SYSTEMS AND METHODS FOR GENERATING NETWORK THREAT INTELLIGENCE
First Claim
1. A method for identifying network threats, the method comprising:
- obtaining a network traffic dataset representative of network traffic for an Internet Protocol address across one or more ports of a primary network, the primary network in communication with a content distribution network, the Internet Protocol address corresponding to a computing device;
obtaining a content distribution network log associated with the content distribution network, the content distribution network log including a history of content requests by the Internet Protocol address;
correlating the network traffic dataset with the content distribution network log based on the Internet Protocol address to obtain network security data;
identifying one or more threat attributes representative of malicious activity from the network security data;
weighting the one or more threat attributes; and
generating network threat intelligence based on the weighted threat attributes using a processing cluster.
1 Assignment
0 Petitions
Accused Products
Abstract
Implementations described and claimed herein provide systems and methods for generating threat intelligence based on network security data. In one implementation, a network traffic dataset representative of network traffic for an Internet Protocol address across one or more ports of a primary network is obtained. A content distribution network log associated with a content distribution network is obtained. The content distribution network log includes a history of content requests by the Internet Protocol address. The network traffic dataset is correlated with the content distribution network log based on the Internet Protocol address to obtain network security data. One or more threat attributes representative of malicious activity are identified from the network security data. The one or more threat attributes are weighted. Network threat intelligence is generated based on the weighted threat attributes using a processing cluster.
-
Citations
20 Claims
-
1. A method for identifying network threats, the method comprising:
-
obtaining a network traffic dataset representative of network traffic for an Internet Protocol address across one or more ports of a primary network, the primary network in communication with a content distribution network, the Internet Protocol address corresponding to a computing device; obtaining a content distribution network log associated with the content distribution network, the content distribution network log including a history of content requests by the Internet Protocol address; correlating the network traffic dataset with the content distribution network log based on the Internet Protocol address to obtain network security data; identifying one or more threat attributes representative of malicious activity from the network security data; weighting the one or more threat attributes; and generating network threat intelligence based on the weighted threat attributes using a processing cluster. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. One or more non-transitory tangible computer-readable storage media storing computer-executable instructions for performing a computer process on a computing system, the computer process comprising:
-
extracting network traffic patterns for an Internet Protocol address from a network traffic dataset representative of network traffic for an Internet Protocol address across one or more ports of a primary network, the primary network in communication with a content distribution network, the Internet Protocol address corresponding to a computing device; extracting a user agent for the Internet Protocol address and a history of content requests by the Internet Protocol address from a content distribution log associated with the content distribution network; correlating the network traffic patterns with the user agent and the history of content requests to obtain network security data for the Internet Protocol address; and generating network threat intelligence based on the network security data. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A system for identifying network threats, the system comprising:
-
a primary network in communication with a content distribution network, the primary network having one or more router interfaces through which network traffic for an Internet Protocol address is transceived, the Internet Protocol address corresponding to a computing device; and a processing cluster configured to generate network threat intelligence based on network security data obtained from an interaction of the Internet Protocol address with the primary network and the content distribution network, the network security data including a network traffic dataset corresponding to the network traffic transceived over the one or more router interfaces for the Internet Protocol address and a content distribution log including a history of content requests from the Internet Protocol address over the primary network. - View Dependent Claims (19, 20)
-
Specification