2015 · US
Network protection system and method
US9641550B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9641550-B2 |
| Application number | US-201614991957-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 10, 2016 |
| Priority date | Jul 21, 2010 |
| Publication date | May 2, 2017 |
| Grant date | May 2, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods for protecting at least one client from becoming part of at least one botnet by monitoring and analyzing botnet communications to and from criminal servers and identifying at least one botnet attack on at least one client. The system may comprise virtual machines deliberately infected with malicious content and operable to record botnet communications to and from criminal servers. The virtual machines are in communication with a processing unit configured to index data collected. Data related to the prevalence of cyber threats may be presented to users in response to queries.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method for use in a remote intelligence gathering system operable to provide intelligence to at least one network manager for protecting at least one asset from becoming part of at least one botnet, said intelligence comprising information relating to potential security threats to said at least one asset, said remote intelligence gathering system comprising at least one communication unit configured to receive data queries from said at least one network manager and to send said intelligence in response to said data queries; the at least one asset having at least one client address and the botnet being controlled by at least one criminal server having at least one bot address, the botnet operable to communicate data between said at least one client address and said at least one bot address, the method comprising: sending, by said network manager, at least one query relating to characteristics of said at least one asset; receiving, by said network manager, said intelligence pertaining to the characteristics of said at least one asset; defining automatically, by said network manager, said at least one asset which requires botnet protection, said at least one asset having at least one asset address; processing traffic, by said network manager, sent to and from said at least one asset address and said at least one bot address; identifying, by said network manager, at least one bot attack pertaining to said at least one asset; and generating, by said network manager, an indication associated with said at least one bot attack. 2. The method of claim 1 , wherein defining automatically said at least one asset comprises defining at least one IP range representing said asset. 3. The method of claim 1 , wherein defining said at least one asset comprises defining at least one network interface representing said asset. 4. The method of claim 1 , further comprising gathering said intelligence by collecting potential bot data. 5. The method of claim 4 , wherein collecting potential bot data comprises: exposing at least one honeypot asset having at least one honeypot address to said traffic; monitoring honeypot-traffic, said honeypot-traffic traveling between said at least one honeypot address and said at least one bot address; and identifying bot-traffic patterns from said honeypot-traffic, said bot-traffic patterns indicative of at least one bot-infected asset. 6. The method of claim 5 , wherein processing traffic sent to and from said at least one asset address and said at least one bot address comprises: classifying said traffic into classified-traffic, said classifying performed according to at least one IP range representing said at least one asset and according to said bot-traffic patterns. 7. The method of claim 2 , wherein processing traffic sent to and from said at least one asset address and said at least one bot address comprises: classifying said traffic into classified-traffic, said classifying performed according to said at least one IP range representing said at least one asset and according to bot-traffic patterns. 8. The method of claim 7 , wherein identifying said at least one bot attack pertaining to said asset comprises filtering said classified-traffic according to said at least one asset address. 9. The method of claim 1 , wherein generating said indication associated with said at least one bot attack comprises displaying said at least one bot attack pertaining to said at least one asset. 10. The method of claim 1 , further comprising mitigating said at least one bot attack. 11. The method of claim 1 , wherein said intelligence comprises at least one item selected from: at least one current IP address of said criminal server, at least one future IP address of said criminal server, at least one current URL of said criminal server, at least one future URL of said criminal server, at least one current domain name of said criminal server, at least one future domain name of said criminal server, at least one geographical location of said security threat; at least one vulnerability exploited by said malicious software, time stamps and combinations thereof.
Assignees
Inventors
Classifications
- H04L63/1491Primary
using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment · CPC title
Indexing; Web crawling techniques · CPC title
Event detection, e.g. attack signature detection · CPC title
Vulnerability analysis · CPC title
Traffic logging, e.g. anomaly detection · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9641550B2 cover?
- Systems and methods for protecting at least one client from becoming part of at least one botnet by monitoring and analyzing botnet communications to and from criminal servers and identifying at least one botnet attack on at least one client. The system may comprise virtual machines deliberately infected with malicious content and operable to record botnet communications to and from criminal se…
- Who is the assignee on this patent?
- Seculert Ltd, Radware Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1491. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 02 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).