Processing

Please wait...

Settings

Settings

Goto Application

1. WO2018005397 - DETECTING ATTACKS USING COMPROMISED CREDENTIALS VIA INTERNAL NETWORK MONITORING

Publication Number WO/2018/005397
Publication Date 04.01.2018
International Application No. PCT/US2017/039352
International Filing Date 27.06.2017
IPC
H04L 29/06 2006.1
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
CPC
G06F 21/31
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
30Authentication, i.e. establishing the identity or authorisation of security principals
31User authentication
G06F 21/45
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
30Authentication, i.e. establishing the identity or authorisation of security principals
45Structures or tools for the administration of authentication
G06F 21/554
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
554involving event detection and direct action
G06F 2221/2151
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
2221Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
2151Time stamp
H04L 63/0428
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
04for providing a confidential data exchange among entities communicating through data packet networks
0428wherein the data content is protected, e.g. by encrypting or encapsulating the payload
H04L 63/083
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
08for supporting authentication of entities communicating through a packet data network
083using passwords
Applicants
  • MICROSOFT TECHNOLOGY LICENSING, LLC [US]/[US]
Inventors
  • GRADY, Itai
  • DUBINSKY, Michael
  • LAKUNISHOK, Benny
  • PLOTNIK, Idan
  • BE'ERY, Tal, Arieh
Agents
  • MINHAS, Sandip
  • CHEN, Wei-Chen, Nicholas
  • DRAKOS, Katherine, J.
  • KADOURA, Judy, M.
  • HOLMES, Danielle, J.
  • SWAIN, Cassandra, T.
  • WONG, Thomas, S.
  • CHOI, Daniel
  • HWANG, William, C.
  • WIGHT, Stephen A.
Priority Data
15/199,88030.06.2016US
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) DETECTING ATTACKS USING COMPROMISED CREDENTIALS VIA INTERNAL NETWORK MONITORING
(FR) DÉTECTION D'ATTAQUES À L'AIDE DE JUSTIFICATIFS D'IDENTITÉS COMPROMIS PAR LE BIAIS D'UNE SURVEILLANCE DE RÉSEAU INTERNE
Abstract
(EN)
The threat of malicious parties exposing users' credentials from one system and applying the exposed credentials to a different system to gain unauthorized access is addressed in the present disclosure by systems and methods to preemptively and reactively mitigate the risk of users reusing passwords between systems. A security device passively monitors traffic comprising authorization requests within a network to reactively identify an ongoing attack based on its use of exposed credentials in the authorization request and identifies accounts that are vulnerable to attacks using exposed credentials by actively attempting to log into those accounts with exposed passwords from other networks. The systems and methods reduce the number of false positives associated with attack identification and strengthens the network against potential attacks, thus improving the network's security and reducing the amount of resources needed to securely manage the network.
(FR)
Selon la présente invention, la menace de parties malveillantes exposant des justificatifs d'identité d'utilisateurs d'un système et appliquant les justificatifs d'identité exposés à un système différent afin d'obtenir un accès non autorisé est adressée par des systèmes et des procédés afin d'atténuer de manière préventive et réactive le risque des utilisateurs réutilisant des mots de passe entre des systèmes. Un dispositif de sécurité surveille passivement le trafic comprenant des demandes d'autorisation dans un réseau afin d'identifier de manière réactive une attaque en cours sur la base de son utilisation de justificatifs d'identité exposés dans la demande d'autorisation et identifie des comptes qui sont vulnérables aux attaques à l'aide de justificatifs d'identité exposés en essayant activement de se connecter à ces comptes avec des mots de passe exposés provenant d'autres réseaux. Les systèmes et les procédés réduisent le nombre de faux positifs associés à l'identification d'attaques et renforcent le réseau contre des attaques potentielles, ce qui permet d'améliorer la sécurité du réseau et de réduire la quantité de ressources nécessaires à la gestion sécurisée du réseau.
Latest bibliographic data on file with the International Bureau