System and method for identifying security breach attempts of a website
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-021/00
H04L-009/32
H04L-009/08
G06F-021/57
G06F-021/52
G06F-021/55
H04L-029/06
출원번호
US-0565088
(2009-09-23)
등록번호
US-10157280
(2018-12-18)
발명자
/ 주소
Amir, Idan
Gruner, Eyal
Zilber, Boaz
출원인 / 주소
F5 Networks, Inc.
대리인 / 주소
LeClairRyan PLLC
인용정보
피인용 횟수 :
0인용 특허 :
174
초록▼
The present invention is a method, circuit and system for detecting, reporting and preventing an attempted security breach of a commercial website (for example a banking website), such as identity theft, website duplication (mirroring/Phishing), MITB (man in the browser) attacks, MITM (man in the mi
The present invention is a method, circuit and system for detecting, reporting and preventing an attempted security breach of a commercial website (for example a banking website), such as identity theft, website duplication (mirroring/Phishing), MITB (man in the browser) attacks, MITM (man in the middle) attacks and so on.
대표청구항▼
1. A website security method implemented by a network system comprising one or more client devices and server devices, the method comprising: receiving a request from a client device for a web page to be provided by a server application, wherein anti-trojan software code is embedded in the requested
1. A website security method implemented by a network system comprising one or more client devices and server devices, the method comprising: receiving a request from a client device for a web page to be provided by a server application, wherein anti-trojan software code is embedded in the requested web page and the anti-trojan software code is functionally associated with the server application and comprises one or more expected communication parameters;sending the requested web page to the client device responsive to the request, wherein the anti-trojan software code is configured to: intercept a subsequent request resulting from an interaction with the requested web page,extract one or more communication parameters contained within the intercepted subsequent request,compare the extracted communication parameters with the expected communication parameters, wherein the expected communication parameters comprise communication parameters of different types of possible communications expected by the server application in connection with requests to the server application, anddetermine a potential client security breach exists when one or more of the extracted communication parameters do not match one or more of the expected communication parameters;initiating a mitigation action when an indication is received from the executing anti-trojan software code that a potential security breach exists; andresponding to the subsequent request from the client device by providing a requested resource when no indication is received from the executing anti-trojan software code that a potential security breach exists. 2. The method according to claim 1, wherein the mitigation action comprises at least one of terminating a communication session with the client device, sending a warning message to one or more of the client device, a website administrator or an anti-trojan software module service provider, or temporarily blocking a user of the client device from making further subsequent requests and providing remediation instructions intended for the user of the client device to re-enable access for sending the further subsequent requests. 3. The method according to claim 1, wherein the expected communication parameters comprise one or more of a response size, a response format, a number of user inputs, or response contents. 4. An apparatus, comprising memory comprising programmed instructions stored thereon and one or more processors configured to be capable of executing the stored programmed instructions to: receive a request from a client device for a web page to be provided by a server application, wherein anti-trojan software code is embedded in the requested web page and the anti-trojan software code is functionally associated with the server application and comprises one or more expected communication parameters;send the requested web page to the client device responsive to the request, wherein the anti-trojan software code is configured to: intercept a subsequent request resulting from an interaction with the requested web page,extract one or more communication parameters contained within the intercepted subsequent request,compare the extracted communication parameters with the expected communication parameters, wherein the expected communication parameters comprise communication parameters of different types of possible communications expected by the server application in connection with requests to the server application, and determine a potential client security breach exists when one or more of the extracted communication parameters do not match one or more of the expected communication parameters;receive the notification from the client device and initiate a mitigation action when an indication is received from the executing anti-trojan software code that a potential security breach exists; andresponding to the subsequent request from the client device by providing a requested resource when no indication is received from the executing anti-trojan software code that a potential security breach exists. 5. The apparatus according to claim 4, wherein the mitigation action comprises at least one of terminating a communication session with the client device, sending a warning message to one or more of the client device, a website administrator or an anti-trojan software module service provider, or temporarily blocking a user of the client device from making further subsequent requests and providing remediation instructions intended for the user of the client device to re-enable access for sending the further subsequent requests. 6. The apparatus according to claim 4, wherein the expected communication parameters comprise one or more of a response size, a response format, a number of user inputs, or response contents. 7. A non-transitory computer readable medium having stored thereon instructions for website security comprising machine executable code which when executed by at least one processor, causes the processor to: receive a request from a client device for a web page to be provided by a server application, wherein anti-trojan software code is embedded in the requested web page and the anti-trojan software code is functionally associated with the server application and comprises one or more expected communication parameters;send the requested web page to the client device responsive to the request, wherein the anti-trojan software code is configured to: intercept a subsequent request resulting from an interaction with the requested web page,extract one or more communication parameters contained within the intercepted subsequent request,compare the extracted communication parameters with the expected communication parameters, wherein the expected communication parameters comprise communication parameters of different types of possible communications expected by the server application in connection with requests to the server application, anddetermine a potential client security breach exists when one or more of the extracted communication parameters do not match one or more of the expected communication parameters;receive the notification from the client device and initiate a mitigation action when an indication is received from the executing anti-trojan software code that a potential security breach exists; andresponding to the subsequent request from the client device by providing a requested resource when no indication is received from the executing anti-trojan software code that a potential security breach exists. 8. The non-transitory computer readable medium according to claim 7, wherein the mitigation action comprises at least one of terminating a communication session with the client device, sending a warning message to one or more of the client device, a website administrator or an anti-trojan software module service provider, or temporarily blocking a user of the client device from making further subsequent requests and providing remediation instructions intended for the user of the client device to re-enable access for sending the further subsequent requests. 9. The non-transitory computer readable medium according to claim 7, wherein the expected communication parameters comprise one or more of a response size, a response format, a number of user inputs, or response contents. 10. A network system, comprising one or more client devices and server devices, the network system comprising memory comprising programmed instructions stored thereon and one or more processors configured to be capable of executing the stored programmed instructions to: receive a request from a client device for a web page to be provided by a server application, wherein anti-trojan software code is embedded in the requested web page and the anti-trojan software code is functionally associated with the server application and comprises one or more expected communication parameters;send the requested web page to the client device responsive to the request, wherein the anti-trojan software code is configured to: intercept a subsequent request resulting from an interaction with the requested web page,extract one or more communication parameters contained within the intercepted subsequent request,compare the extracted communication parameters with the expected communication parameters, wherein the expected communication parameters comprise communication parameters of different types of possible communications expected by the server application in connection with requests to the server application, anddetermine a potential client security breach exists when one or more of the extracted communication parameters do not match one or more of the expected communication parameters;receive the notification from the client device and initiate a mitigation action when an indication is received from the executing anti-trojan software code that a potential security breach exists; andrespond to the subsequent request from the client device by providing a requested resource when no indication is received from the executing anti-trojan software code that a potential security breach exists. 11. The system as set forth in claim 10, wherein the mitigation action comprises at least one of terminating a communication session with the client device, sending a warning message to one or more of the client device, a website administrator or an anti-trojan software module service provider, or temporarily blocking a user of the client device from making further subsequent requests and providing remediation instructions intended for the user of the client device to re-enable access for sending the further subsequent requests. 12. The system as set forth in claim 10, wherein the expected communication parameters comprise one or more of a response size, a response format, a number of user inputs, or response contents.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (174)
Morita, Yoichiro; Nakae, Masayuki, Access control system, access control method, and access control program.
Susai, Michel K.; Sinha, Rajiv; Shetty, Anil, Apparatus, method and computer program product for efficiently pooling connections between clients and servers.
Sohn Sung Won,KRX ; Doh Yoon Mi,KRX ; Kim Jong Oh,KRX, Asynchronous transfer mode (ATM) layer function processing apparatus with an enlarged structure.
Sathaye Shirish S. (North Chelmsford MA) Hannigan Brendan (West Newton MA) Hawe William R. (Pepperell MA), Automatic assignment of addresses in a computer communications network.
Yang Henry S. (Andover MA) Sathaye Shirish S. (North Chelmsford MA) Ben-Nun Michael (Jerusalem ILX) De-Leon Moshe (Jerusalem ILX) Ben-Michael Simoni (Givaat Zeev ILX), Buffer descriptor prefetch in network and I/O design.
Gleichauf, Robert E.; Thomson, Susan E.; Rochefort, Dany J.; Salowey, Joseph A.; Zhou, Hao; Wu, Fan; Yarlagadda, Venkateswara Rao; Rice, Russell E., Controlling access to resources in a network.
Fitzgerald Albion J. (Ridgewood NJ) Fitzgerald Joseph J. (New Paltz NY), Distributed computer network including hierarchical resource information structure and related method of distributing re.
Dobbins Kurt ; Grant Thomas A. ; Ruffen David J. ; Kane Laura ; Len Theodore ; Andlauer Philip ; Bahi David H. ; Yohe Kevin ; Fee Brendan ; Oliver Chris ; Cullerot David L. ; Skubisz Michael, Distributed connection-oriented services for switched communications networks.
Shi Shaw-Ben ; Ault Michael Bradford ; Plassmann Ernst Robert ; Rich Bruce Arland ; Rosiles Mickella Ann ; Shrader Theodore Jack London, Distributed file system web server user authentication with cookies.
Couland Ghislaine,FRX ; Hunt Guerney Douglass Holloway ; Levy-Abegnoli Eric Michel,FRX ; Jean-Marie Mauduit Daniel Georges,FRX, Distributed scalable device for selecting a server from a server cluster and a switched path to the selected server.
Albert, Mark; Howes, Richard A.; Jordan, James A.; Kersey, Edward A.; LeBlanc, William M.; Menditto, Louis F.; O'Rourke, Chris; Tiwari, Pranav Kumar; Tsang, Tzu-Ming, Handling packet fragments in a distributed network service environment.
Tokuyo, Masanaga; Nakagawa, Itaru; Chikuma, Satoru; Fujino, Nobutsugu; Taniguchi, Tetsuya; Hisanaga, Takanori; Chikada, Michiyasu; Kuwata, Daisuke, IP router device having a TCP termination function and a medium thereof.
Daniel Arthur A. (Rochester MN) Moore Robert E. (Durham NC) Anderson Catherine J. (Raleigh NC) Gelm Thomas J. (Raleigh NC) Kiter Raymond F. (Poughkeepsie NY) Meeham John P. (Raleigh NC) Stevenson Joh, Method and apparatus for communication network alert message construction.
Attanasio Clement R. (Peekskill NY) Smith Stephen E. (Mahopac NY), Method and apparatus for making a cluster of computers appear as a single host on a network.
Walter A. Hubis ; William G. Deitz, Method and system for controlling access share storage devices in a network environment by configuring host-to-volume mapping data structures in the controller memory for granting and denying access .
Colby Steven ; Krawczyk John J. ; Nair Raj Krishnan ; Royce Katherine ; Siegel Kenneth P. ; Stevens Richard C. ; Wasson Scott, Method and system for directing a flow between a client and a server.
Linville John Walter ; Makrucki Brad Alan ; Suffern Edward Stanley ; Warren Jeffrey Robert, Method and system for monitoring and controlling data flow in a network congestion state by changing each calculated pause time by a random amount.
Faulkner, Alisdair; Goldie, Colin; Jones, David, Method and system for uniquely identifying a user computer in real time for security violations using a plurality of processing parameters and servers.
Anupam, Vinod; Silva, Juliana Freire; Kumar, Bharat; Lieuwen, Daniel Francis, Method for creating and playing back a smart bookmark that automatically retrieves a requested Web page through a plurality of intermediate Web pages.
Leighton Frank T. (459 Chestnut Hill Ave. Newtonville MA) Micali Silvio (459 Chestnut Hill Ave. Brookline MA 02146), Method for enabling users of a cryptosystem to generate and use a private pair key for enciphering communications betwee.
Zhang,Hui; de la Iglesia,Erik; Gomez,Miguel; Liu,Liang; Lowe,Rick K.; Wallace,Mark Aaron; Wang,Wei, Method of and system for allocating resources to resource requests.
Choquier Philippe,FRX ; Peyroux Jean-Francios ; Griffin William J., Method of redirecting a client service session to a second application server without interrupting the session by forwa.
Thornewell, Peter M.; Zheng, Songbo; Moshiri, Nojan; Kushi, David; Cano, Charles, Methods for preserving flow state during virtual machine migration and devices thereof.
Albert, Mark; Howes, Richard A.; Jordan, James A.; Kersey, Edward A.; LeBlanc, William M.; McGuire, Jacob Mark; Menditto, Louis F.; O'Rourke, Chris; Tiwari, Pranav Kumar; Tsang, Tzu-Ming, Network address translation using a forwarding agent.
Allen, Jr., James Johnson; Bass, Brian Mitchell; Calvignac, Jean Louis; Gaur, Santosh Prasad; Heddes, Marco C.; Siegel, Michael Steven; Verplanken, Fabrice Jean, Network processor interface for building scalable switching systems.
Cummings Kevin D. (Phoenix AZ) Johnson William A. (Paradise Valley AZ) Laird Daniel L. (Madison WI), Pattern writing method during X-ray mask fabrication.
Wright,Michael; Boucher,Peter; Nault,Gabe; Smith,Merrill; Jacobson,Sterling K; Wood,Jonathan; Mims,Robert, Protection of data accessible by a mobile device.
Allen, Jr., James Johnson; Bass, Brian Mitchell; Davis, Gordon Taylor; Jeffries, Clark Debs; Nair, Jitesh Ramachandran; Sabhikhi, Ravinder Kumar; Siegel, Michael Steven; Yedavalli, Rama Mohan, Retro flow control for arriving traffic in computer networks.
Arora Sanjeev (Berkeley CA) Knight ; Jr. Thomas F. (Belmont MA) Leighton Frank T. (Newton Center MA) Maggs Bruce M. (Princeton NJ) Upfal Eliezer (Palo Alto CA), Switching networks with expansive and/or dispersive logical clusters for message routing.
Liu, Fu-Hua; Cheng, Shih-An; Chang, Chen-Huei; Lee, Chih-Ping, System and method for determining a connectionless communication path for communicating audio data through an address and port translation device.
Labio,Wilburt Juan; Nguyen,Giao Thanh; Liu,Winston Wencheng; Manku,Gurmeet Singh, System and method for optimizing access to information in peer-to-peer computer networks.
Bommareddy, Satish; Kale, Makarand; Chaganty, Srinivas, System and method for routing message traffic using a cluster of routers sharing a single logical IP address distinct from unique IP addresses of the routers.
Chang Albert (Austin TX) Neuman Grover H. (Austin TX) Shaheen-Gouda Amal A. (Austin TX) Smith Todd A. (Austin TX), System and method for using cached data at a local node after re-opening a file at a remote node in a distributed networ.
Pitts William M. (780 Mora Dr. Los Altos CA 94024), System for accessing distributed data cache channel at each network node to pass requests and data.
O'Toole, Jr.,James W., System using idle connection metric indicating a value based on connection characteristic for performing connection drop sequence.
Short, Joel E.; Delley, Frederic; Logan, Mark F.; Pagan, Florence C. I., Systems and methods for redirecting users having transparent computer access to a network using a gateway device having redirection capability.
Cappiello,Scott; Du,Yi; Le,Dyung V.; Li,Benjamin Z.; Li,Wenfeng; Polana,Ramprasad; Vinton,Patrick, Technique for handling server session requests in a system having a plurality of servers.
Brown Charles Allan ; Burns John Martin ; Nagaraj Holavanahally Seshachar ; O'Neill James Joseph ; Ullah Muhammad Inayet ; Volpe Leo ; Wendt Herman Russell, Vacuum baking process.
Brendel Juergen ; Kring Charles J. ; Liu Zaide ; Marino Christopher C., World-wide-web server with delayed resource-binding for resource-based load balancing on a distributed resource multi-n.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.