Description:TECHNICAL FIELD
The present disclosure relates generally to detecting security threats, and more specifically relates to identification, reporting and mitigation resolution against potential indicator of compromises in a system or application, that allows individuals and enterprises to check their computer systems, computer networks, and computer apps for potential security threats.

BACKGROUND ART
[0001] Hackers and other cybercriminals today are engaged in hacking-related activities while looking out for potential weaknesses in the systems and applications. Many organizations and businesses are fighting this. Businesses, institutions, and even people must periodically or on occasion examine their IT systems and apps for security-related problems and potential weak spots long before a hacker tries to take over these systems and applications. Adopting VAPT, also known as vulnerability assessment and penetration testing, will help.

[0002] Although technology is becoming increasingly reliable, there is still a danger that your server could malfunction or that your Internet connection could become disconnected. Working online also entails the possibility of a lost email or a sluggish response. Not to mention the frequency of cyber-attacks that happen every day on your devices.

[0003] There are a lot of technologies that exist in the market to protect your digital footprint. However, these products or services don’t come free. They either consume your bank balance or your storage space or both. Some of these products also are difficult to use and thus need experienced professionals to handle them. The problems lie in the gap between the existing technologies and the knowledge of how to use it.

[0004] Nowadays, there are techniques that exists which can help track the IP addresses. For example, reference can be made to US9800592B2 which discloses detecting anomalies in traffic flows. Further, reference can be made to US9742795B1 which discloses one or more techniques for mitigating attacks in a network. However, none of the known techniques disclose techniques for identifying techniques for attack from different routes in a network.

[0005] OBJECTS OF THE INVENTION

[0006] The principal object of the present invention is to provide techniques for identifying attack from different routes in a network.

[0007] Another object of the present invention is to provide techniques for getting a list of the devices connected to a network, along with their IP addresses.

[0008] Another object of the present invention is to provide techniques for enumerating details of a device connected to a network.

[0009] Another object of the present invention is to provide techniques for finding out sub domains or sub directories of a specific domain or an IP address.

[0010] Another object of the present invention is to provide techniques for finding details of a specific domain like firewall configuration, server configuration and domain registry details.

[0011] Another object of the present invention is to provide techniques for checking the strength of password and suggesting solutions to make password strong.

SUMMARY OF THE INVENTION

[0012] In one embodiment, a system for identifying attacks from different routes in a network is disclosed. The system comprises a host detector configured to determine a list of devices connected to the network, a host scanner configured to enumerate details of a device connected to a network, a URL scanner configured to find out sub domains or sub directories of a specific domain or an IP address, a domain scanner configured to find details of the specific domain, and a password checking unit configured to check the strength of a password set by a user.

[0013] In another embodiment, a method for identifying attacks from different routes in a network is disclosed. The method comprises determining a list of devices connected to the network, enumerating details of a device connected to a network, finding out sub domains or sub directories of a specific domain or an IP address, finding details of the specific domain, and checking the strength of a password set by a user.

BRIEF DESCRIPTION OF DRAWINGS
[0014] Figure 1 illustrates a system for identifying attacks from different routes in a network, in accordance with one embodiment of the present invention.

[0015] Figure 2 illustrates a network environment, in accordance with one embodiment of the present invention.

[0016] Figure 3 illustrates routing of a request through a plurality of servers, in accordance with one embodiment of the present invention.

[0017] Figure 4 illustrating a flowchart of a method for identifying attacks from different routes in a network, in accordance with the present invention.

DETAILED DESCRIPTION OF THE INVENTION
[0018] While the present invention is described herein by way of example using embodiments and illustrative drawings, those skilled in the art will recognize that the invention is not limited to the embodiments of drawing or drawings described and are not intended to represent the scale of the various components. Further, some components that may form a part of the invention may not be illustrated in certain figures, for ease of illustration, and such omissions do not limit the embodiments outlined in any way. It should be understood that the drawings and the detailed description thereto are not intended to limit the invention to the particular form disclosed, but on the contrary, the invention is to cover all modifications, equivalents, and alternatives falling within the scope of the present invention as defined by the appended claim.

[0019] As used throughout this description, the word "may" is used in a permissive sense (i.e. meaning having the potential to), rather than the mandatory sense, (i.e. meaning must). Further, the words "a" or "an" mean "at least one” and the word “plurality” means “one or more” unless otherwise mentioned. Furthermore, the terminology and phraseology used herein are solely used for descriptive purposes and should not be construed as limiting in scope. Language such as "including," "comprising," "having," "containing," or "involving," and variations thereof, is intended to be broad and encompass the subject matter listed thereafter, equivalents, and additional subject matter not recited, and is not intended to exclude other additives, components, integers, or steps. Likewise, the term "comprising" is considered synonymous with the terms "including" or "containing" for applicable legal purposes. Any discussion of documents, acts, materials, devices, articles, and the like are included in the specification solely for the purpose of providing a context for the present invention. It is not suggested or represented that any or all these matters form part of the prior art base or were common general knowledge in the field relevant to the present invention.

[0020] In this disclosure, whenever a composition or an element or a group of elements is preceded with the transitional phrase “comprising”, it is understood that we also contemplate the same composition, element, or group of elements with transitional phrases “consisting of”, “consisting”, “selected from the group of consisting of, “including”, or “is” preceding the recitation of the composition, element or group of elements and vice versa.

[0021] The present invention is described hereinafter by various embodiments with reference to the accompanying drawing, wherein reference numerals used in the accompanying drawing correspond to the like elements throughout the description. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiment set forth herein. Rather, the embodiment is provided so that this disclosure will be thorough and complete and will fully convey the scope of the invention to those skilled in the art. In the following detailed description, numeric values and ranges are provided for various aspects of the implementations described. These values and ranges are to be treated as examples only and are not intended to limit the scope of the claims. In addition, several materials are identified as suitable for various facets of the implementations. These materials are to be treated as exemplary and are not intended to limit the scope of the invention.

[0022] Referring to FIG. 1, a system 100 for identifying attacks from different routes in a network is illustrated. The system 100 comprises a host detector 102, host scanner 104, universal resource locator (URL) scanner 106, domain scanner 108, password checking unit 110, a memory 112 and a processor 114 coupled to various components of the system 100. The various components of the system 100 are placed at different locations. For example, some components may be present at a server 202, at plurality of user devices 204 and/or a network 206. The processor 114 may control the operations of various components present in the system 100.

[0023] FIG. 2 illustrates a network environment 200 showing connection between the server 202, the plurality of user devices 204 and the network. The plurality of user devices 204 are connected with the server 202 via a network 206. The plurality of user devices 204 may try to establish a connection with the server 202 for sending communications. In one embodiment, the communications may include sending emails to other users or requesting content from the server 202. As shown in FIG. 2, the user devices 204 may be any computing devices which are compatible to access the internet, for example, but not limited to, mobile device, computer device, laptop, tablets, etc.

[0024] The server 202 may be placed at a physical location and the plurality of user devices 204 from all over the world may access the server 202. The server 202 may be any server responsible for handling email communications. In one embodiment, the server 202 may be responsible for sending content in response to request from various user devices 204. As explained above, the server 202 is able to recognize a user device 204 from the plurality of user devices 204 using a unique internet protocol (IP) address associated with each of the user device 204.

[0025] In one embodiment, any IP address can be traced and tracked. Any IP address may include IP address of any user device 204. In one embodiment, the IP information may include public address of a web server to reveal geographic information, holder information and registration information of the server. In one embodiment, the IP address may be IPv4 or IPv6 addresses. In one embodiment, the IP address may be 32-bit or 64-bit address. In one embodiment, the IP address may be associated with email communications. The email communications may include headers in them. The headers may include IP addresses.

[0026] Although, only one server 202 is shown, there may be a plurality of servers which may be placed at different locations. For example, FIG. 3 shows requests being routed to server 202 via a plurality of servers. Thus, to access the server 202 placed at location 4, the request from the user device 204 may be routed through servers placed at location 1, location 2, location 3. Thus, a visual route may be created for the request routed from the user device 204 for accessing the content from the server 202. In order to identify a user device 204 which is trying to access the content from the server 202 in an unauthorized way, it is necessary to identify the visual route of the request. Thus, once the visual route is traced, it is then easy to identify the user device 202.

[0027] Referring back to FIG. 1 now, various components of the system 100 are explained below. For example, the various components of the system 100 may be provided in the server 202, the plurality of user devices 204 and the network 206. For example, the components host detector 102, host scanner 104 may be provided at the network 206, the URL scanner 106 and the domain scanner 108 may be provided at the server 202 while the password checking unit 110 may be provided at the plurality of user devices 204. The presence of various components at various locations are merely for explanation purposes and the various components may be placed at any location until the functions of the components are fulfilled.

[0028] The host detector 102 is responsible for scanning the network 206. As mentioned above, there may be the plurality of user devices 204 connected to the network 206. The network 206 maintains a list of all the user devices 204 connected to the network 206. The list of user devices 204 may be present at different locations around the world. In one embodiment, the network 206 also stores internet protocol (IP) of all the user devices 204 connected to the network 206. The host scanner 102 is present at the network 206 and help extract the details of all the user devices 204 which are connected to the network 206 along with their IP addresses. In one embodiment, the host scanner 102 may also store location of respective user devices 204 which are connected to the network 206.

[0029] The host scanner 104 is responsible for scanning the host. The host may include the server 202 and/or the plurality of user devices 204. The host scanner 104 scans the server 202 to identify a list of user devices 204 connected to the server 202. In one embodiment, the host scanner 104 may also store a list of user devices 204 along with various server locations via which the request from the user devices 204 is routed to the server 202 as shown in FIG. 3.

[0030] In one embodiment, the host scanner 104 may be present at each of the user device 204. The host scanner 104 may identify a list of server 102/servers to which the user devices 204 are connected to. For example, the list may include all the IP address of the servers to which the request from the user device reaches the server 102. In other words, the list may include IP address of all the servers as shown in FIG. 3 via which the request reaches the server 102.

[0031] The URL scanner 106 is responsible for scanning the universal resource locator (URL) addresses. A webpage's URL—such as http://support.google.com/google-ads—is made up of a domain name (here it's "google"), a domain category (".com"), and sometimes other elements like a subdomain ("support") and path ("/google-ads"). The URL scanner 106 may maintain a list of domain names, a list of domain categories, a list of subdomains and a list of paths. The URL scanner 106 may store all the above lists or some of the lists from the above lists.

[0032] The domain scanner 108 is responsible for scanning domain name. The domain scanner 108 is responsible for identifying details of a specific domain like firewall configuration, server configuration and domain registry details. The domain scanner 108 may be present on each of the user devices 204. The domain scanner 108 may prepare a list of firewall configuration, a list of server configuration and a list of domain registry details.

[0033] The password checking unit 110 may be present at each of the user devices 204. The password checking unit 110 is responsible for checking the strength of the password which may be set by a user. The password checking unit 110 may also be responsible for suggesting passwords to the user if it is identified that the strength of the password is not strong. In one embodiment, the password checking unit 110 may also be present on the server 202. In this embodiment, the user device 204 may send the password set by the user to the server 202 where the password checking unit 110 may run in real time to check the strength of the password. In one embodiment, the password set by the user may be stored in the memory 112.

[0034] With the system 100, attacks from different routes may be determined. For example, attacks by scanning the network, attacks by scanning the host, scanning URL address, scanning domain names, scanning password strength can help to determine if the attacks occur from any of the locations. Further, a user may be presented with the lists as determined from any of the components of the system 100.

[0035] Referring to FIG. 4 now, a flowchart of a method 400 for identifying attacks from different routes in a network is disclosed. At step 402, the method 400 comprises enabling the user to discover a list of gadgets and their IP addresses that are linked to the user's network. At step 404, the method comprises enabling users to list specifics of a device that is network-connected. At step 406, the method comprises allowing user to find out sub domains or sub directories of a specific domain or an IP address. At step 408, the method comprises allowing user to find details of a specific domain like firewall configuration, server configuration and domain registry details. At step 410, the method comprises checking the strength of your password and will suggest solutions to make your password strong.

[0036] The various actions, acts, blocks, steps, or the like in the flow diagram may be performed in the order presented, in a different order or simultaneously. Further, in some embodiments, some of the actions, acts, blocks, steps, or the like may be omitted, added, modified, skipped, or the like without departing from the scope of the invention.

[0037] Although particular embodiments of the invention have been described in detail for purposes of illustration, various modifications and enhancements may be made without departing from the spirit and scope of the invention.
, C , Claims:I/We Claim:
1. A system 100 for identifying attacks from different routes in a network, the system comprises:
a host detector 102 configured to determine a list of devices connected to the network;
a host scanner 104 configured to enumerate details of a device connected to a network 206;
a URL scanner 106 configured to find out sub domains or sub directories of a specific domain or an IP address;
a domain scanner 108 configured to find details of the specific domain; and
a password checking unit 110 configured to check the strength of a password set by a user.

2. The system as claimed in claim 1, wherein the password checking unit is further configured to suggest password if the strength of the password set by the user is weak.

3. The system as claimed in claim 1, further comprising a server and a plurality of user devices connected to the network.

4. The system as claimed in claim 1, wherein the specific domain comprises firewall configuration, server configuration and domain registry details.

5. The system as claimed in claim 1, wherein the user is presented with results from various components of the system.

6. A method for identifying attacks from different routes in a network using the system as claimed in claim 1, wherein the method comprises:
determining a list of devices connected to the network;
enumerating details of a device connected to a network;
finding out sub domains or sub directories of a specific domain or an IP address;
finding details of the specific domain; and
checking the strength of a password set by a user.

7. The method as claimed in claim 6, further comprising suggesting password if the strength of the password set by the user is weak.

8. The method as claimed in claim 6, further comprising connecting a server and a plurality of user devices via the network.

9. The method as claimed in claim 6, wherein the specific domain comprises firewall configuration, server configuration and domain registry details.

10. The method as claimed in claim 6, further comprising presenting with results from various components of the system.