Network fingerprinting
First Claim
1. A computer-readable storage medium comprising:
- computer-executable instructions thereon for performing a method, the method comprising;
establishing at least one connection to at least one computer network,each computer network having at least one network attribute,each network attribute associated with at least one identity confidence modifier,each identity confidence modifier specifying an identity confidence transformation, andeach network attribute having a value;
issuing an issued network identifier for at least one computer network of said at least one computer network; and
determining an identity confidence for each issued network identifier with respect to at least one current computer network,the identity confidence for each issued network identifier comprising a probability of correct identification of the at least one current computer network, andthe step of determining the identity confidence comprising;
for each current computer network and each network attribute, applying at least one of said at least one identity confidence modifier associated with the network attribute to the identity confidence of each issued network identifier if the value of the network attribute of the computer network identified by the issued network identifier matches the value of the network attribute of the current computer network,wherein applying the at least one of said at least one identity confidence modifier to the identity confidence comprises transforming the identity confidence in accordance with the identity confidence transformation specified by the identity confidence modifier.
2 Assignments
0 Petitions
Accused Products
Abstract
A network fingerprinting component for a computerized system issues network identifiers (NID) for computer networks. Identity confidences may be determined for each issued network identifier with respect to current computer networks. Computer network attributes may include passive network attributes and active network attributes. Retrieving values for active network attributes involves generating network traffic. As a result passive network attributes may be available to the network fingerprinting component before active network attributes. Learned identity confidence modifiers may be applied to identity confidences determined independent of active network attributes to achieve more accurate identity confidence sooner. Better learned identity confidence modifiers may be obtained by comparing identity confidences for a particular computer network determined independently of active network attributes with identity confidences for the computer network determined once active network attributes become available and then adjusting the learned identity confidence modifiers so as to minimize any differences.
-
Citations
18 Claims
-
1. A computer-readable storage medium comprising:
-
computer-executable instructions thereon for performing a method, the method comprising; establishing at least one connection to at least one computer network, each computer network having at least one network attribute, each network attribute associated with at least one identity confidence modifier, each identity confidence modifier specifying an identity confidence transformation, and each network attribute having a value; issuing an issued network identifier for at least one computer network of said at least one computer network; and determining an identity confidence for each issued network identifier with respect to at least one current computer network, the identity confidence for each issued network identifier comprising a probability of correct identification of the at least one current computer network, and the step of determining the identity confidence comprising; for each current computer network and each network attribute, applying at least one of said at least one identity confidence modifier associated with the network attribute to the identity confidence of each issued network identifier if the value of the network attribute of the computer network identified by the issued network identifier matches the value of the network attribute of the current computer network, wherein applying the at least one of said at least one identity confidence modifier to the identity confidence comprises transforming the identity confidence in accordance with the identity confidence transformation specified by the identity confidence modifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computerized system, comprising a network fingerprinting component configured to, at least:
-
issue at least one network identifier for at least one computer network; maintain a set of issued network identifiers; maintain a set of current identity confidences, the set of current identity confidences comprising an identity confidence for each issued network identifier with respect to at least one current computer network, the identity confidence for each issued network identifier comprising a probability of correct identification of the at least one current computer network; maintain a set of identity confidence modifiers, the set of identity confidence modifiers comprising at least one identity confidence modifier for each network attribute in the set of current network attributes, each at least one identity confidence modifier specifying a transformation of at least one identity confidence; and apply at least one identity confidence modifier to the at least one identity confidence, comprising transforming the at least one identity confidence in accordance with the transformation specified by the at least one identity confidence modifier. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification