CONFIDENCE SCORING OF DEVICE REPUTATION BASED ON CHARACTERISTIC NETWORK BEHAVIOR
First Claim
1. A method of evaluating reputation of a requestor device that makes a request to a cloud-based resource, including:
- providing an initial response to the requestor device that includes an instrumented web page or instructions to be processed by an application running on the requestor device, wherein the initial response includes code adapted to;
collect data regarding at least network round trip latency between the requestor device and four or more target addresses andreport the network round trip latency for the target addresses;
compiling a characteristic vector for the requestor device including at least the reported network round trip latency for the target addresses;
scoring the characteristic vector for similarity to expected characteristics of a first reference device at a first reference IP address expected to share network round trip latency characteristics with the requestor device; and
producing at least one reputation score.
9 Assignments
0 Petitions
Accused Products
Abstract
The technology disclosed relates to detection of anonymous proxies and bots making requests to a cloud based resource on the Internet, such as a web server or an App server. The technology can leverage one or more of: instrumentation of web pages that samples response times and other characteristics of communications by a requestor device over multiple network segments; lack of prior appearance of the requestor device across multiple, independently operated commercial web sites; and resolver usage by the requestor. These signals can be analyzed to score a requesting device'"'"'s reputation. A location reported by a user device can be compared to a network characteristic determined location.
-
Citations
20 Claims
-
1. A method of evaluating reputation of a requestor device that makes a request to a cloud-based resource, including:
-
providing an initial response to the requestor device that includes an instrumented web page or instructions to be processed by an application running on the requestor device, wherein the initial response includes code adapted to; collect data regarding at least network round trip latency between the requestor device and four or more target addresses and report the network round trip latency for the target addresses; compiling a characteristic vector for the requestor device including at least the reported network round trip latency for the target addresses; scoring the characteristic vector for similarity to expected characteristics of a first reference device at a first reference IP address expected to share network round trip latency characteristics with the requestor device; and producing at least one reputation score. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method of evaluating reputation of a requestor device that makes a request to a web site, including:
-
receiving requestor device characteristics including at least an IP address, browser type and version identifiers, and operating system type and version identifiers with a request from the requestor device; looking up in a requestor history database, that reflects requests compiled from more than 100 independently operating servers, a frequency of requests made by devices sharing the requestor device characteristics; and scoring the requestor device characteristics for frequency and/or diversity of requests made to the independently operating servers within a predetermined recent time. - View Dependent Claims (16, 17)
-
-
18. A method of evaluating reputation of a requestor device that makes a request to a web site, including:
-
providing an initial response to a requestor device that includes an instrumented web page or instructions to be processed by an application running on the requestor device, wherein the initial response includes code adapted to; collect and compile in a characteristic vector data regarding a resolver used by the requestor device to find IP addresses corresponding to fully qualified domain names and report the resolver used by the requestor device; and scoring the characteristic vector for matching expected resolver usage of a reference requestor device at a reference IP address expected to share resolver usage characteristics with the requestor device and producing at least one reputation score. - View Dependent Claims (19, 20)
-
Specification