ACTIVITY FILTERING BASED ON TRUST RATINGS OF NETWORK ENTITIES

US 20110191847A1
Filed: 01/29/2010
Published: 08/04/2011
Est. Priority Date: 01/29/2010
Status: Active Grant

First Claim

Patent Images

1. A method of filtering activities of nodes interacting with a device having a processor, the nodes connected to the device through a network and respectively having a network address, the method comprising:

executing on the processor instructions configured to;

identify at least one network entity controlling nodes having network addresses within a network address group;

for respective network entities;

for nodes interacting with the device and having a network address within the network address group of the network entity, evaluate at least one activity of the node; and

assign to the network entity a network entity trust rating based on evaluated activities of nodes having network addresses within the network address group; and

filter activities of a node interacting with the device by;

determining the network entity controlling the network address group containing the network address of the node; and

filtering activities of the node based on the network entity trust rating of the network entity.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The filtering of activities generated by nodes of a network while interacting with a device may be performed by evaluating the desirability of the activities (e.g., a spam or not-spam determination of email messages sent by the node) and assigning a trust rating to the node. However, nodes are often identified by network address, and an operator of a node sending undesirable activities may reassign the network address of the node in order to avoid heavy filtering. Instead, nodes may be identified as being controlled by a network entity (e.g., an autonomous system identified in a border gateway protocol routing table.) The network entity is assigned a network entity trust rating based on the trust ratings of the nodes controlled thereby, and an appropriate level of activity filtering based on the network entity trust rating may be selected for subsequent activities received from all nodes controlled by the network entity.

Citations

20 Claims

1. A method of filtering activities of nodes interacting with a device having a processor, the nodes connected to the device through a network and respectively having a network address, the method comprising:
- executing on the processor instructions configured to;
  
  identify at least one network entity controlling nodes having network addresses within a network address group;
  
  for respective network entities;
  
  for nodes interacting with the device and having a network address within the network address group of the network entity, evaluate at least one activity of the node; and
  
  assign to the network entity a network entity trust rating based on evaluated activities of nodes having network addresses within the network address group; and
  
  filter activities of a node interacting with the device by;
  
  determining the network entity controlling the network address group containing the network address of the node; and
  
  filtering activities of the node based on the network entity trust rating of the network entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, at least one activity of the node interacting with the device selected from an activity set comprising:
    - sending at least one email message to the device;
      
      sending at least one text message to the device;
      
      sending at least one social network message to the device;
      
      sending at least one weblog post to the device; and
      
      utilizing at least one service of the device.
  - 3. The method of claim 1, evaluating the at least one activity of the node comprising:
    - evaluating at least one activity property of at least one activity of the node, the at least one activity property selected from an activity properties set comprising;
      
      a spam message report relating to at least one spam message sent by the node;
      
      a non-spam message report relating to at least one non-spam message sent by the node;
      
      a phishing report relating to at least one phishing attempt initiated by the node;
      
      a malware report relating to at least one malware item stored by the node;
      
      a message metric of messages sent by the node;
      
      a recipient metric of recipients of at least one message sent by the node;
      
      a returned message metric of returned messages sent to the node in response to at least one message sent by the node;
      
      a sender authentication failure of at least one sender of at least one message sent by the node;
      
      a connection metric of connections established by the node; and
      
      a bandwidth metric of bandwidth utilized by the network.
  - 4. The method of claim 1, comprising:
    - generating an activity evaluation of the node based on at least one network property exhibited by the node, the at least one network property selected from a network property set comprising;
      
      a name registry comprising a network name of the node;
      
      at least one network port status of at least one network port of the node;
      
      a geographic location of the node; and
      
      at least one property of at least one network route associated with at least one network address of the node.
  - 5. The method of claim 1, comprising:
    - generating an activity evaluation of the node based on at least one user property of at least one user of the node, the at least one user property selected from a user property set comprising;
      
      a geographic location of the user;
      
      a user type of the user;
      
      a reputation of the user; and
      
      a financial status indicator of the user.
  - 6. The method of claim 1, comprising:
    - generating an activity evaluation of the node by;
      
      querying a user to evaluate at least one activity of the node, andupon receiving from the user an activity evaluation of the node, assigning the activity evaluation to the node.
  - 7. The method of claim 1, comprising:
    - generating an activity evaluation of the node by;
      
      selecting a node activity classification of the activity of the node using a node activity classifier configured to evaluate activities of nodes, andassigning the activity evaluation to the node based on the node activity classification.
  - 8. The method of claim 1, assigning the network entity trust rating of the network entity comprising:
    - selecting a network entity classification of the activity of the node using a network entity classifier configured to evaluate network entities based on activity evaluations of nodes having network addresses within the network address group controlled by the network entity, andassigning the network entity trust rating of the network entity based on the network entity classification.
  - 9. The method of claim 1, comprising:
    - notifying at least one trusted device of at least one network entity trust rating of at least one network entity.
  - 10. The method of claim 1, assigning the network entity trust rating of at least one network entity comprising:
    - receiving at least one network entity trust rating from at least one trusted device, andassigning to the network entity a network entity trust rating based on activity evaluations of nodes within the network address group and the network entity trust rating received from the at least one trusted device.
  - 11. The method of claim 1, comprising:
    - after assigning a network entity trust rating to a network entity;
      
      for nodes interacting with the device and having a network address within the network address group of the network entity, evaluating at least one subsequent activity of the node to assign an updated activity evaluation to the node; and
      
      upon detecting an updated activity evaluation of at least one node, assign to the network entity an updated network entity trust rating based on the updated activity evaluation.
  - 12. The method of claim 1, determining the network entity comprising:
    - evaluating a routing table identifying at least one network entity and at least one network address of at least one node controlled by the network entity.
  - 13. The method of claim 1:
    - at least one network entity registered with a name registry associating node names with respective nodes of the network, anddetermining the network entity comprising;
      
      identifying a node name of the node, andassociating the node name of the node with a network entity according to the name registry.
  - 14. The method of claim 1, filtering the activity of the node comprising:
    - upon determining that at least one network address of the node is within a network address group controlled by a network entity having a poor network entity trust rating, blocking activities received from the node.
  - 15. The method of claim 1, filtering the activity of the node comprising:
    - upon determining that at least one network address of the node is within a network address group controlled by a network entity having a poor network entity trust rating, reducing at least one service of the device provided to the node.
  - 16. The method of claim 1, filtering the activity of the node comprising:
    - upon determining that at least one network address of the node is within a network address group controlled by a network entity having a poor network entity trust rating, increasing filtering of at least one activity of the node.
  - 17. The method of claim 16:
    - the activity of the node comprising at least one email message sent to the device, andfiltering the activity of the node comprising;
      
      upon determining that at least one network address of the node is within a network address group controlled by a network entity having a poor network entity trust rating, applying at least one email filtering technique selected from an email filtering techniques set comprising;
      
      dropping the email message;
      
      bouncing the email message to the node;
      
      junking the email message;
      
      quarantining the email message;
      
      delaying the email message.
  - 18. The method of claim 1, comprising:
    - upon identifying a node having at least one network address within a network address group controlled by a network entity, where the node has a higher activity evaluation than the network entity trust rating of the network entity, filtering activities of the node based on the higher activity evaluation.

19. A system configured to filter activities of nodes interacting with a device, the nodes connected to the device through a network and respectively having a network address, the system comprising:
- a network entity identifying component configured to identify at least one network entity controlling nodes having network addresses within a network address group;
  
  a node activity trust rating component configured to, for nodes interacting with the device and having a network address within the network address group of a network entity, evaluate at least one activity of the node;
  
  a network entity trust rating component configured to, for respective network entities, assign to the network entity a network entity trust rating based on evaluated activities of nodes having network addresses within the network address group; and
  
  a node activity filtering component configured to filter activities of a node interacting with the device by;
  
  determining the network entity controlling the network address group containing the network address of the node; and
  
  filtering activities of the node based on the network entity trust rating of the network entity.

20. A computer-readable storage medium comprising instructions that, when executed on a processor of a device, filter activities of nodes interacting with the device, the nodes connected to the device through a network and respectively having a network address, by:
- identifying at least one network entity controlling nodes having network addresses within a network address group;
  
  for respective network entities;
  
  for nodes interacting with the device and having a network address within the network address group of the network entity, evaluating at least one activity of the node by;
  
  selecting a node activity classification of the activity of the node using a node activity classifier configured to evaluate activities of nodes, the activity selected from an activity set comprising;
  
  sending at least one email message to the device;
  
  sending at least one text message to the device;
  
  sending at least one social network message to the device;
  
  sending at least one weblog post to the device; and
  
  utilizing at least one service of the device; and
  
  generating an activity evaluation of the node based on the node activity classification;
  
  assigning to the network entity a network entity trust rating based on the activity evaluations of nodes having network addresses within the network address group by;
  
  selecting a network entity classification of the activity of the node using a network entity classifier configured to evaluate network entities based on the activity evaluations of nodes having network addresses within the network address group controlled by the network entitybased on;
  
  at least one network property exhibited by the node, the at least one network property selected from a network property set comprising;
  
  a name registry comprising a network name of the node;
  
  at least one network port status of at least one network port of the node;
  
  a geographic location of the node; and
  
  at least one property of at least one network route associated with at least one network address of the node; and
  
  at least one user property of at least one user of the node, the at least one user property selected from a user property set comprising;
  
  a geographic location of the user;
  
  a user type of the user;
  
  a reputation of the user; and
  
  a financial status indicator of the user;
  
  assigning the network entity trust rating of the network entity based on the network entity classification; and
  
  notifying at least one trusted device of at least one network entity trust rating of at least one network entity;
  
  filtering activities of a node interacting with the device by;
  
  determining the network entity controlling the network address group containing the network address of the node; and
  
  filtering activities of the node based on the network entity trust rating of the network entity; and
  
  after assigning a network entity trust rating to a network entity;
  
  for nodes interacting with the device and having a network address within the network address group of the network entity, evaluating at least one subsequent activity of the node to assign an updated activity evaluation to the node; and
  
  upon detecting an updated activity evaluation of at least one node, assign to the network entity an updated network entity trust rating based on the updated activity evaluation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Osipkov, Ivan, Hulten, Geoffrey J., Walter, Jason D., Gillum, Eliot C., Drinic, Milenko, Bidgoli, Mehrdad, Vitaldevara, Krishna C., Davis, Malcolm H., Ramachandran, Aravind K., McCann, Robert L.

Granted Patent

US 9,098,459 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 15/16   Combinations of two or more...

G06F 15/173   using an interconnection ne...

G06F 21/00   Security arrangements for p...

G06Q 50/01   Social networking

H04L 51/212   using filtering or selectiv...

H04L 51/52   for supporting social netwo...

H04L 63/0236   Filtering by address, proto...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/1483   service impersonation, e.g....

H04L 63/20   for managing network securi...

ACTIVITY FILTERING BASED ON TRUST RATINGS OF NETWORK ENTITIES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ACTIVITY FILTERING BASED ON TRUST RATINGS OF NETWORK ENTITIES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links