Method and system for processing a stream of information from a computer network using node based reputation characteristics
First Claim
1. A method, implemented in a computer system that includes at least one processor and at least one storage device, for determining a reputation of a node in a context using information received electronically from a plurality of submitters, the method comprising:
- receiving, using the at least one processor, first information about one or more nodes from a first submitter of the plurality of submitters and second information about one or more nodes from a second submitter of the plurality of submitters, the one or more nodes being associated with a network;
identifying, using the at least one processor, a first reputation of the first submitter in the context and a second reputation of the second submitter in the context from a knowledge base,wherein a reputation of a submitter in a given context is based at least on assertions associated with past behavior of the submitter in the given context and attributes from each of the other submitters of the plurality of submitters, each assertion from each submitter of the other submitters of the plurality of submitters weighted by a reputation of the submitter in the given context;
calculating, using the at least one processor, a node reputation of the node in the context based upon at least the first reputation of the first submitter in the context and the first information received from the first submitter and the second reputation of the second submitter in the context and the second information received from the second submitter,wherein the node reputation of the node in a context is determined by calculating a sum of assertions from the submitter with respect to the context weighted by each submitter'"'"'s reputation in the context, wherein the node reputation is expressed as a rational number based on normalized assertions, wherein a normalized assertion is expressed as;
1 Assignment
0 Petitions
Accused Products
Abstract
A method for processing information from a variety of submitters, e.g., forensic sources. The method includes receiving information about one or more nodes from a submitter from a plurality of submitters numbered from 1 through N. In a specific embodiment, the one or more nodes are associated respectively with one or more IP addresses on a world-wide network of computers. The method includes identifying a submitter reputation of the submitter from a knowledge base and associating a node reputation of the node based upon at least the reputation of the submitter and submitted information from the submitter. The method also transfers the node reputation.
71 Citations
20 Claims
-
1. A method, implemented in a computer system that includes at least one processor and at least one storage device, for determining a reputation of a node in a context using information received electronically from a plurality of submitters, the method comprising:
-
receiving, using the at least one processor, first information about one or more nodes from a first submitter of the plurality of submitters and second information about one or more nodes from a second submitter of the plurality of submitters, the one or more nodes being associated with a network; identifying, using the at least one processor, a first reputation of the first submitter in the context and a second reputation of the second submitter in the context from a knowledge base, wherein a reputation of a submitter in a given context is based at least on assertions associated with past behavior of the submitter in the given context and attributes from each of the other submitters of the plurality of submitters, each assertion from each submitter of the other submitters of the plurality of submitters weighted by a reputation of the submitter in the given context; calculating, using the at least one processor, a node reputation of the node in the context based upon at least the first reputation of the first submitter in the context and the first information received from the first submitter and the second reputation of the second submitter in the context and the second information received from the second submitter, wherein the node reputation of the node in a context is determined by calculating a sum of assertions from the submitter with respect to the context weighted by each submitter'"'"'s reputation in the context, wherein the node reputation is expressed as a rational number based on normalized assertions, wherein a normalized assertion is expressed as; - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for determining a reputation of an actor associated with a network using information received electronically from a plurality of submitters, the system comprising:
-
a processor; a non-transitory storage medium; and computer code stored in said non-transitory storage medium, wherein said computer code, when retrieved from said storage medium and executed by said processor, results in; receiving information about the actor from a submitter of the plurality of submitters; identifying a reputation of the submitter in the context from a knowledge base, wherein the reputation of the submitter is associated with past behavior of the submitter and is determined at least by assertions from one or more submitters from a second plurality of submitters weighted by reputations of the one or more submitters; calculating a reputation of the actor in the context by based upon at least the reputation of the submitter in the context and the information received from the submitter in the context, wherein the reputation of the actor in the context is determined at least by assertions regarding past behaviors of the actor in the context from the submitter weighted by the reputation of the submitter in the context; transferring to a user of the system the reputation of the actor in the context, wherein the reputation of the submitter in a context is determined by calculating a sum of assertions from the one or more submitters with respect to the context weighted by each submitter'"'"'s reputation in the context, wherein the reputation of the actor is expressed as a rational number based on normalized assertions, wherein a normalized assertion is expressed as; - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable medium storing instructions that, when executed by one or more processors of a system, cause the one or more processors to perform a set of steps comprising:
-
receiving information about one or more nodes from a plurality of submitters, the one or more nodes being associated with a network; identifying, using the at least one processor, a reputation of each submitter of the plurality of submitters from a knowledge base, wherein the reputation of the submitter is associated with past behavior of the submitter; calculating, using the at least one processor, a node reputation of a node of the one or more nodes, wherein the node reputation of the node in a context is determined according to the equations; - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification