METHOD AND APPARATUS FOR GENERATING HIGHLY PREDICTIVE BLACKLISTS
First Claim
Patent Images
1. A method for generating a blacklist of network addresses for a user of a network, the method comprising the steps of:
- collecting security log data from one or more users of the network, the security log data identifying one or more observed attacks on the one or more users by one or more attack sources;
assigning at least one of the one or more attack sources to the blacklist based on a combination of a relevance of the at least one of the one or more attack sources to the user and a maliciousness of the at least one of the one or more attack sources; and
outputting the blacklist.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, the present invention is a method and apparatus for generating highly predictive blacklists. One embodiment of a method for generating a blacklist of network addresses for a user of a network includes collecting security log data from users of the network, the security log data identifying observed attacks by attack sources, assigning the attack sources to the blacklist based on a combination of the relevance each attack source to the user and the maliciousness of the attack source, and outputting the blacklist.
-
Citations
33 Claims
-
1. A method for generating a blacklist of network addresses for a user of a network, the method comprising the steps of:
-
collecting security log data from one or more users of the network, the security log data identifying one or more observed attacks on the one or more users by one or more attack sources; assigning at least one of the one or more attack sources to the blacklist based on a combination of a relevance of the at least one of the one or more attack sources to the user and a maliciousness of the at least one of the one or more attack sources; and outputting the blacklist. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer readable storage medium containing an executable program for generating a blacklist of network addresses for a user of a network, where the program performs the steps of:
-
collecting security log data from one or more users of the network, the security log data identifying one or more observed attacks on the one or more users by one or more attack sources; assigning at least one of the one or more attack sources to the blacklist based on a combination of a relevance of the at least one of the one or more attack sources to the user and a maliciousness of the at least one of the one or more attack sources; and outputting the blacklist. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A system for generating a blacklist of network addresses for a user of a network, the system comprising:
-
means for collecting security log data from one or more users of the network, the security log data identifying one or more observed attacks on the one or more users by one or more attack sources; means for assigning at least one of the one or more attack sources to the blacklist based on a combination of a relevance of the at least one of the one or more attack sources to the user and a maliciousness of the at least one of the one or more attack sources; and means for outputting the blacklist. - View Dependent Claims (30, 31, 32, 33)
-
Specification