Method and system for detecting and stopping illegitimate communication attempts on the internet

US 20060130147A1
Filed: 12/14/2005
Published: 06/15/2006
Est. Priority Date: 12/15/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method of identifying and stopping illegitimate communication attempts on the internet, comprising the steps of:

collecting statistics of a sending IP address from a plurality of subscribers and storing said statistics in a central database;

calculating a risk assessment factor from said statistics of the risk that the sending IP address is controlled by an abusive message sender; and

distributing said risk assessment factor to the plurality of subscribers so that each of said plurality of subscribers may determine whether to accept a connection request from said sending IP address according to a locally set policy at each of said plurality of subscribers.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The method and system of identifying and stopping illegitimate communication attempts on the internet includes collecting statistics of a sending IP address from a plurality of subscribers and storing said statistics in a central database. A risk assessment factor is calculated from the statistics to determine the risk that the sending IP address is controlled by an abusive message sender. Afterwards, the risk assessment factor is distributed to the plurality of subscribers so that each of the subscribers may determine whether to accept a connection request from a particular sending IP address according to its own locally set policy.

48 Citations

View as Search Results

24 Claims

1. A method of identifying and stopping illegitimate communication attempts on the internet, comprising the steps of:
- collecting statistics of a sending IP address from a plurality of subscribers and storing said statistics in a central database;
  
  calculating a risk assessment factor from said statistics of the risk that the sending IP address is controlled by an abusive message sender; and
  
  distributing said risk assessment factor to the plurality of subscribers so that each of said plurality of subscribers may determine whether to accept a connection request from said sending IP address according to a locally set policy at each of said plurality of subscribers.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein said risk assessment factor is distributed every five minutes.
  - 3. The method of claim 1, wherein the step of calculating a risk assessment factor includes using a genetic algorithm to predict the risk assessment factor.
  - 4. The method of claim 1, wherein the step of calculating a risk assessment factor includes using a statistical method based on the volume of connections requests received over a predetermined period of time to predict the risk assessment factor.
  - 5. The method of claim 1, further comprising the steps of:
    - collecting evidence that sending IP address of the sending source is rogue; and
      
      forwarding said evidence to a registered owner of the sending IP address.
  - 6. The method of claim 5, further comprising the step of forwarding said evidence to law enforcement and regulatory authorities.

7. A method of identifying and stopping illegitimate communication attempts on the internet, comprising the steps of:
- receiving a connection request from a sending source having an IP address;
  
  compiling statistics of the sending characteristics of the IP address of the sending source;
  
  storing said statistics in a local database;
  
  posting said statistics to a central database having a plurality of statisitics compiled from a plurality of subscribers about the IP address of the sending source;
  
  calculating a risk assessment factor from said plurality of statistics;
  
  updating the local database with the risk assessment factor; and
  
  determining whether to allow the connection request by comparing the risk assessment factor of the IP address of the sending source against a locally set policy on acceptable risk.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 8. The method of claim 7, further comprising the step of issuing a temporary connection failure to the IP address of the sending source.
  - 9. The method of claim 7, further comprising the step of leaving the connection request unanswered.
  - 10. The method of claim 7, wherein said step of compiling statistics of the sending characteristics of the IP address of the sending source, comprises the step of recording the interval at which the sending source sends internet services messages.
  - 11. The method of claim 7, wherein said step of compiling statistics of the sending characteristics of the IP address of the sending source, comprises the step of recording the volume of requests received from the IP address of the sending source.
  - 12. The method of claim 7, wherein said step of storing statistics in a local database comprises the step of recording a triple consisting of the IP address of the sending source, the sender identification, and receiver identification of the connection request.
  - 13. The method of claim 7, further comprising the steps of:
    - collecting evidence of the sending source; and
      
      posting said evidence to the central database.
  - 14. The method of claim 13, further comprising the step of sending said evidence to the registered owner of the IP address.
  - 15. The method of claim 13, further comprising the step of sending said evidence to law enforcement and regulatory authorities.
  - 16. The method of claim 7, wherein the step of collecting evidence of the sending source comprises the step of recording the message header of the connection request.
  - 17. The method of claim 7, wherein said connection request is selected from the group consisting of:
    - SMTP, FTP, SSH, HTTP, Telnet, and VPN.
  - 18. The method of claim 7, wherein said connection request is store-and-forward request.

19. A system for detecting and throttling rogue senders on the internet having a plurality of subscriber components, comprising:
- a tracking component having a database for storing statistics of connection requests for a plurality of sending IP addresses, a forecasting component for analyzing said statistics of the plurality of sending IP addresses and calculating risk assessment factor for each of the plurality of sending IP addresses;
  
  one or more delivery components for storing statistics of the plurality of sending IP addresses from the plurality of subscriber components and transmitting the risk assessment factor to the plurality of subscriber components.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The system of claim 19, wherein the forecasting component uses a genetic algorithm to calculate the risk assessment factor for each of the plurality of sending IP addresses.
  - 21. The system of claim 19, wherein the forecasting component uses a statistical algorithm based on the volume of connection requests over a predetermined period of time made by each of the plurality of sending IP addresses to calculate the risk assessment factor for each of the plurality of sending IP addresses.
  - 22. The system of claim 19, wherein the one or more delivery components transmit the risk assessment factor to the plurality of subscribers every five minutes.
  - 23. The system of claim 19, wherein the tracking component stores evidence collected from the plurality of subscribers that sending IP address of the sending source is rogue;
    - and a portal component for preparing and transmitting said evidence to the registered owner of the sending IP address.
  - 24. The system of claim 23, wherein said portal component transmits said evidence to law enforcement and regulatory authorities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tested Technologies Corporation
Original Assignee
Tested Technologies Corporation
Inventors
Von-Maszewski, Matthew

Application Number

US11/300,058
Publication Number

US 20060130147A1
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

H04L 63/1408 by monitoring network traff...

Method and system for detecting and stopping illegitimate communication attempts on the internet

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

48 Citations

24 Claims

Specification

Use Cases

Quick Links

Others

Method and system for detecting and stopping illegitimate communication attempts on the internet

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

24 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others