Attack correlation using marked information

Patent Number: 7,748,040

Date: June 29, 2010

Inventors: Adelstein; Frank N. (Ithaca, NY), Bar; Haim (Ithaca, NY), Alla; Prasanth (McLean, VA), Proskourine; Nikita (Plainville, MA)

Abstract: Techniques are described for providing security to a protected network. Techniques are described for thwarting attempted network attacks using marked information. The attack correlation system provides marked information to computing devices that probe for sensitive information, and monitors subsequent communications for use of the marked information. In one example, the attack correlation system reroutes communications containing the marked information to a dedicated vulnerable device that logs the communications to monitor the attackers' methods. The attack correlation system may also include functionality to exchange information regarding attempted attacks with other attack correlation systems to gain broader knowledge of attacks throughout one or more networks.