Unwanted tunneling alert system
US9930055B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Aug 4, 2016 |
| Grant date | Mar 27, 2018 |
| Priority date | — |
| Expiry date | Aug 4, 2036 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/556
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Various systems and methods are provided that detect malicious network tunneling. For example, VPN logs and data connection logs may be accessed. The VPN logs may list client IP addresses that have established a VPN connection with an enterprise network. The data connection logs may list client IP addresses that have requested connections external to the enterprise network and remote IP addresses to which connections are requested. The VPN logs and the data connection logs may be parsed to identify IP addresses that are present in the VPN logs as a client IP address and in the data connection logs as a remote IP address. If an IP address is so present, user data and traffic data associated with the IP address may be retrieved to generate a risk score. If the risk score exceeds a threshold, an alert to be displayed in a GUI is generated.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.