Method and system for detecting network compromise
US9356942B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Mar 4, 2013 |
| Grant date | May 31, 2016 |
| Priority date | — |
| Expiry date | Jul 1, 2033 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04W12/00
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method and system are described for detecting unauthorized access to one or more of a plurality of networked victim computers in a victim cloud. The networked victim computers connect to one or more DNS servers. The system includes one or more decoy bot computers, which are operated as victim computers in the victim cloud. The system also includes one or more decoy control computers, which are operated as control computers that communicate with victim computers in the victim cloud. Threats are identified by analyzing data traffic communicated with the decoy bot computers and decoy control computers for information suspected of having being sent from a victim's computer without proper authorization, and by monitoring whether behavior of a DNS server deviates from expected behaviors.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.