Multi-dimensional reputation scoring
First Claim
Patent Images
1. A computer implemented method operable to assign a reputation to a communications entity associated with a received communication, the method comprising:
- dispersing a plurality of agents within a widely distributed network, each of the agents being associated with a respective security device operable to protect an associated network from communications that violate a policy associated with the associated network;
collecting data associated with communications from a plurality of entities originating communications, the plurality of entities including a reputable entity with a reputable reputation, a non-reputable entity with a non-reputable reputation and an unknown entity with an unknown reputation, wherein collecting data comprises using the plurality of agents to collect data associated with the communications;
aggregating the collected data;
analyzing the aggregated data to identify attributes respectively associated with the communications from the plurality of entities;
correlating the attributes to identify relationships between each of the plurality of entities, each identified relationship between entities is associated with a strength based on similarities between the attributes of communications from the entities;
attributing, by one or more data processors, a portion of reputable qualities from the reputable entity to the reputation of the unknown entity based on the strength of the relationship between the reputable entity and the unknown entity;
attributing, by the one or more data processors, a portion of non-reputable qualities from the non-reputable entity to the reputation of the unknown entity based on the strength of the relationship between the non-reputable entity and the unknown entity;
updating the reputation of the unknown entity based upon the portion of reputable qualities attributed to the unknown entity from the reputable entity and the portion of non-reputable qualities attributed to the unknown entity from the non-reputable entity, wherein the reputation of the unknown entity comprises indications of a reputation of the unknown entity in a plurality of categories representing types of activity in which the unknown entity or related entities have engaged; and
communicating data specifying the updated reputation information of the unknown entity to one or more of the plurality of agents.
11 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for assigning reputation to communications entities include collecting communications data from distributed agents, aggregating the communications data, analyzing the communications data and identifying relationships between communications entities based upon the communications data.
569 Citations
39 Claims
-
1. A computer implemented method operable to assign a reputation to a communications entity associated with a received communication, the method comprising:
-
dispersing a plurality of agents within a widely distributed network, each of the agents being associated with a respective security device operable to protect an associated network from communications that violate a policy associated with the associated network; collecting data associated with communications from a plurality of entities originating communications, the plurality of entities including a reputable entity with a reputable reputation, a non-reputable entity with a non-reputable reputation and an unknown entity with an unknown reputation, wherein collecting data comprises using the plurality of agents to collect data associated with the communications; aggregating the collected data; analyzing the aggregated data to identify attributes respectively associated with the communications from the plurality of entities; correlating the attributes to identify relationships between each of the plurality of entities, each identified relationship between entities is associated with a strength based on similarities between the attributes of communications from the entities; attributing, by one or more data processors, a portion of reputable qualities from the reputable entity to the reputation of the unknown entity based on the strength of the relationship between the reputable entity and the unknown entity; attributing, by the one or more data processors, a portion of non-reputable qualities from the non-reputable entity to the reputation of the unknown entity based on the strength of the relationship between the non-reputable entity and the unknown entity; updating the reputation of the unknown entity based upon the portion of reputable qualities attributed to the unknown entity from the reputable entity and the portion of non-reputable qualities attributed to the unknown entity from the non-reputable entity, wherein the reputation of the unknown entity comprises indications of a reputation of the unknown entity in a plurality of categories representing types of activity in which the unknown entity or related entities have engaged; and communicating data specifying the updated reputation information of the unknown entity to one or more of the plurality of agents. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer implemented method operable to assign a reputation to a communications entity associated with a received communication, comprising:
-
collecting data associated with communications from a plurality of entities originating communications, the plurality of entities including a reputable entity with a reputable reputation, a non-reputable entity with a non-reputable reputation and an unknown entity with an unknown reputation, wherein collecting data comprises receiving data from a plurality of agents dispersed in a widely distributed network and associated with respective security devices to collect data associated with the communications; aggregating the collected data; analyzing the aggregated data to identify attributes respectively associated with the communications from the plurality of entities; correlating the attributes to identify relationships between each of the plurality of entities each identified relationship between entities is associated with a strength based on similarities between the attributes of communications from the entities; attributing, by one or more data processors, a portion reputable qualities from the reputable entity to the reputation of the unknown entity based on the strength of the relationship between the reputable entity and the unknown entity; attributing, by the one or more data processors, a portion of non-reputable qualities from the non-reputable entity to the reputation of the unknown entity based on the strength of the relationship between the non-reputable entity and the unknown entity; updating the reputation of the unknown entity based upon the portion of reputable qualities attributed to the unknown entity from the reputable entity and the portion of non-reputable qualities attributed to the unknown entity from the non-reputable entity, wherein the reputation of the unknown entity comprises indications of a reputation of the unknown entity in a plurality of categories representing types of activity in which the unknown entity or related entities have engaged; and handling communications based upon the updated reputation.
-
-
21. A distributed system operable to derive and communicate a reputation associated with a communications entity, comprising:
-
a communications device operable to communicate with a plurality of agents dispersed within a global network, each of the agents being operable to derive respective local reputations associated with entities from which communications are received, wherein the plurality of agents are further operable to collect data associated with received communications; one or more data aggregation engines operable to aggregate the collected data via the communications device; computer memory operable to store the aggregated data; an analyzer operable to analyze the data to identify attributes respectively associated with entities originating the received communications, wherein the originating entities including a reputable entity with a reputable reputation, a non-reputable entity with a non-reputable reputation and an unknown entity with an unknown reputation; a correlation engine operable to correlate the attributes associated with the originating entities and to identify relationships between the entities, each identified relationship between originating entities associated with a strength based on similarities between the attributes of communications from the entities; a reputation engine operable to; identify relationships between the originating entities; attribute a portion of reputable qualities from the reputable entity to the reputation of the unknown entity based on the strength of the relationship between the reputable entity and the unknown entity; attribute a portion of non-reputable qualities from the non-reputable entity to the reputation of the unknown entity based on the strength of the relationship between the non-reputable entity and the unknown entity; and update the reputation associated with the unknown entity based upon the portion of reputable qualities attributed to the unknown entity from the reputable entity and the portions of non-reputable qualities attributed to the unknown entity from the non-reputable entity, wherein the reputation of the unknown entity comprises indications of a reputation of the unknown entity in a plurality of categories representing types of activity in which the unknown entity or related entities have engaged; and wherein the communications device is further operable to communicate the updated reputation information to devices operating on the global network. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
Specification