×

Systems and methods for IP-based intrusion detection

  • US 10,505,991 B1
  • Filed: 09/05/2018
  • Issued: 12/10/2019
  • Est. Priority Date: 03/13/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • identifying, using one or more processors of a server computer analyzing a login history comprising login request data for the server computer, a plurality of usernames, wherein each username of the plurality of usernames is associated with a corresponding login request from a first internet protocol (IP) address within a threshold time period of a first request time of a first login request, and wherein the number of usernames associated with the total number of login requests is determined by comparing each username with each other username to determine a difference value for each username pair, wherein the difference value for each username pair comprises a sum of each character change, character addition, and character subtraction required to transform a first username of each username pair into a second username of each username pair, and for each username pair identified as similar usernames having a difference value less than a threshold difference value, counting the similar usernames as a single username for the number of usernames as compared to a username threshold;

    determining that a total number of login requests from the first IP address within the threshold time period is above a credential security threshold;

    determining that a number of usernames associated with the total number of login requests is above the username threshold;

    determining that a login success ratio is below a threshold login success ratio after determining that the total number of login requests from the first IP address is above the credential security threshold; and

    in response to determining the login success ratio is below the threshold login success ratio and determining that the number of unique usernames is above the username threshold, automatically performing a security action using the server computer.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×