Patent · US Active

Detecting man-in-the-middle attacks

US10250636B2 · kind B2 · utility

34Cited by

5References

20Claims

0Family size

Assignee

Attivo Networks Inc. · US

Inventors

Venu Vissamsetty · San Jose, US
Muthukumar Lakshmanan · Bengaluru, IN
Sreenivasa Sudheendra Penupolu · Darsi, IN
Ankur Rungta · Bengaluru, IN

Key dates

Filing date	Jul 7, 2016
Grant date	Apr 2, 2019
Priority date	—
Expiry date	Mar 28, 2037

Classification

Technology area (CPC H)Electricity
CPC primaryH04L2463/144
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

MITM attacks are detected by intercepting network configuration traffic (name resolution, DHCP, ARP, ICMP, etc.) in order to obtain a description of network components. A computer system generates artificial requests for network configuration information and monitors responses. Multiple responses indicate a MITM attack. Responses that are different from previously-recorded responses also indicate a MITM attack. MITM attacks may be confirmed by transmitting fake credentials to a source of a response to a request for network configuration information. If the fake credentials are accepted or are subsequently used in an access attempt, then a MITM attack may be confirmed.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.