Detecting malicious endpoints using network connectivity and flow information

Invention Grant

US08813236B1 Detecting malicious endpoints using network connectivity and flow information 有权

Title translation: 使用网络连接和流量信息检测恶意端点

Please log in to see more content

Patent Title: Detecting malicious endpoints using network connectivity and flow information
Patent Title (中): 使用网络连接和流量信息检测恶意端点
Application No.: US13735196

Application Date: 2013-01-07
Publication No.: US08813236B1

Publication Date: 2014-08-19
Inventor: Sabyasachi Saha , Lei Liu , Ruben Torres , Jianpeng Xu , Antonio Nucci
Applicant: Narus, Inc.
Applicant Address: US CA Sunnyvale
Assignee: Narus, Inc.
Current Assignee: Narus, Inc.
Current Assignee Address: US CA Sunnyvale
Agency: Fernandez & Associates, LLP
Main IPC: G06F12/14
IPC: G06F12/14 ; H04L29/06 ; H04L12/22 ; H04L9/00

Detecting malicious endpoints using network connectivity and flow information

Abstract:

A method for detecting hidden malicious network nodes. Starting from a pool of seed nodes that have previously been identified as malicious, a two-phase score propagation algorithm is employed to propagate threat scores from the seeded nodes to other nodes in an IP-address connectivity graph. Nodes with high threat score after propagation are declared to be malicious.

Abstract(Chinese):

一种用于检测隐藏的恶意网络节点的方法。从先前被识别为恶意的种子节点池开始，采用两阶段分数传播算法将威胁评分从种子节点传播到IP地址连接图中的其他节点。传播后威胁评分较高的节点被宣布为恶意的。

Information query

Espacenet

IPC分类:

G	物理
G06	计算；推算或计数
G06F	电数字数据处理（基于特定计算模型的计算机系统入G06N）
G06F12/00	安装在筛选装置之上的在存储器系统或体系结构内的存取、寻址或分配（来自记录载体的数字输入，或者到记录载体上去的数字输出，例如到磁盘存储单元，G06F3/06）
G06F12/14	.阻止存储器越权使用的保护