Title of Invention	A METHOD TO DETECT, WARN, TRACK, ALERT AND PREVENT HACKERS SIMULTANEOUSLY FROM WEBSITES INSTANTLY
Abstract	ABSTRACT ft web-based real-time system that detects,warns,tracks, alerts and bans hackers from 3 domain either temporarily or permanently. Each and every attack a hacker attempts on a domain is atonce validated against the Attack Patterns Engine and issued a rating.The higher the rating,the stronger the attack performed.A warning is displayed by the Attack Patterns Engine to the attacker inorder to stop further hacking attempts on the victims domain. If the attacker is relentless, then the Auto-Ban Engine includes attacker internet protocol address to existing victims banned internet protocol address listings. To trackdown the attacker the hackers internet protocol address is subjected to the Geographical Information Database to retrive attackers information such as Country,Province,City,Latitude,Longitude,lnternet Service Provider,Domain,Zip code and Net Speed.This information is intimated to victims admistration cell and to Cyber investigation department by the Alerts & Communications Engine via Email Alerts.Short Messaging Service,Fax and Recorded Calls to nab the hackers.

Title of Invention

A METHOD TO DETECT, WARN, TRACK, ALERT AND PREVENT HACKERS SIMULTANEOUSLY FROM WEBSITES INSTANTLY

Abstract

ABSTRACT ft web-based real-time system that detects,warns,tracks, alerts and bans hackers from 3 domain either temporarily or permanently. Each and every attack a hacker attempts on a domain is atonce validated against the Attack Patterns Engine and issued a rating.The higher the rating,the stronger the attack performed.A warning is displayed by the Attack Patterns Engine to the attacker inorder to stop further hacking attempts on the victims domain. If the attacker is relentless, then the Auto-Ban Engine includes attacker internet protocol address to existing victims banned internet protocol address listings. To trackdown the attacker the hackers internet protocol address is subjected to the Geographical Information Database to retrive attackers information such as Country,Province,City,Latitude,Longitude,lnternet Service Provider,Domain,Zip code and Net Speed.This information is intimated to victims admistration cell and to Cyber investigation department by the Alerts & Communications Engine via Email Alerts.Short Messaging Service,Fax and Recorded Calls to nab the hackers.

Full Text	BACKGROUND OF THE INVENTION Hacker crimes are increasing day-by-day. Government Organizations, Banks, E-Commerce Applications, Public and Private Sector Organizations are the primary target for these attackers. Since attackers are very clever in switching their identity using dynamic internet protocol address and proxies it is becoming a difficult task for the cyber investigations department to track them down. Mass website defacements, Data thefts. Online Frauds by hackers are still at large. Though there has been many intrusion detection systems under deployment, it is really impossible to warn, track and prevent hackers from attacking the applications in real-time. Available systems can rarely track attackers only after they have committed crime. These systems searches for the attacker's protocol address in the victim's domain logs. Once acquired, detailed analysis is done to retrieve attacker's information. This system has a high probability of failure in tracking the attacker since the process is time-consuming and the attacker would have changed identity. The main background behind this invention is to stop an attacker even before committing crime on a particular domain. The attacker is warned, tracked and prevented from further attacking the domain. Developing in such a system will cut down hacker crimes and nab them down. DESCRIPTION OF THE INVENTION No hacker can compromise a website or a domain in the very first attempt. A lot of research and patience is emphasized by hackers to know the structure and working of the domain. Hackers unveil weaknesses in the domain by issuing attacks in order to know the type of vulnerability required to exploit. After discovering almost all vulnerabilities in the domain, the hacker may launch a full-fledged attack to compromise the system totally. Hence it is clear that only after certain tries and attempts a hacker may gain access to the system or domain. Thus the ultimate motive behind this invention is to prevent hackers even from attempting to attack the domain, warning the attacker of the intrusion attempts and thus tracking the location whereabouts of the attacker and intimating to the website owners and to the cyber investigations department via the quickest available communications medium. The setup consists of 5 different unique units. Each has their own funtionalities. The HandShake Engine The Attack Patterns Engine The Geographical Information Database The Alerts and Communications Engine The Auto-Ban Engine 2 \| P a g e The Handshake Engine This engine is nothing but a piece of code that is embedded within the victim's application inside the domain. The engine is unique from the other four units such that, the former is resident within the victim's server whereas the latter is resident in our server. This engine plays a vital role in control flow of information between the victim's server and our server. Without this engine, there will be no sort of communication between the victim's server and our server and thus no further processing may take place. This engine is backbone of the whole process. Any flow of information that takes place in the victim's server will be forwarded to our server. This engine acts as a bridge between the victim server and our server and mainly works on the server's request information on the victim's domain. Either the victim's server or our server wants to convey exchange of messages, can be achieved only with the help of this engine. The Attack Patterns Engine Fig 2 shows the flowchart of this engine. This engine consists of numerous attack variations. An attack variant is type or pattern in which an attack will look like. In other words, an attack variant is itself an attack. Each and every hacker employs different styles and techniques in the attacks they perform. These variations and techniques are devised and coded within this engine. This engine is otherwise called the "Dormant Depot of Attacks". This engine gets the attack from the hacker as the input. This malicious input is subjected within the engine for further processes. The subjected input is validated against the available numerous attack variations residing in the engine for a match. If a match is found for the input, then it is considered as an "intended attack". This intended attack is furthermore checked for its effects and assigned an impact rating. The impact rating shows how dangerous an attack can be as well as the attacker. The higher the impact rating, the stronger the attack performed. The main process behind this engine is it verifies the input for any attack. If it is an attack it immediately assigns an impact rating. False positives will be ignored as such. 3\|Page The Geographical Information Database Fig 3 depicts the block diagram of this database. This database is used to retrieve almost ali geographical location information provided with the right parameters. This entity is used to track the hacker's location from where the attack is currently being performed. The attacker's internet protocol address is subjected as input to this geographicai database to retrieve the most vital location information such as Country Retrieves the country in which the hacker is located. Province Retrieves the region or province in which the hacker is located. - City Retrieves the city in which the hacker is performing the attack. Latitude Retrieves the angular distance north or south from the equator, measured along the meridian of that particular point. [Effective in tracking down cyber-terrorists] Longitude Retrieves the angular distance east or west from the equator, measured along the meridian of that particular point. [Effective in tracking down cyber-terrorists] Zip Code Returns zip or the postal code of the hacker's location. Time-zone Return time-zone of the hacker's location in GMT. - Internet Service Provider Retrieves name of the internet service provider used by the hacker to connect to the internet. [Contacting this source may reveal more personal information about the hacker; however, chances of probability are not always high] Internet Speed Returns the internet speed in which the hacker is connected via the internet. Sending this information at the right time will help the victim to evade further attacks and the cyber investigation department to nab down the hacker. Thus the next entity comes to focus. 4 \| P a g e The Alerts & Communications Engine Fig 4 represents the block diagram and flow of this engine. This engine is mainly used for instant alerting and communication purpose of the hacker attacks being impinged on the victim's server. The alert information is sent to the victim's communication medium as well as the cyber investigations department communication medium, if and only if required. The necessary information to be sent is given as input in order to forward to the communication medium. The gathered information is compressed and encapsulated in order to suit the required medium. The communication mediums in which the information is intimated are as follows SMS (Short Messaging Service) Alerts o The attacker's internet protocol address is instantly sent to the victim's administration unit and to the cyber investigations department via mobile devices. Email {Electronic Mail) Aierts o The detailed report of the attacker's location and the complete information of the attack performed will be dispatched to the victim's administration unit and to the cyber investigations department internet mailboxes. - FAX o A hard copy that consists of the detailed report of the attacker's location and the complete information of the attack performed will be dispatched to the victim's administration unit and to the cyber investigations department fax machines. Recorded Calls o An immediate call to a standalone phone or a mobile device will be initiated. The call provides the detailed explanation of the attacker's location and the complete information of the attack performed to the victim's administration unit and to the cyber investigations department via a pre-recorded voice. 5\|Page The Auto-Ban Engine Fig 5 shows the block diagram of this engine. This engine plays a pivotal role in preventing an attacker from attacking or accessing the domain temporarily or permanently. When a hacker or a cyber-terrorist launches a high impact attack, the attacker's internet protocol address is recorded. To further stop the attacker from attacking the domain, the attacker's internet protocol address need to be banned from the victim's domain. In order to accomplish this we need the web server configuration file of the victim's domain. The web server configuration file consists of many rules. Certain rules are only discussed here, such that it can allow or restrict any number of internet protocol addresses to access that particular domain. Hence, if the attacker's internet protocol address is added in the restricted list of addresses in the configuration file then access will be denied for the attacker from the victim's domain. 5ince these things cannot be done in an instant, that too in real-time. Thus this engine comes to light. This engine now adds or appends the attacker's internet protocol address to the restricted list of protocol addresses of the web server configuration file after retrieving it from the victim's server via the File Transfer Protocol. The engine now uploads the newly modified web server configuration file to the victim's domain server via the existing open File Transfer Protocol connection. On successfully uploading the configuration file, the attacker's loses control over the domain and thus preventing the hacker from attacking the domain either temporarily or permanently till the web configuration file is modified. 6 \| P a g e BRIEF DESCRIPTION OF THE INVENTION Fig 1 shows the detailed working of this setup. Assuming that the below concept explains the working of our model is configured in the victim's domain. Hackers launch attacks to the domain via browsers. A browser is a medium that is used to communicate with the websites or domains over the internet. When a hacker visits the website and attacks the domain from the browser. The attack reaches the victim's server and to the Handshake Engine that resides within the victim's server. The Handshake Engine captures the request information (in this case, an attack} and the internet protocol address of the attacker. The Handshake Engine forwards the attack and the internet protocol address of the attacker to the Standby Unit. The Attack Patterns Engine checks for a match; this engine holds numerous attack variations residing inside. When a match is found, it is immediately assigned an impact rating. The higher the impact rating, the stronger the attack performed. False positives will be ignored as such. In case, if this attack variant has a higher rating, the Attack Patterns Engine immediately dispatches an intruder alert message to the Handshake Engine. The Handshake Engine communicates with the victim's server and displays a warning alert to the attacker for attacking the domain. In the meantime, the Attack Patterns Engine forwards the attack information to the Standby Unit. The attack information and the internet protocol address of the attacker are retrieved from the Standby Unit and are sent to the Geographical Information Database. The Geographical information Database is mainly used to track the whereabouts of the attacker and to know the exact location where the attacks are being carried out. It is otherwise called as "Warehouse for tracking targets". The Geographical Information Database holds almost every country information and statistics corresponding to the internet protocol address. The tracking information include the attacker's location such as Country Province - City Latitude Longitude - Zip Code Time zone Internet Service Provider Internet Speed This information is well enough to track down and nab the hacker. After tracking the whereabouts of the attacker, the information must be immediately intimated to the victim's domain administration and to the cyber investigations department {if the attacker is considering being a cyber-terrorist); thus the Alerts and Communications Engine comes to picture. 7 j P a g c The Alerts and Communications Engine gathers the attacker's information from the Geographical Information Database and makes it ready for communications transfer purposes. The Alerts and Communications Engine compacts the data and sends the information via - E-Mail (Electronic Mail) Alerts SMS (Short Messaging Service) Alerts - FAX Recorded Calls These medium of transferring information are faster and reach the destinations in an instant time. Hence, these alerts are dispatched to the victim's administrator as well as to cyber investigations department for nabbing down the hacker. The Alerts and Communications Engine compacts and encapsulates the data to be transferred in an efficient manner before sending to different communications medium. Since large data cannot be sent via SMS (Short Messaging Service). There are certain classes of hackers who fear nothing. Even though we dispatched a warning alert to the hacker, the attacker does not care and still goes on havoc in attacking the victim's domain. In such case, the hacker has to be stopped at all costs. Thus the Auto-Ban Engine comes to focus. The Auto-Ban Engine plays a vital role in preventing the hacker from further attacking the domain. The Auto-Ban Engine connects to the File Transfer Protocol of the victim's domain and retrieves the web server configuration file. This web server configuration file contains the internet protocol addresses that are required to access and restrict from the site. After retrieving the web server configuration file, the Auto-Ban Engine appends the attacker's internet protocol address in the restricted internet protocol addresses list in the web server configuration file. After making necessary changes, the Auto-Ban Engine connects to existing open File Transfer Protocoi connection of the victim's domain and uploads the modified web server configuration file. Since the attacker's internet protocol address is in the blocked list of protocol addresses, the hacker will not be able to access the site on that particular internet protocol address for launching further attacks. 8 I P a e e DETAILED DESCRIPTION OF DRAWINGS The below explanations show the detailed and brief descriptions of the figures. The figures are numbered and the explanations to those numbering tags can be made dear from the below context. These explanations clearly match with those numbered in the figures. Working Model [Fig 1] 1. Hacker attacks a domain webserver that is configured with our model via a web browser. 2. The attack reaches the victim's webserver through the browser. 3. The victim's webserver which is configured with our model forwards the attack to the Handshake Engine. 4. .The Handshake Engine advances the attack variant to the Attack Patterns Engine in our server. 5. The Attack Patterns Engine detects the attack ans sends an intrusion warning message to the Handshake Engine. 6. The Handshake Engine communicates with the victim's domain of the intrusion performed on their server. 7. With the help of the Handshake Engine, the victim's domain dispatches a warning alert to the hacker in the same browser the attacker used to perform the intrusion. 8. The Attack Patterns Engine forwards the attack information to the Standby Unit. 9. The Handshake Engine forwards the hacker's internet protocol address to the Standby Unit. 10. The Standby Unit advances both the attacker's internet protocol address and the attack information to the Geographical Information Database. 11. The Geographical Information Database gathers the attacker's tracking information and location whereabouts and forwards them to the Alerts and Communications Engine. 12. The Alerts and Communications Engine dispatches a hacking alert to the victim's administrator and to the Cyber Investigations Department through the available fastest communications medium. The control is now forwarded to the Auto-Ban Engine. 13. The Auto-Ban Engine blocks the hacker from the victim's domain by adding the internet protocol address of the hacker in the victim's web configuration file residing in their domain. 9 j P a g e Attack Patterns Engine [Fig 2] 1. Starts the execution. 2. Reads the attack variant from the HandShake Engine. 3. Checks whether the variant matches with the existing attack variants within the engine. 4. If no match is found, ignore the other steps and stops the execution. 5. If match found, an impact rating is assigned for the attack variant. The higher the rating, the deadly the attack. 6. Checks whether the impact rating is higher or negligible. 7. If the impact rating is negligible, further steps are ignored and stops execution. 8. ff the impact rating is higher, display a warning or an alert to the attacker of the intrusion attempt performed via the Handshake Engine. 9. Forward the attack information to the Standby Unit. 10. Stops the execution. Geographical Information Database [Fig 3] The attacker's internet protocol address is provided as input to this database. The information fetched from this database depends upon the internet protocol address that is been provided. This database fetches the corresponding Country, Province, City, Latitude, Longitude, Zipcode, Timezone, Internet Service Provider and Net Speed of the attacker's internet protocol address respectively. Alerts & Communications Engine [Fig 4] 1. The attacker's tracking information is retrieved from the Geographical Information Database and forwarded to the Alerts and Communications Engine. 2. The Alerts & Communications Engine compresses and encapsulates the data received from the Geographical Information Database for proper communication purposes. 3. The Alerts and Communication Engine forwards the encapsulated information via SMS (Short-Messaging-Service), Email Alerts, FAX and through Recorded Calls. 4. The victim's domain adminstration department and the Cyber Investigations Department receive these alerts as soon as they dispatched. 10 \| P a g e Auto-Ban Engine [Fig 5] 1. The attacker's internet protocol address is retrieved from the Alerts and Communication Engine and is now advanced to the Auto-Ban Engine. 2. The Auto-Ban Engine connects to the victims' domain server via the File Transfer Protocol. 3. After connecting to the victim's domain, the Auto-Ban Engine retrieves the web configuration file from the victim server that consists of internet protocol addresses that are used to block and access the site. 4. The Auto-Ban Engine adds the attacker's internet protocol address to thetist of blocked internet protocol addresses of the victim's web configuration file. If the attacker's internet protocol address already exists, then it is just ignored. 5- After making necessary changes, the Auto-Ban Engine uploads the modified web configuration file to the victim's domain via the existing open File Transfer Protocol connection inorder to block the attacker from accessing the domain from that particular internet protocol address. 11 \| Page CLAIMS 1. Identifying hacker attack patterns carried out in a website instantly. 2. Sending attacker details & attacks performed to the website owners and to the cyber investigations department via Email Alerts. 3. Sending attacker details & attacks performed to the website owners and to the cyber investigations department via SMS Alerts. 4. Sending attacker details & attacks performed to the website owners and to the cyber investigations department via FAX Machines. 5. Sending attacker details & attacks performed to the website owners and to the cyber investigations department via Recorded Calls. 6. Tracking the internet protocol address of the attacker and alerting the website owners and the cyber investigations department. 7. Tracking the internet protcol address of the attacker and automatically banning it. 8. Tracking the Country, Region, City, Latitude, Longitude, Zipcode, Time Zone, Internet Srvice Provider, Domain and Internet Speed of the attacker and alerting the website owners and the cyber investigations department.

Full Text

BACKGROUND OF THE INVENTION
Hacker crimes are increasing day-by-day. Government Organizations, Banks, E-Commerce Applications, Public and Private Sector Organizations are the primary target for these attackers. Since attackers are very clever in switching their identity using dynamic internet protocol address and proxies it is becoming a difficult task for the cyber investigations department to track them down.
Mass website defacements, Data thefts. Online Frauds by hackers are still at large. Though there has been many intrusion detection systems under deployment, it is really impossible to warn, track and prevent hackers from attacking the applications in real-time.
Available systems can rarely track attackers only after they have committed crime. These systems searches for the attacker's protocol address in the victim's domain logs. Once acquired, detailed analysis is done to retrieve attacker's information. This system has a high probability of failure in tracking the attacker since the process is time-consuming and the attacker would have changed identity.
The main background behind this invention is to stop an attacker even before committing crime on a particular domain. The attacker is warned, tracked and prevented from further attacking the domain.
Developing in such a system will cut down hacker crimes and nab them down.
DESCRIPTION OF THE INVENTION
No hacker can compromise a website or a domain in the very first attempt. A lot of research and patience is emphasized by hackers to know the structure and working of the domain. Hackers unveil weaknesses in the domain by issuing attacks in order to know the type of vulnerability required to exploit. After discovering almost all vulnerabilities in the domain, the hacker may launch a full-fledged attack to compromise the system totally.
Hence it is clear that only after certain tries and attempts a hacker may gain access to the system or domain.
Thus the ultimate motive behind this invention is to prevent hackers even from attempting to attack the domain, warning the attacker of the intrusion attempts and thus tracking the location whereabouts of the attacker and intimating to the website owners and to the cyber investigations department via the quickest available communications medium.
The setup consists of 5 different unique units. Each has their own funtionalities. The HandShake Engine The Attack Patterns Engine The Geographical Information Database The Alerts and Communications Engine The Auto-Ban Engine
2 | P a g e

The Handshake Engine
This engine is nothing but a piece of code that is embedded within the victim's application inside the domain. The engine is unique from the other four units such that, the former is resident within the victim's server whereas the latter is resident in our server. This engine plays a vital role in control flow of information between the victim's server and our server. Without this engine, there will be no sort of communication between the victim's server and our server and thus no further processing may take place. This engine is backbone of the whole process.
Any flow of information that takes place in the victim's server will be forwarded to our server. This engine acts as a bridge between the victim server and our server and mainly works on the server's request information on the victim's domain.
Either the victim's server or our server wants to convey exchange of messages, can be achieved only with the help of this engine.
The Attack Patterns Engine
Fig 2 shows the flowchart of this engine.
This engine consists of numerous attack variations. An attack variant is type or pattern in which an attack will look like. In other words, an attack variant is itself an attack. Each and every hacker employs different styles and techniques in the attacks they perform. These variations and techniques are devised and coded within this engine.
This engine is otherwise called the "Dormant Depot of Attacks".
This engine gets the attack from the hacker as the input. This malicious input is subjected within the engine for further processes.
The subjected input is validated against the available numerous attack variations residing in the engine for a match. If a match is found for the input, then it is considered as an "intended attack".
This intended attack is furthermore checked for its effects and assigned an impact rating. The impact rating shows how dangerous an attack can be as well as the attacker. The higher the impact rating, the stronger the attack performed.
The main process behind this engine is it verifies the input for any attack. If it is an attack it immediately assigns an impact rating.
False positives will be ignored as such.
3|Page

The Geographical Information Database
Fig 3 depicts the block diagram of this database.
This database is used to retrieve almost ali geographical location information provided with the right parameters. This entity is used to track the hacker's location from where the attack is currently being performed.
The attacker's internet protocol address is subjected as input to this geographicai database to retrieve the most vital location information such as
Country
Retrieves the country in which the hacker is located.
Province
Retrieves the region or province in which the hacker is located.
- City
Retrieves the city in which the hacker is performing the attack.
Latitude
Retrieves the angular distance north or south from the equator, measured along the meridian of that particular point. [Effective in tracking down cyber-terrorists]
Longitude
Retrieves the angular distance east or west from the equator, measured along the meridian of that particular point. [Effective in tracking down cyber-terrorists]
Zip Code
Returns zip or the postal code of the hacker's location.
Time-zone
Return time-zone of the hacker's location in GMT.
- Internet Service Provider
Retrieves name of the internet service provider used by the hacker to connect to the internet. [Contacting this source may reveal more personal information about the hacker; however, chances of probability are not always high]
Internet Speed
Returns the internet speed in which the hacker is connected via the internet.
Sending this information at the right time will help the victim to evade further attacks and the cyber investigation department to nab down the hacker.
Thus the next entity comes to focus.
4 | P a g e

The Alerts & Communications Engine
Fig 4 represents the block diagram and flow of this engine.
This engine is mainly used for instant alerting and communication purpose of the hacker attacks being impinged on the victim's server. The alert information is sent to the victim's communication medium as well as the cyber investigations department communication medium, if and only if required.
The necessary information to be sent is given as input in order to forward to the communication medium. The gathered information is compressed and encapsulated in order to suit the required medium.
The communication mediums in which the information is intimated are as follows
SMS (Short Messaging Service) Alerts
o The attacker's internet protocol address is instantly sent to the victim's administration unit and to the cyber investigations department via mobile devices.
Email {Electronic Mail) Aierts
o The detailed report of the attacker's location and the complete information of the attack performed will be dispatched to the victim's administration unit and to the cyber investigations department internet mailboxes.
- FAX
o A hard copy that consists of the detailed report of the attacker's location and the complete information of the attack performed will be dispatched to the victim's administration unit and to the cyber investigations department fax machines.
Recorded Calls
o An immediate call to a standalone phone or a mobile device will be initiated. The call provides the detailed explanation of the attacker's location and the complete information of the attack performed to the victim's administration unit and to the cyber investigations department via a pre-recorded voice.
5|Page

The Auto-Ban Engine
Fig 5 shows the block diagram of this engine.
This engine plays a pivotal role in preventing an attacker from attacking or accessing the domain temporarily or permanently. When a hacker or a cyber-terrorist launches a high impact attack, the attacker's internet protocol address is recorded. To further stop the attacker from attacking the domain, the attacker's internet protocol address need to be banned from the victim's domain.
In order to accomplish this we need the web server configuration file of the victim's domain.
The web server configuration file consists of many rules. Certain rules are only discussed here, such that it can allow or restrict any number of internet protocol addresses to access that particular domain.
Hence, if the attacker's internet protocol address is added in the restricted list of addresses in the configuration file then access will be denied for the attacker from the victim's domain.
5ince these things cannot be done in an instant, that too in real-time. Thus this engine comes to light.
This engine now adds or appends the attacker's internet protocol address to the restricted list of protocol addresses of the web server configuration file after retrieving it from the victim's server via the File Transfer Protocol.
The engine now uploads the newly modified web server configuration file to the victim's domain server via the existing open File Transfer Protocol connection.
On successfully uploading the configuration file, the attacker's loses control over the domain and thus preventing the hacker from attacking the domain either temporarily or permanently till the web configuration file is modified.
6 | P a g e

BRIEF DESCRIPTION OF THE INVENTION
Fig 1 shows the detailed working of this setup.
Assuming that the below concept explains the working of our model is configured in the victim's domain.
Hackers launch attacks to the domain via browsers. A browser is a medium that is used to communicate with the websites or domains over the internet. When a hacker visits the website and attacks the domain from the browser. The attack reaches the victim's server and to the Handshake Engine that resides within the victim's server.
The Handshake Engine captures the request information (in this case, an attack} and the internet protocol address of the attacker. The Handshake Engine forwards the attack and the internet protocol address of the attacker to the Standby Unit. The Attack Patterns Engine checks for a match; this engine holds numerous attack variations residing inside. When a match is found, it is immediately assigned an impact rating. The higher the impact rating, the stronger the attack performed. False positives will be ignored as such. In case, if this attack variant has a higher rating, the Attack Patterns Engine immediately dispatches an intruder alert message to the Handshake Engine. The Handshake Engine communicates with the victim's server and displays a warning alert to the attacker for attacking the domain.
In the meantime, the Attack Patterns Engine forwards the attack information to the Standby Unit. The attack information and the internet protocol address of the attacker are retrieved from the Standby Unit and are sent to the Geographical Information Database.
The Geographical information Database is mainly used to track the whereabouts of the attacker and to know the exact location where the attacks are being carried out. It is otherwise called as "Warehouse for tracking targets". The Geographical Information Database holds almost every country information and statistics corresponding to the internet protocol address.
The tracking information include the attacker's location such as
Country Province
- City Latitude Longitude
- Zip Code Time zone
Internet Service Provider Internet Speed
This information is well enough to track down and nab the hacker.
After tracking the whereabouts of the attacker, the information must be immediately intimated to the victim's domain administration and to the cyber investigations department {if the attacker is considering being a cyber-terrorist); thus the Alerts and Communications Engine comes to picture.
7 j P a g c

The Alerts and Communications Engine gathers the attacker's information from the Geographical Information
Database and makes it ready for communications transfer purposes.
The Alerts and Communications Engine compacts the data and sends the information via
- E-Mail (Electronic Mail) Alerts
SMS (Short Messaging Service) Alerts
- FAX
Recorded Calls
These medium of transferring information are faster and reach the destinations in an instant time. Hence, these alerts are dispatched to the victim's administrator as well as to cyber investigations department for nabbing down the hacker.
The Alerts and Communications Engine compacts and encapsulates the data to be transferred in an efficient manner before sending to different communications medium. Since large data cannot be sent via SMS (Short Messaging Service).
There are certain classes of hackers who fear nothing. Even though we dispatched a warning alert to the hacker, the attacker does not care and still goes on havoc in attacking the victim's domain. In such case, the hacker has to be stopped at all costs. Thus the Auto-Ban Engine comes to focus.
The Auto-Ban Engine plays a vital role in preventing the hacker from further attacking the domain. The Auto-Ban Engine connects to the File Transfer Protocol of the victim's domain and retrieves the web server configuration file. This web server configuration file contains the internet protocol addresses that are required to access and restrict from the site.
After retrieving the web server configuration file, the Auto-Ban Engine appends the attacker's internet protocol address in the restricted internet protocol addresses list in the web server configuration file.
After making necessary changes, the Auto-Ban Engine connects to existing open File Transfer Protocoi connection of the victim's domain and uploads the modified web server configuration file.
Since the attacker's internet protocol address is in the blocked list of protocol addresses, the hacker will not be able to access the site on that particular internet protocol address for launching further attacks.
8 I P a e e

DETAILED DESCRIPTION OF DRAWINGS
The below explanations show the detailed and brief descriptions of the figures. The figures are numbered and the explanations to those numbering tags can be made dear from the below context. These explanations clearly match with those numbered in the figures.
Working Model [Fig 1]
1. Hacker attacks a domain webserver that is configured with our model via a web browser.
2. The attack reaches the victim's webserver through the browser.
3. The victim's webserver which is configured with our model forwards the attack to the Handshake Engine.
4. .The Handshake Engine advances the attack variant to the Attack Patterns Engine in our server.

5. The Attack Patterns Engine detects the attack ans sends an intrusion warning message to the Handshake Engine.
6. The Handshake Engine communicates with the victim's domain of the intrusion performed on their server.
7. With the help of the Handshake Engine, the victim's domain dispatches a warning alert to the hacker in the same browser the attacker used to perform the intrusion.
8. The Attack Patterns Engine forwards the attack information to the Standby Unit.
9. The Handshake Engine forwards the hacker's internet protocol address to the Standby Unit.
10. The Standby Unit advances both the attacker's internet protocol address and the attack information to the Geographical Information Database.
11. The Geographical Information Database gathers the attacker's tracking information and location whereabouts and forwards them to the Alerts and Communications Engine.
12. The Alerts and Communications Engine dispatches a hacking alert to the victim's administrator and to the Cyber Investigations Department through the available fastest communications medium. The control is now forwarded to the Auto-Ban Engine.
13. The Auto-Ban Engine blocks the hacker from the victim's domain by adding the internet protocol address of the hacker in the victim's web configuration file residing in their domain.
9 j P a g e

Attack Patterns Engine [Fig 2]
1. Starts the execution.
2. Reads the attack variant from the HandShake Engine.
3. Checks whether the variant matches with the existing attack variants within the engine.
4. If no match is found, ignore the other steps and stops the execution.
5. If match found, an impact rating is assigned for the attack variant. The higher the rating, the deadly the attack.
6. Checks whether the impact rating is higher or negligible.
7. If the impact rating is negligible, further steps are ignored and stops execution.
8. ff the impact rating is higher, display a warning or an alert to the attacker of the intrusion attempt performed via the Handshake Engine.
9. Forward the attack information to the Standby Unit.
10. Stops the execution.
Geographical Information Database [Fig 3]
The attacker's internet protocol address is provided as input to this database. The information fetched from this database depends upon the internet protocol address that is been provided. This database fetches the corresponding Country, Province, City, Latitude, Longitude, Zipcode, Timezone, Internet Service Provider and Net Speed of the attacker's internet protocol address respectively.
Alerts & Communications Engine [Fig 4]
1. The attacker's tracking information is retrieved from the Geographical Information Database and forwarded to the Alerts and Communications Engine.
2. The Alerts & Communications Engine compresses and encapsulates the data received from the Geographical Information Database for proper communication purposes.
3. The Alerts and Communication Engine forwards the encapsulated information via SMS (Short-Messaging-Service), Email Alerts, FAX and through Recorded Calls.
4. The victim's domain adminstration department and the Cyber Investigations Department receive these alerts as soon as they dispatched.
10 | P a g e

Auto-Ban Engine [Fig 5]
1. The attacker's internet protocol address is retrieved from the Alerts and Communication Engine and is now advanced to the Auto-Ban Engine.
2. The Auto-Ban Engine connects to the victims' domain server via the File Transfer Protocol.
3. After connecting to the victim's domain, the Auto-Ban Engine retrieves the web configuration file from the victim server that consists of internet protocol addresses that are used to block and access the site.
4. The Auto-Ban Engine adds the attacker's internet protocol address to thetist of blocked internet protocol addresses of the victim's web configuration file. If the attacker's internet protocol address already exists, then it is just ignored.
5- After making necessary changes, the Auto-Ban Engine uploads the modified web configuration file to the victim's domain via the existing open File Transfer Protocol connection inorder to block the attacker from accessing the domain from that particular internet protocol address.
11 | Page

CLAIMS
1. Identifying hacker attack patterns carried out in a website instantly.
2. Sending attacker details & attacks performed to the website owners and to the cyber investigations department via Email Alerts.
3. Sending attacker details & attacks performed to the website owners and to the cyber investigations department via SMS Alerts.
4. Sending attacker details & attacks performed to the website owners and to the cyber investigations department via FAX Machines.

5. Sending attacker details & attacks performed to the website owners and to the cyber investigations department via Recorded Calls.
6. Tracking the internet protocol address of the attacker and alerting the website owners and the cyber investigations department.
7. Tracking the internet protcol address of the attacker and automatically banning it.
8. Tracking the Country, Region, City, Latitude, Longitude, Zipcode, Time Zone, Internet Srvice Provider, Domain
and Internet Speed of the attacker and alerting the website owners and the cyber investigations department.

Documents:

2357-CHE-2008 CORRESPONDENCE OTHERS 08-08-2013.pdf

2357-CHE-2008 CORRESPONDENCE OTHERS 24-10-2013.pdf

2357-CHE-2008 CORRESPONDENCE OTHERS 28-10-2013.pdf

2357-CHE-2008 AMENDED CLAIMS 13-11-2014.pdf

2357-CHE-2008 AMENDED PAGES OF SPECIFICATION 13-11-2014.pdf

2357-CHE-2008 EXAMINATION REPORT REPLY RECEIVED 13-11-2014.pdf

2357-CHE-2008 FORM-1 13-11-2014.pdf

2357-CHE-2008 FORM-13 13-11-2014.pdf

2357-che-2008 abstract.pdf

2357-che-2008 claims.pdf

2357-che-2008 correspondence-others.pdf

2357-che-2008 description (complete).pdf

2357-che-2008 drawings.pdf

2357-che-2008 form-18.pdf

« Previous Patent

Next Patent »

Patent Number

263968

Indian Patent Application Number

2357/CHE/2008

PG Journal Number

49/2014

Publication Date

05-Dec-2014

Grant Date

28-Nov-2014

Date of Filing

25-Sep-2008

Name of Patentee

D. SHANKARNARAYANA

Applicant Address

NO.1, 1ST CROSS STREET, SRINIVASA NAGAR, GOVARDHANAGIRI, AVADI, CHENNAI - 600 071.

Inventors:

#	Inventor's Name	Inventor's Address
1	D. SHANKARNARAYANA	NO.1, 1ST CROSS STREET, SRINIVASA NAGAR, GOVARDHANAGIRI, AVADI, CHENNAI - 600 071.
2	L. RAVINDRANATH	NO.1, 1ST CROSS STREET, SRINIVASA NAGAR, GOVARDHANAGIRI, AVADI, CHENNAI - 600 071.

PCT International Classification Number

G06F15/00

PCT International Application Number

N/A

PCT International Filing date

PCT Conventions:

#	PCT Application Number	Date of Convention	Priority Country
1			NA