System, method and computer program product for behavioral partitioning of a network to detect undesirable nodes
First Claim
Patent Images
1. A method, comprising:
- monitoring votes from a plurality of nodes for node categorization;
identifying a pattern associated with the votes;
identifying undesirable nodes based on the pattern associated with the votes, wherein the node categorization includes identifying at least some of the undesirable nodes as malicious nodes being associated with propagation of malware, and wherein the malicious nodes are provided on a black list; and
implementing a policy at a firewall that precludes communication with the malicious nodes provided on the black list and that withdrawals data access rights for the malicious nodes provided on the black list, wherein a network is partitioned for the malicious nodes based on the pattern, and wherein partitions that include the malicious nodes are refined over iterations of subsequent voting sessions involving the plurality of nodes.
10 Assignments
0 Petitions
Accused Products
Abstract
A system, method and computer program product are provided. In use, votes from a plurality of nodes for node categorization are monitored. Further, a pattern associated with the votes is identified. Thus, malicious nodes may be identified based on the pattern.
-
Citations
18 Claims
-
1. A method, comprising:
-
monitoring votes from a plurality of nodes for node categorization; identifying a pattern associated with the votes; identifying undesirable nodes based on the pattern associated with the votes, wherein the node categorization includes identifying at least some of the undesirable nodes as malicious nodes being associated with propagation of malware, and wherein the malicious nodes are provided on a black list; and implementing a policy at a firewall that precludes communication with the malicious nodes provided on the black list and that withdrawals data access rights for the malicious nodes provided on the black list, wherein a network is partitioned for the malicious nodes based on the pattern, and wherein partitions that include the malicious nodes are refined over iterations of subsequent voting sessions involving the plurality of nodes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product embodied on a non-transitory computer readable medium for performing operations, comprising:
-
monitoring votes from a plurality of nodes for node categorization; identifying a pattern associated with the votes; identifying undesirable nodes based on the pattern associated with the votes, wherein the node categorization includes identifying at least some of the undesirable nodes as malicious nodes being associated with propagation of malware, and wherein the malicious nodes are provided on a black list; and implementing a policy at a firewall that precludes communication with the malicious nodes provided on the black list and that withdrawals data access rights for the malicious nodes provided on the black list, wherein a network is partitioned for the malicious nodes based on the pattern, and wherein partitions that include the malicious nodes are refined over iterations of subsequent voting sessions involving the plurality of nodes.
-
-
18. A system, comprising:
a processor, wherein the system is configured for; monitoring votes from a plurality of nodes for node categorization; identifying a pattern associated with the votes; identifying undesirable nodes based on the pattern associated with the votes, wherein the node categorization includes identifying at least some of the undesirable nodes as malicious nodes being associated with propagation of malware, and wherein the malicious nodes are provided on a black list; and implementing a policy at a firewall that precludes communication with the malicious nodes provided on the black list and that withdrawals data access rights for the malicious nodes provided on the black list, wherein a network is partitioned for the malicious nodes based on the pattern, and wherein partitions that include the malicious nodes are refined over iterations of subsequent voting sessions involving the plurality of nodes.
Specification