[특허]IP reputation

IP reputation 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	G06F-021/00 H04L-029/06
출원번호	US-0147402 (2014-01-03)
등록번호	US-8832832 (2014-09-09)
발명자 / 주소	Visbal, Alexander
출원인 / 주소	Palantir Technologies Inc.
대리인 / 주소	Knobbe, Martens, Olson & Bear, LLP
인용정보	피인용 횟수 : 46 인용 특허 : 2

초록 ▼

Systems and methods are presented for generating a threat score and a usage score of each of a plurality of IP addresses. The threat score may be determined based on quantity of occurrences and recency of each occurrence of an IP address in network alert datasets, in addition to a weighting factor f

대표청구항 ▼

1. A computer system comprising: one or more computer processors; anda tangible storage device storing one or more modules configured for execution by the one or more computer processors in order to cause the computer system to: determine an IP address for which a threat score is to be determined;access network alert datasets from each of one or more data sources, the data source comprising a computing system connected to a network and the data source has access to originating IP addresses that correspond to a communication protocol of the network, and wherein the network alert datasets comprise: a plurality of recorded network threat events, date and time of each of the plurality of recorded network threat events, an originating IP address for each of the plurality of recorded network threat events, and an event type of each of the plurality of recorded network threat events;determine which of the network alert datasets includes one or more occurrences of the IP address, wherein each occurrence indicates a threat by the IP address;for each of the data sources for which the IP address is a member of the corresponding network alert dataset: determine a quantity of occurrences of the IP address in the network alert dataset;determine a recency of each occurrence of the IP address in the network alert dataset, wherein recency is determined based at least in part on an amount of time between respective occurrences of the IP address in the network alert dataset and a current time, and wherein recency is further determined based at least in part on a cumulative calculation of the amount of time between respective occurrences of the IP address in the network alert dataset and the current time;determine a weighting factor for each of the data sources indicating a likelihood that a perceived threat of the IP address in the network alert dataset is an actual threat, wherein the likelihood is based at least in part on historical data of past threat events for the respective data source of the IP address in the network alert dataset; anddetermine the threat score for the IP address based at least on the determined quantity of occurrences, the recency of occurrences, and the weighting factor for each of the data sources. 2. The computer system of claim 1, wherein determining the threat score for the IP address further comprises adjusting the threat score based on the event type of each of the plurality of recorded network threat events. 3. The computer system of claim 2, wherein the event type comprises at least one of malicious attack, advertising, peer-to-peer communication, illegal activity, or spying activity. 4. The computer system of claim 1, wherein the weighting factors are further determined based at least in part on at least one of a quantity or a percentage of network threat events previously provided by a data source that were determined to be actual network threats. 5. The computer system of claim 4, wherein a particular network threat event reported by a first data source is determined to be an actual network threat based on threat data received from one or more other data sources. 6. The computer system of claim 1, wherein each of the data sources comprises at least one of a proprietary network monitoring system, a firewall, a network device access log, a mobile hotspot log, or a Virtual Private Network access log. 7. The computer system of claim 1, wherein the recency of each occurrence of the IP address is further determined based at least in part on a function of the amount of time between the date and time of respective occurrences. 8. The computer system of claim 7, wherein the function is at least one of an exponential decay function, a constant decay function, a step decay function, a linear decay function, a weibull decay function, a hill decay function, or a smooth-compact decay function. 9. The computer system of claim 1, further comprising one or more modules stored on the tangible storage device, the one or more modules configured for execution by the one or more computer processors in order to cause the computer system to: present a report comprising the threat score for the IP address. 10. A computer system comprising: one or more computer processors; anda tangible storage device storing one or more modules configured for execution by the one or more computer processors in order to cause the computer system to: determine an IP address for which a usage score is to be determined;access network usage datasets from each of one or more data sources, the data source comprising a computing system connected to a network and the data source has access to originating IP addresses that correspond to a communication protocol of the network, and wherein the network usage datasets comprise: a plurality of recorded network usage events, date and time of each of the plurality of recorded network usage events, an originating IP address for each of the plurality of recorded network usage events, and an event type of each of the plurality of recorded network usage events;determine which of the network usage datasets includes one or more occurrences of the IP address, wherein each occurrence indicates a usage by the IP address;for each of the data sources for which the IP address is a member of the corresponding network usage dataset: determine a quantity of occurrences of the IP address in the network alert dataset;determine a recency of each occurrence of the IP address in the network usage dataset, wherein recency is determined based at least in part on an amount of time between date and time of respective occurrences of the IP address in the network alert dataset and a current time, and wherein recency is further determined based at least in part on a cumulative calculation of the amount of time between respective occurrences of the IP address in the network usage dataset and the current time;determine a weighting factor for each of the data sources indicating a likelihood that a perceived threat of the IP address in the network usage dataset is an actual threat, wherein the likelihood is based at least in part on historical data of activities associated with each of the respective data sources; anddetermine an usage score for the IP address based at least on the determined quantity of occurrences, the recency of occurrences, and the weighting factor for each of the data sources. 11. The computer system of claim 10, wherein determining the usage score for the IP address further comprises adjusting the usage score to constrain the usage score to a value between 0 and 1. 12. The computer system of claim 10, wherein the recency of each occurrence of the IP address is further determined based at least in part on a function of the amount of time between the date and time of respective occurrences. 13. The computer system of claim 12, wherein the function is at least one of an exponential decay function, a constant decay function, a step decay function, a linear decay function, a weibull decay function, a hill decay function, or a smooth-compact decay function. 14. The computer system of claim 10, wherein the event type comprises at least one of VPN connection, proxy server connection, or authorized account log in. 15. A non-transitory computer-readable storage medium storing computer-executable instructions configured to direct a computing system to: determine an IP address for which a threat score is to be determined;access network alert datasets from each of one or more data sources, the data source comprising a computing system connected to a network and the data source has access to originating IP addresses that correspond to a communication protocol of the network, and wherein the network alert datasets comprising: a plurality of recorded network threat events, date and time of each of the plurality of recorded network threat events, an originating IP address for each of the plurality of recorded network threat events, and an event type of each of the plurality of recorded network threat events;determine which of the network alert datasets includes one or more occurrences of the IP address, wherein each occurrence indicates a threat by the IP address;for each of the data sources for which the IP address is a member of the corresponding network alert dataset: determine a quantity of occurrences of the IP address in the network alert dataset;determine a recency of each occurrence of the IP address in the network alert dataset, wherein recency is determined based at least in part on an amount of time between respective occurrences of the IP address in the network alert dataset and a current time, and wherein recency is further determined based at least in part on a cumulative calculation of the amount of time between respective occurrences of the IP address in the network alert dataset and the current time;determine a weighting factor for each of the data sources indicating a likelihood that a perceived threat of the IP address in the network alert dataset is an actual threat, wherein the likelihood is based at least in part on historical data of past threat events for the respective data source of the IP address in the network alert dataset; anddetermine the threat score for the IP address based at least on the determined quantity of occurrences, the recency of occurrences, and the weighting factor for each of the data sources. 16. The non-transitory computer-readable storage medium of claim 15, wherein determining the threat score for the IP address further comprises adjusting the threat score based on the event type of each of the plurality of recorded network threat events. 17. The non-transitory computer-readable storage medium of claim 16, wherein the event type comprises at least one of malicious attack, advertising, peer-to-peer communication, illegal activity, or spying activity. 18. The non-transitory computer-readable storage medium of claim 15, wherein the weighting factors are determined based at least in part on at least one of a quantity or a percentage of network threat events previously provided by a data source that were determined to be actual network threats. 19. The non-transitory computer-readable storage medium of claim 15, wherein a particular network threat event reported by a first data source is determined to be an actual network threat based on threat data received from one or more other data sources. 20. The non-transitory computer-readable storage medium of claim 15, wherein each of the data sources comprises at least one of a proprietary network monitoring system, a firewall, a network device access log, a mobile hotspot log, or a Virtual Private Network access log.

이 특허에 인용된 특허 (2)

Aymeloglu, Andrew; Tan, Garry; Simler, Kevin; Miyake, Nick, Generating dynamic date sets that represent market conditions.
상세보기
Kantrowitz, Mark, Method and apparatus for efficient identification of duplicate and near-duplicate documents and text spans using high-discriminability text fragments.
상세보기

이 특허를 인용한 특허 (46)

Thomson, Allan; Coleman, Christopher D., Apparatuses, methods and systems for a cyber threat confidence rating visualization and editing user interface.
상세보기
Phillips, Ian, Assessing risk associated with firewall rules.
상세보기
Golshan, Ali; Jiang, Xuyang; Yang, Yang, Caching network generated security certificates.
상세보기
Hovor, Elvis; Mulchandani, Shaan; Carver, Matthew, Computer asset vulnerabilities.
상세보기
Jalan, Rajkumar; Groves, Vernon Richard, Context aware threat protection.
상세보기
Hovor, Elvis; Rozmiarek, David William; Burkett, Robin Lynn; Carver, Matthew; El-Sharkawi, Mohamed H., Contextualization of threat data.
상세보기
Albertson, Jacob; Hildebrandt, Melody; Singh, Harkirat; Sankar, Shyam; Ducott, Rick; Maag, Peter; Kimball, Marissa, Cyber security sharing and identification system.
상세보기
Golshan, Ali, DNS denial of service attack protection.
상세보기
Falkowitz, Oren; Syme, Philip, Detecting computer security threats in electronic documents based on structure.
상세보기
Falkowitz, Oren; Syme, Philip, Detecting computer security threats in electronic documents based on structure.
상세보기
Nandy, Biswajit; Seddigh, Nabil; Makkar, Rupinder Singh; Halabian, Hassan; Lambadaris, Ioannis, Detection of anomaly in network flow data.
상세보기
Friedel, Michael, Distributed denial of service cellular signaling.
상세보기
Jalan, Rajkumar; Sankar, Swaminathan; Kamat, Gurudeep, Distributed system to determine a server's health.
상세보기
Rambo, Douglas C.; Trudeau, Steven M.; Hughes, Titanya; Colehouse, Michael; Calabro, Timothy J.; Nguyen, Vincent N.; Brenden, Ben D., Enterprise security measures.
상세보기
Gareau, Terrence, Flagging security threats in web service requests.
상세보기
Han, Liang; Yang, Yang, Generating secure name records.
상세보기
Thompson, Micheal; Groves, Vernon Richard, Health monitor based distributed denial of service attack mitigation.
상세보기
Thompson, Micheal; Groves, Vernon Richard, Health monitor based distributed denial of service attack mitigation.
상세보기
Jiang, Xuyang; Golshan, Ali, Implementing and optimizing secure socket layer intercept.
상세보기
Dennison, Drew; Stowe, Geoff; Anderson, Adam, Malicious software detection in a computing system.
상세보기
Falk, Matthew; Yousaf, Timothy; Staehle, Joseph; Lemanowicz, Lucas; Noury, Sebastien; Lim, Robin; Glazer, Michael, Malware data item analysis.
상세보기
Falk, Matthew; Yousaf, Timothy; Staehle, Joseph; Lemanowicz, Lucas; Noury, Sebastien; Lim, Robin; Glazer, Michael, Malware data item analysis.
상세보기
He, Yichao; Yang, Yang; Golshan, Ali, Measurement of application response delay time.
상세보기
Diebenbusch, Stefan; Hof, Christian; Nufer, Christoph, Method and apparatus for testing a security of communication of a device under test.
상세보기
Diebenbusch, Stefan; Hof, Christian; Nufer, Christoph, Method and apparatus for testing a security of communication of a device under test.
상세보기
Rogers, Steven; Moore, Sean, Methods and systems for protecting a secured network.
상세보기
Rogers, Steven; Moore, Sean; Ahn, David K.; Geremia, Peter P., Methods and systems for protecting a secured network.
상세보기
Lefebvre, Michael L.; Carver, Matthew; Ellett, Eric; Negm, Walid; DiValentin, Louis William; Solderitsch, James J., Network anomaly detection.
상세보기
Stiansen, Tommy; Perlstein, Alfred; Foss, Jr., Sheldon, Network appliance for dynamic protection from risky network activities.
상세보기
Beatty, Robert; Frayman, Yuri; von Gravrock, Einaras, Network security analysis for smart appliances.
상세보기
von Gravrock, Einaras; Frayman, Yuri; Beatty, Robert, Network security analysis for smart appliances.
상세보기
von Gravrock, Einaras; Frayman, Yuri; Beatty, Robert, Network security analysis for smart appliances.
상세보기
Yang, Yang; Golshan, Ali, Perfect forward secrecy distributed denial of service attack detection.
상세보기
Bray, Jenelle; Tang, Grace, Rating IP addresses based on interactions between users and an online service.
상세보기
Ahn, David K.; George, Keith A.; Geremia, Peter P.; Mallett, III, Pierre; Moore, Sean; Perry, Robert T.; Rogers, Jonathan R., Rule-based network-threat detection.
상세보기
Ahn, David K.; George, Keith A.; Geremia, Peter P.; Mallett, III, Pierre; Moore, Sean; Perry, Robert T.; Rogers, Jonathan R., Rule-based network-threat detection.
상세보기
Dosovitsky, Gennady, Secure data flow open information analytics.
상세보기
Oshiba, Dennis Isao, System and method for customizing the identification of application or content type.
상세보기
Visbal, Alexander, System and method for evaluating network threats.
상세보기
Visbal, Alexander, System and method for evaluating network threats and usage.
상세보기
Oshiba, Dennis Isao, System and method of updating modules for application or content identification.
상세보기
Spurlock, Joel R.; Teddy, John D., System and method to combine multiple reputations.
상세보기
Spurlock, Joel R.; Teddy, John D., System and method to combine multiple reputations.
상세보기
Jalan, Rajkumar; Szeto, Ronald Wai Lun; Wu, Steven, Systems and methods for network access control.
상세보기
Jalan, Rajkumar; Szeto, Ronald Wai Lun; Wu, Steven, Systems and methods for network access control.
상세보기
Stiansen, Tommy, Systems and platforms for intelligently monitoring risky network activities.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

IP reputation 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (2)

이 특허를 인용한 특허 (46)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

IP reputation 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (2)

이 특허를 인용한 특허 (46)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트