Filtering unwanted data traffic via a per-customer blacklist
First Claim
1. A method for generating a customer blacklist associated with a customer system, comprising the steps of:
- generating a network blacklist comprising a first plurality of Internet Protocol (IP) addresses, said first plurality of IP addresses identifying a first plurality of unwanted traffic sources;
generating a customer whitelist comprising a second plurality of IP addresses, said second plurality of IP addresses identifying a plurality of wanted traffic sources;
comparing each IP address in said first plurality of IP addresses with each IP address in said second plurality of IP addresses; and
for each IP address in said first plurality of IP addresses;
adding the IP address to the customer blacklist if the IP address is not in said second plurality of IP addresses; and
not adding the IP address to the customer blacklist if the IP address is in the second plurality of IP addresses.
1 Assignment
0 Petitions
Accused Products
Abstract
Traffic flow from a traffic source with a source IP address to a customer system with a destination IP address is filtered by comparing the source IP address to a customer blacklist. If the source IP address is on the customer blacklist, then traffic to the customer system is blocked; else, traffic to the customer system is allowed. The customer blacklist is generated from a network blacklist, comprising IP addresses of unwanted traffic sources, and a customer whitelist, comprising IP addresses of wanted traffic sources. The customer blacklist is generated by removing from the network blacklist any IP address also on the customer whitelist. The network blacklist is generated by acquiring raw blacklists from reputation systems. IP addresses on the raw blacklists are sorted by prefix groups, which are rank ordered by traffic frequency. Top prefix groups are selected for the network blacklist.
164 Citations
24 Claims
-
1. A method for generating a customer blacklist associated with a customer system, comprising the steps of:
-
generating a network blacklist comprising a first plurality of Internet Protocol (IP) addresses, said first plurality of IP addresses identifying a first plurality of unwanted traffic sources; generating a customer whitelist comprising a second plurality of IP addresses, said second plurality of IP addresses identifying a plurality of wanted traffic sources; comparing each IP address in said first plurality of IP addresses with each IP address in said second plurality of IP addresses; and for each IP address in said first plurality of IP addresses; adding the IP address to the customer blacklist if the IP address is not in said second plurality of IP addresses; and not adding the IP address to the customer blacklist if the IP address is in the second plurality of IP addresses. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus for generating a customer blacklist associated with a customer system, comprising:
-
means for generating a network blacklist comprising a first plurality of Internet Protocol (IP) addresses, said first plurality of IP addresses identifying a first plurality of unwanted traffic sources; means for generating a customer whitelist comprising a second plurality of IP addresses, said second plurality of IP addresses identifying a plurality of wanted traffic sources; means for comparing each IP address in said first plurality of IP addresses with each IP address in said second plurality of IP addresses; and for each IP address in said first plurality of IP addresses; means for adding the IP address to the customer blacklist if the IP address is not in said second plurality of IP addresses; and means for not adding the IP address to the customer blacklist if the IP address is in the second plurality of IP addresses. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer readable medium storing computer program instructions for generating a customer blacklist associated with a customer system, said computer instructions defining the steps of:
-
generating a network blacklist comprising a first plurality of IP addresses, said first plurality of IP addresses identifying a first plurality of unwanted traffic sources; generating a customer whitelist comprising a second plurality of IP addresses, said second plurality of IP addresses identifying a plurality of wanted traffic sources; comparing each IP address in said first plurality of IP addresses with each IP address in said second plurality of IP addresses; and for each IP address in said first plurality of IP addresses; adding the IP address to the customer blacklist if the IP address is not in said second plurality of IP addresses; and not adding the IP address to the customer blacklist if the IP address is in the second plurality of IP addresses. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification