Method and system for processing a stream of information from a computer network using node based reputation characteristics
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-011/00
G06F-012/14
G06F-012/16
G06F-009/00
G06F-015/16
G06F-017/00
G08B-023/00
출원번호
US-0550393
(2006-10-17)
등록번호
US-8763113
(2014-06-24)
발명자
/ 주소
Thomas, Scott
Jones, David G.
출원인 / 주소
Threatmetrix Pty Ltd
대리인 / 주소
Kilpatrick Townsend & Stockton LLP
인용정보
피인용 횟수 :
11인용 특허 :
6
초록▼
A method for processing information from a variety of submitters, e.g., forensic sources. The method includes receiving information about one or more nodes from a submitter from a plurality of submitters numbered from 1 through N. In a specific embodiment, the one or more nodes are associated respec
A method for processing information from a variety of submitters, e.g., forensic sources. The method includes receiving information about one or more nodes from a submitter from a plurality of submitters numbered from 1 through N. In a specific embodiment, the one or more nodes are associated respectively with one or more IP addresses on a world wide network of computers. The method includes identifying a submitter reputation of the submitter from a knowledge base and associating a node reputation of the node based upon at least the reputation of the submitter and submitted information from the submitter. The method also transfers the node reputation.
대표청구항▼
1. A method, implemented in a computer system that includes at least one processor and at least one storage device, for determining a reputation of a node using information received electronically from a plurality of submitters, the method comprising: receiving information about one or more nodes fr
1. A method, implemented in a computer system that includes at least one processor and at least one storage device, for determining a reputation of a node using information received electronically from a plurality of submitters, the method comprising: receiving information about one or more nodes from a submitter of the plurality of submitters, the one or more nodes being associated with a network, wherein the submitter is distinct from the one or more nodes;identifying, using the at least one processor, a reputation of the submitter from a knowledge base, wherein the reputation of the submitter is determined at least by assertions associated with the submitter's past behavior and attributes from one or more submitters of a second plurality of submitters weighted by reputations of the one or more submitters;determining, using the at least one processor, a node reputation of the node based upon at least the reputation of the submitter and the received information from the submitter wherein the node reputation of the node in a context is determined by calculating the sum of all assertions from the submitter with respect to the context weighted by each submitter's reputation in the context, wherein the node reputation is expressed as a rational number based on normalized assertions, where a normalized assertion is expressed as Asxc(norm)=Asxc1n∑i=0i=nAsicwhere A denotes an assertion, Asxc is an assertion submitted by a submitter S in a context C about node X, and Asic is an assertion submitted by submitter S about node i, i=1 to n, and n is an interger;andtransferring the node reputation to a user of the computer system. 2. The method of claim 1 wherein the submitter is selected from a firewall log, a client device, a spam trap, a spam filter server, or a virus filter server. 3. The method of claim 1 further comprising assigning a policy to the node based upon at least the node reputation. 4. The method of claim 1 further comprising storing the submitter reputation in the knowledge base as legal evidence. 5. The method of claim 1 further comprising receiving information about the one or more nodes from another submitter. 6. A system for determining a reputation of an actor using information received electronically from a plurality of submitters, the system comprising: a processor;a non-transitory storage medium; andcomputer code stored in said non-transitory storage medium wherein said computer code, when retrieved from said storage medium and executed by said processor, results in:receiving information about an actor from a submitter of the a plurality of submitters the actor being associated with a network, wherein the submitter is distinct from the actor;identifying a reputation of the submitter from a knowledge base, wherein the reputation of the submitter is associated with past behavior of the submitter and is determined at least by assertions from one or more submitters from a second plurality of submitters weighted by reputations of the one or more submitters;determining a reputation of the actor based upon at least the reputation of the submitter and the received information from the submitter, wherein the reputation of the actor is determined at least by assertions regarding past behaviors of the actor from the submitter weighted by the submitter reputation; andtransferring to a user of the system the reputation of the actor;wherein the reputation of the submitter in a context is determined by calculating the sum of all assertions from the one or more submitter with respect to the context weighted by reputation in the context of each of the one or more submitters;wherein the reputation of the actor is expressed as a rational number based on normalized assertions, where a normalized assertion is expressed as Asxc(norm)=Asxc1n∑i=0i=nAsicwhere A denotes an assertion, Asxc is an assertion submitted by a submitter S in a context C about node X, and Asic is an assertion submitted by submitter S about actors i, i=1 to n, and n is an integer. 7. The system of claim 6 wherein the actor comprises an internet node. 8. The system of claim 6 wherein the actor comprises an entity controlling the behavior of a network node. 9. The system of claim 8 wherein the entity comprises a human user or an automated computer program. 10. The system of claim 6 wherein the actor comprises a combination of an internet node and an entity controlling the internet node either directly or remotely. 11. The system of claim 6 wherein the actor comprises a combination of an internet node and an entity controlling the internet node, the actor being configured to operate through a proxy. 12. The system of claim 6 wherein the actor is associated with one or more of the following identifiers: an email address of a user, an attribute, a device ID of a network node, an ISP name, a country of origin, an IP address, a host operating system, and a host ID. 13. The system of claim 6 wherein the information about the actor comprises information about fraudulent behaviors. 14. The system of claim 6 further comprising one or more codes directed to processing at least the reputation of the submitter and submitted information from the submitter by a firewall process, an intrusion detection process, or a filtering process, wherein the reputation of the actor associates the actor with fraudulent behaviors. 15. In a system for characterizing reputations of one or more nodes in a computer network environment, the system comprising at least one processor and a knowledge base implemented on at least one non-transitory storage device, the at least one non-transitory device comprises a knowledge base which, when accessed by the at least one processor, provides reputations for the one or more nodes, the knowledge base having information about a plurality of nodes, each of the nodes being assigned one or more reputation characteristics, each of the reputation characteristics comprising one or more of a plurality of properties, one or more of the properties being associated with a submitter, the submitter having a submitter reputation characteristic, wherein the submitter reputation characteristics is determined at least by assertions regarding past behaviors of the submitter from one or more submitters from a second plurality of submitters weighted by reputations of the one or more submitters;wherein the reputation characteristic of the submitter in a context is determined by calculating the sum of all assertions from the one or more submitter with respect to the context weighted by reputation in the context of each of the one or more submitters;wherein the reputation of the actor is expressed as a rational number based on normalized assertions, where a normalized assertion is expressed as Asxc(norm)=Asxc1n∑i=0i=nAsicwhere A denotes an assertion, Asxc is an assertion submitted by a submitter S in a context C about node X, and Asic is an assertion submitted by submitter S about actors i, i=1 to n, and n is an integer. 16. The system of claim 15 wherein the submitter reputation characteristic comprises a history of the submitter. 17. The system of claim 15 wherein the submitter reputation characteristic comprises a history of the submitter, the history comprising a plurality of submitter components. 18. The system of claim 17 wherein one of the submitter components is a correlation between the submitter and one or more other submitters. 19. The system of claim 17 wherein one of the submitter components is a frequency of activity of the submitter. 20. The system of claim 17 wherein one of the submitter components is a volume of activity of the submitter. 21. The system of claim 17 wherein one of the submitter components is a type of different information being provided by the submitter. 22. The system of claim 15 wherein the number of nodes is four billion. 23. The system of claim 15 wherein the number of nodes is less than one percent of a total number of active nodes. 24. A method, implemented in a computer system that includes at least one processor and at least one storage device, for creating a real time knowledge base of a plurality of nodes based on input received electronically from a plurality of submitters, the method comprising: receiving first information about one or more nodes from a first submitter of the plurality of submitters, the one or more nodes being associated with a network, wherein the submitter is distinct from the one or more nodes;identifying, using the at least one processor, a reputation of the first submitter from a knowledge base, the submitter being one of the plurality of submitters, wherein the reputation of the submitter is associated with past behavior of the submitter;determining, using the at least one processor, a node reputation of the node based upon at least the reputation of the first submitter and first submitted assertion regarding past behavior of the node from the first submitter;storing the first submitted assertion in a first portion of the knowledge base; andrepeating the receiving, identifying, associating, and storing for second information from a second submitter;wherein the node reputation of the node in a context is determined according to the following equations, Reputationxc=1mn∑s=0,x=0,c=Cm,n,C(Acxs×asserterweightcs)Reputationx=1p∑c=0pweightc×(1mn∑s=0,x=0m,nAcxs×asserterweightcs)where:Reputationxc is the reputation of node X in context C,Reputationx is the reputation of node X weighted over all context C, C=0 to p,weightc is a weight associated with context C,Asxc is an assertion submitted by a submitter S in a context C about node X, asserterweight is the assertion weighted by the submitter's reputationp is the total number of Contexts for node Xm is the total number of Submitter's submissions for a given node X and context C, n is the total number of nodes, n is an interger greater than 1, and weight is system's constant of C's importance. 25. The method of claim 24 wherein the repeating occurs automatically to update the knowledge base. 26. The method of claim 24 further comprising repeating the receiving, identifying, associating, and storing for other submitters. 27. The method of claim 24 further comprising receiving a request for submitter reputation information and transferring the submitter reputation information through the world wide network of computers. 28. The method of claim 24 wherein the receiving comprises a push process or a pull process. 29. The method of claim 24 wherein the node reputation comprises at least a score, the score being a measure of historic behavior. 30. The method of claim 24 wherein the knowledge base comprises at least 30 Gigabytes of disk space. 31. The method of claim 24 wherein the knowledge base comprises a database. 32. The method of claim 24 further comprising determining one or more zones, each of the zones representing one or more of the nodes, each of the zones being associated with a unique set of reputations.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (6)
Riddle, Guy, Classification and management of network traffic based on attributes orthogonal to explicit packet attributes.
Artz, Jr.,John C.; Bender,William; Pathak,Heeren, Method and system for identifying a visitor at a website server by requesting additional characteristic of a visitor computer from a visitor server.
Khanwalkar, Manoj; Camacho, Adler; Van Lare, Stephen; Winkler, Omer; Tuttle, Luke David; Patel, Surag I., Data structures for intelligently resolving deterministic and probabilistic device identifiers to device profiles and/or groups.
Thomas, Scott; Jones, David G., Method and system for processing a stream of information from a computer network using node based reputation characteristics.
Faulkner, Alisdair; Goldie, Colin; Jones, David, Method and system for uniquely identifying a user computer in real time using a plurality of processing parameters and servers.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.