Network fingerprinting

US 7,448,070 B2
Filed: 10/17/2003
Issued: 11/04/2008
Est. Priority Date: 10/17/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-readable storage medium comprising:

computer-executable instructions thereon for performing a method, the method comprising;

establishing at least one connection to at least one computer network,each computer network having at least one network attribute,each network attribute associated with at least one identity confidence modifier,each identity confidence modifier specifying an identity confidence transformation, andeach network attribute having a value;

issuing an issued network identifier for at least one computer network of said at least one computer network; and

determining an identity confidence for each issued network identifier with respect to at least one current computer network,the identity confidence for each issued network identifier comprising a probability of correct identification of the at least one current computer network, andthe step of determining the identity confidence comprising;

for each current computer network and each network attribute, applying at least one of said at least one identity confidence modifier associated with the network attribute to the identity confidence of each issued network identifier if the value of the network attribute of the computer network identified by the issued network identifier matches the value of the network attribute of the current computer network,wherein applying the at least one of said at least one identity confidence modifier to the identity confidence comprises transforming the identity confidence in accordance with the identity confidence transformation specified by the identity confidence modifier.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network fingerprinting component for a computerized system issues network identifiers (NID) for computer networks. Identity confidences may be determined for each issued network identifier with respect to current computer networks. Computer network attributes may include passive network attributes and active network attributes. Retrieving values for active network attributes involves generating network traffic. As a result passive network attributes may be available to the network fingerprinting component before active network attributes. Learned identity confidence modifiers may be applied to identity confidences determined independent of active network attributes to achieve more accurate identity confidence sooner. Better learned identity confidence modifiers may be obtained by comparing identity confidences for a particular computer network determined independently of active network attributes with identity confidences for the computer network determined once active network attributes become available and then adjusting the learned identity confidence modifiers so as to minimize any differences.

Citations

18 Claims

1. A computer-readable storage medium comprising:
- computer-executable instructions thereon for performing a method, the method comprising;
  
  establishing at least one connection to at least one computer network,each computer network having at least one network attribute,each network attribute associated with at least one identity confidence modifier,each identity confidence modifier specifying an identity confidence transformation, andeach network attribute having a value;
  
  issuing an issued network identifier for at least one computer network of said at least one computer network; and
  
  determining an identity confidence for each issued network identifier with respect to at least one current computer network,the identity confidence for each issued network identifier comprising a probability of correct identification of the at least one current computer network, andthe step of determining the identity confidence comprising;
  
  for each current computer network and each network attribute, applying at least one of said at least one identity confidence modifier associated with the network attribute to the identity confidence of each issued network identifier if the value of the network attribute of the computer network identified by the issued network identifier matches the value of the network attribute of the current computer network,wherein applying the at least one of said at least one identity confidence modifier to the identity confidence comprises transforming the identity confidence in accordance with the identity confidence transformation specified by the identity confidence modifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-readable storage medium of claim 1, wherein the method further comprises responding to a request for an identity of said at least one current computer network with a response, the response comprising:
    - at least one issued network identifier; and
      
      for each issued network identifier in the response, the identity confidence for the issued network identifier determined with respect to said at least one current computer network.
  - 3. The computer-readable storage medium of claim 2, wherein:
    - each identity confidence has a value, the value ranging from a minimum identity confidence value to a maximum identity confidence value; and
      
      the value of each identity confidence in the response is the maximum identity confidence value.
  - 4. The computer-readable storage medium of claim 2, wherein:
    - each identity confidence has a value; and
      
      the value of each identity confidence in the response is above a minimum identity confidence response threshold.
  - 5. The computer-readable storage medium of claim 1, wherein each issued network identifier comprises a globally unique identifier (GUID).
  - 6. The computer-readable storage medium of claim 1, wherein each identity confidence modifier specifies a linear identity confidence transformation.
  - 7. The computer-readable storage medium of claim 1, wherein:
    - each computer network has a plurality of network attributes, the plurality of network attributes comprising;
      
      at least one passive network attribute; and
      
      at least one active network attribute;
      
      each passive network attribute is associated with at least one passive network attribute identity confidence modifier;
      
      each active network attribute is associated with at least one active network attribute identity confidence modifier;
      
      the method further comprises retrieving the value of each active network attribute, the step of retrieving the value of each active network attribute comprising generating network traffic on the computer network that has the active network attribute; and
      
      determining the identity confidence for each issued network identifier with respect to said at least one current computer network further comprises;
      
      for each current computer network and each passive network attribute, applying at least one of said at least one passive network attribute identity confidence modifier associated with the passive network attribute to the identity confidence of each issued network identifier if the value of the passive network attribute of the computer network identified by the issued network identifier matches the value of the passive network attribute of the current computer network; and
      
      for each current computer network and each active network attribute, applying at least one of said at least one active network attribute identity confidence modifier associated with the active network attribute to the identity confidence of each issued network identifier if the value of the active network attribute of the computer network identified by the issued network identifier matches the value of the active network attribute of the current computer network.
  - 8. The computer-readable storage medium of claim 1, wherein:
    - each computer network has at least one passive network attribute;
      
      each passive network attribute is associated with at least one passive network attribute identity confidence modifier;
      
      each issued network identifier is associated with a learned identity confidence modifier;
      
      the method further comprises retrieving the value of each passive network attribute independent of generating network traffic on the computer network that has the passive network attribute; and
      
      determining the identity confidence for each issued network identifier with respect to said at least one current computer network further comprises;
      
      for each current computer network and each passive network attribute, applying at least one of said at least one passive network attribute identity confidence modifier associated with the passive network attribute to the identity confidence of each issued network identifier if the value of the passive network attribute of the computer network identified by the issued network identifier matches the value of the passive network attribute of the current computer network; and
      
      for each current computer network, applying, to the identity confidence of each issued network identifier, the learned identity confidence modifier associated with the issued network identifier if the identity confidence of the issued network identifier is above a minimum learned modification identity confidence threshold.
  - 9. The computer-readable storage medium of claim 8, wherein:
    - a first set of identity confidences comprises the identity confidences determined for each issued network identifier with respect to said at least one current computer network;
      
      each computer network has a plurality of network attributes, the plurality of network attributes comprising;
      
      at least one passive network attribute; and
      
      at least one active network attribute;
      
      each active network attribute is associated with at least one active network attribute identity confidence modifier;
      
      the method further comprises;
      
      retrieving the value of each active network attribute, the step of retrieving the value of each network attribute comprising generating network traffic on the computer network that has the active network attribute; and
      
      determining, as a result of at least one active network attribute becoming available, a second set of identity confidences such that determining the second set of identity confidences comprises;
      
      applying at least one active network attribute identity confidence modifier to the second set of identity confidences; and
      
      adjusting the learned identity confidence modifier associated with each issued network identifier so that if the first set of identity confidences were to be re-determined then differences between a re-determined first set of identity confidences and the second set of identity confidences would be minimized.

10. A computerized system, comprising a network fingerprinting component configured to, at least:
- issue at least one network identifier for at least one computer network;
  
  maintain a set of issued network identifiers;
  
  maintain a set of current identity confidences, the set of current identity confidences comprising an identity confidence for each issued network identifier with respect to at least one current computer network, the identity confidence for each issued network identifier comprising a probability of correct identification of the at least one current computer network;
  
  maintain a set of identity confidence modifiers, the set of identity confidence modifiers comprising at least one identity confidence modifier for each network attribute in the set of current network attributes, each at least one identity confidence modifier specifying a transformation of at least one identity confidence; and
  
  apply at least one identity confidence modifier to the at least one identity confidence, comprising transforming the at least one identity confidence in accordance with the transformation specified by the at least one identity confidence modifier.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computerized system of claim 10, wherein the network fingerprinting component is further configured to, at least:
    - maintain a set of issued network attributes, the set of issued network attributes comprising, for each issued network identifier in the set of issued network identifiers, at least one network attribute of a computer network identified by the issued network identifier; and
      
      maintain a set of current network attributes, the set of current network attributes comprising at least one network attribute of each current computer network.
  - 12. The computerized system of claim 10, wherein:
    - each computer network has a plurality of network attributes, the plurality of network attributes comprising;
      
      at least one passive network attribute; and
      
      at least one active network attribute;
      
      each network attribute has a value;
      
      retrieving the value of each active network attribute comprises generating network traffic on the computer network that has the active network attribute; and
      
      the network fingerprinting component is further configured to, at least;
      
      maintain a set of issued passive network attributes, the set of issued passive network attributes comprising, for each issued network identifier in the set of issued network identifiers, at least one passive network attribute of a computer network identified by the issued network identifier;
      
      maintain a set of issued active network attributes, the set of issued active network attributes comprising, for each issued network identifier in the set of issued network identifiers, at least one active network attribute of a computer network identified by the issued network identifier;
      
      maintain a set of current passive network attributes, the set of current passive network attributes comprising at least one passive network attribute of each current computer network; and
      
      maintain a set of current active network attributes, the set of current active network attributes comprising at least one active network attribute of each current computer network.
  - 13. The computerized system of claim 12, wherein the network fingerprinting component is further configured to, at least:
    - maintain a set of passive network attribute identity confidence modifiers, the set of passive network attribute identity confidence modifiers comprising at least one passive network attribute identity confidence modifier for each passive network attribute in the set of current passive network attributes;
      
      maintain a set of active network attribute identity confidence modifiers, the set of active network attribute identity confidence modifiers comprising at least one active network attribute identity confidence modifier for each active network attribute in the set of current active network attributes;
      
      apply at least one passive network attribute identity confidence modifier to at least one identity confidence; and
      
      apply at least one active network attribute identity confidence modifier to said at least one identity confidence.
  - 14. The computerized system of claim 13, wherein the network fingerprinting component is further configured to, at least:
    - maintain a set of learned identity confidence modifiers, the set of learned identity confidence modifiers comprising at least one learned identity confidence modifier for each issued network identifier in the set of issued network identifiers; and
      
      apply at least one learned identity confidence modifier to at least one identity confidence.
  - 15. The computerized system of claim 14, wherein the network fingerprinting component is farther configured to, at least, adjust the set of learned identity confidence modifiers so as to minimize differences between a first set of current identity confidences and a second set of current identity confidences, the first set of current identity confidences determined before retrieving active network attributes for said at least one current computer network, and the second set of current identity confidences determined after retrieving active network attributes for said at least one current computer network.
  - 16. The computerized system of claim 13, wherein the network fingerprinting component is further configured to, at least:
    - for each issued network identifier in the set of issued network identifiers and for each passive network attribute in the set of current passive network attributes, apply at least one of said at least one passive network attribute identity confidence modifier for the passive network attribute to the identity confidence for the issued network identifier if the value of the passive network attribute in the set of current passive network attributes matches the value of the passive network attribute for the issued network identifier in the set of issued passive network attributes; and
      
      for each issued network identifier in the set of issued network identifiers and for each active network attribute in the set of current active network attributes, apply at least one of said at least one active network attribute identity confidence modifier for the active network attribute to the identity confidence for the issued network identifier if the value of the active network attribute in the set of current active network attributes matches the value of the active network attribute for the issued network identifier in the set of issued active network attributes.
  - 17. The computerized system of claim 10, wherein each identity confidence modifier specifies a linear transformation of the identity confidence.
  - 18. The computerized system of claim 10, wherein each network identifier is a globally unique identifier (GUID).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Moore, Timothy M., Barkley, Warren V., Bhanu, Vivek, Lyndersay, Sean, Yao, Yinghua
Primary Examiner(s)
JUNG, DAVID YIUK

Application Number

US10/688,656
Publication Number

US 20050086473A1
Time in Patent Office

1,845 Days
Field of Search

726/6, 726/3, 726/5, 726/4, 726/11, 713/153
US Class Current

726/4
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 63/1433   Vulnerability analysis

Network fingerprinting

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Network fingerprinting

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links