Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1999-11-29
2002-03-26
Hayes, Gail (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C709S224000
Reexamination Certificate
active
06363489
ABSTRACT:
FIELD AND BACKGROUND OF THE INVENTION
The present invention relates to a method for automatic intrusion detection and deflection in a network, and in particular, to such a method which uses marking to detect the presence of an intruder, after which the intruder can be diverted from further attempts to attack the network, such that access of the intruder to the network is prevented.
Large amounts of data are transmitted on a daily basis through computer networks, and particularly through the Internet. Perhaps owing to its origins as an academic tool, the Internet is geared toward the efficient transport of data from one endpoint to one or more endpoints, and not on the security of nodes on the network. Therefore, unauthorized users or “hackers” have unfortunately gained relatively easy access to networks as well as to nodes on the network through the Internet. Many such unauthorized users may not have criminal intent, yet may still inflict damage, by intruding on privacy, disrupting computer systems and defacing Web sites. More serious offenses may have consequently more serious damage, such as information theft and/or alteration, in which proprietary, commercial information may be stolen and sold or misused. In addition, computer system damage may occur, requiring the repair of damages inflicted by unauthorized users.
In an attempt to overcome these problems, various protective methods and devices, such as Firewalls and Intrusion Detection Systems (IDS), have been proposed. Unfortunately, knowledgeable attackers can often circumvent firewalls, and the IDS is prone to inaccuracy, as it is a heuristic system. Such inaccuracy often results in a high rate of false alarms, which nullifies the usefulness of such a system.
These problems stem from the infrastructure of networks in general, and of the Internet in particular. In the Internet, communication, between a computer site which hosts a data resource and the computer of a user, is performed according to the TCP/IP communication protocol suite. According to this protocol, the handshake procedure follows a certain set of steps which are easily examined and then imitated. Thus, a useful security protection method for a network would detect the stage in which information is gathered about the handshake procedure and about the network, and would then block any attempted activity by an unauthorized user detected in the information gathering stage. Unfortunately, such a security protection method is not available.
There is thus a need for, and it would be useful to have, a method for protecting the security of a network by detecting the stage in which information is gathered by the unauthorized user, identifying the unauthorized user when an attempt is then made to gain access to a node on the network, and preferably then actively blocking the unauthorized user from such attempts at access.
REFERENCES:
patent: 00/56009 (2000-09-01), None
Amir Oded
Comay Oded
Shikmoni Doron
Yeshurun Yehezkel
Forescout Technologies Inc.
Friedman Mark M.
Hayes Gail
Revak Christopher A.
LandOfFree
Method for automatic intrusion detection and deflection in a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for automatic intrusion detection and deflection in a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for automatic intrusion detection and deflection in a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2870342