Web reputation scoring
First Claim
Patent Images
1. A computer implemented method operable to assign a reputation to a web-based entity associated with a hypertext transfer protocol communication, comprising:
- receiving, at a local reputation engine, a hypertext transfer protocol communication at an edge protection device;
identifying, at the local reputation engine, an entity associated with the received hypertext transfer protocol communication;
querying, from the local reputation engine, a global reputation server using a query for a reputation indicator associated with the entity;
receiving, at a local reputation engine, the reputation indicator from the global reputation server; and
taking an action with respect to the hypertext transfer protocol communication based upon the received reputation indicator associated with the entity;
wherein;
a reputation of the entity is based upon previous communications received from the entity, the previous communications being previous communications of two or more of the following communication types;
a hypertext transfer protocol communication, an instant message, a file transfer protocol communication, simple object access protocol messages, real-time transport protocol packages, a short message service communication, multimedia message service communication, or a voice over internet protocol communication; and
wherein the reputation is determined from;
collecting, at each of a plurality of other local reputation engines, the previous communications that are respectively received by the local reputation engine;
determining, at each of the plurality of other local reputation engines, identifiers for each of the previous communications, each identifier for each previous communication identifying a sending entity associated with the previous communication, and sending entities include the entity associated with the received hypertext transfer protocol communication;
determining, at each of the plurality of other local reputation engines, attributes for each of the previous communications, the attributes indicative of a reputation of the sending entity associated with a previous communication;
determining, at each of the plurality of other local reputation engines, a local reputation of the sending entities from the identifiers and the attributes from the previous communications, wherein at least some of the reputations are based on the similarity of attributes associated with two or more identifiers; and
aggregating the local reputations at the global reputation server to generate respective reputation indicators, each local reputation produced by an associated local reputation engine, and the local reputation weighted based on a confidence value associated with the respective local reputation engine, wherein the confidence value is based at least in part on historical performance data for the local reputation engine, the historical performance data comprising statistics based at least in part on numbers of entities incorrectly classified by the local reputation engine.
11 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for operation upon one or more data processors for assigning reputation to web-based entities based upon previously collected data.
715 Citations
35 Claims
-
1. A computer implemented method operable to assign a reputation to a web-based entity associated with a hypertext transfer protocol communication, comprising:
-
receiving, at a local reputation engine, a hypertext transfer protocol communication at an edge protection device; identifying, at the local reputation engine, an entity associated with the received hypertext transfer protocol communication; querying, from the local reputation engine, a global reputation server using a query for a reputation indicator associated with the entity; receiving, at a local reputation engine, the reputation indicator from the global reputation server; and taking an action with respect to the hypertext transfer protocol communication based upon the received reputation indicator associated with the entity; wherein; a reputation of the entity is based upon previous communications received from the entity, the previous communications being previous communications of two or more of the following communication types;
a hypertext transfer protocol communication, an instant message, a file transfer protocol communication, simple object access protocol messages, real-time transport protocol packages, a short message service communication, multimedia message service communication, or a voice over internet protocol communication; andwherein the reputation is determined from; collecting, at each of a plurality of other local reputation engines, the previous communications that are respectively received by the local reputation engine; determining, at each of the plurality of other local reputation engines, identifiers for each of the previous communications, each identifier for each previous communication identifying a sending entity associated with the previous communication, and sending entities include the entity associated with the received hypertext transfer protocol communication; determining, at each of the plurality of other local reputation engines, attributes for each of the previous communications, the attributes indicative of a reputation of the sending entity associated with a previous communication; determining, at each of the plurality of other local reputation engines, a local reputation of the sending entities from the identifiers and the attributes from the previous communications, wherein at least some of the reputations are based on the similarity of attributes associated with two or more identifiers; and aggregating the local reputations at the global reputation server to generate respective reputation indicators, each local reputation produced by an associated local reputation engine, and the local reputation weighted based on a confidence value associated with the respective local reputation engine, wherein the confidence value is based at least in part on historical performance data for the local reputation engine, the historical performance data comprising statistics based at least in part on numbers of entities incorrectly classified by the local reputation engine. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 34)
-
-
17. A web reputation system implemented in one or more computer devices, the web reputation system operable to receive a web communication and to assign a reputation to an entity associated with the communication, the system comprising:
-
a communications interface device operable to receive a web communication; computer memory operable to store the web communication; a communication analyzer operable to analyze the web communication to determine an entity associated with the web communication; and a local reputation engine operable to; query a global reputation server using a query for a reputation indicator associated with the entity based upon previously collected data associated with the entity; receive the reputation indicator from the global reputation server; and determine whether the web communication is to be communicated to a recipient; wherein; a reputation of the entity is based upon previous communications received from the entity, the previous communications being previous communications of two or more of the following communication types;
a hypertext transfer protocol communication, an instant message, a file transfer protocol communication, simple object access protocol messages, real-time transport protocol packages, a short message service communication, multimedia message service communication, or a voice over internet protocol communication; andwherein the reputation is determined from; collecting, at each of a plurality of other local reputation engines, the previous communications that are respectively received by the local reputation engine; determining, at each of the plurality of other local reputation engines, identifiers for each of the previous communications, each identifier for each previous communication identifying a sending entity associated with the previous communication, and sending entities include the entity associated with the received web communication; determining, at each of the plurality of other local reputation engines, attributes for each of the previous communications, the attributes indicative of a reputation of the sending entity associated with a previous communication; determining, at each of the plurality of other local reputation engines, a local reputations of the sending entities from the identifiers and the attributes from the previous communications, wherein at least some of the reputations are based on the similarity of attributes associated with two or more identifiers; and aggregating the local reputations at the global reputation server to generate respective reputation indicators, each local reputation produced by an associated local reputation engine, and the local reputation weighted based on a confidence value associated with the respective local reputation engine, wherein the confidence value is based at least in part on historical performance data for the local reputation engine, the historical performance data comprising statistics based at least in part on numbers of entities incorrectly classified by the local reputation engine. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. One or more non-transitory computer readable media having software program code operable to assign a reputation to a messaging entity associated with a received communication, comprising:
-
receiving a hypertext transfer protocol communication at an edge protection device; identifying, at the edge protection device, an entity associated with the received hypertext transfer protocol communication; querying, from the edge protection device, a global reputation server using a query for a reputation indicator associated with the entity; receiving, at the edge protection device, the reputation indicator from the global reputation server; and taking an action with respect to the hypertext transfer protocol communication based upon the received reputation indicator associated with the entity; wherein; a reputation of the entity is based upon previous communications received from the entity, the previous communications being previous communications of two or more of the following communication types;
a hypertext transfer protocol communication, an instant message, a file transfer protocol communication, simple object access protocol messages, eal-time transport protocol packages, a short message service communication, multimedia message service communication, or a voice over internet protocol communication; andwherein the reputation indicator is determined from; collecting, at each of a plurality of other edge protection devices, the previous communications that are respectively received by the edge protection device; determining, at each of the plurality of other edge protection devices, identifiers for each of the previous communications, each identifier for each previous communication identifying a sending entity associated with the previous communication, and sending entities include the entity associated with the received hypertext transfer protocol communication; determining, at each of the plurality of other edge protection devices, attributes for each of the previous communications, the attributes indicative of a reputation of the sending entity associated with a previous communication; determining, at each of the plurality of other edge protection devices, a local reputation of the sending entities from the identifiers and the attributes from the previous communications, wherein at least some of the reputations are based on the similarity of attributes associated with two or more identifiers; and aggregating the local reputations at the global reputation server to generate respective reputation indicators, each local reputation produced by an associated edge protection device, and the local reputation weighted based on a confidence value associated with the respective edge protection device, wherein the confidence value is based at least in part on historical performance data for the edge protection device, the historical performance data comprising statistics based at least in part on numbers of entities incorrectly classified by the edge protection device.
-
-
35. A computer implemented method, comprising:
-
receiving, at a local reputation engine, a hypertext transfer protocol communication at an edge protection device; identifying, at the local reputation engine, an entity associated with the received hypertext transfer protocol communication; querying, from the local reputation engine, a global reputation server using a query for a reputation indicator associated with the entity; receiving, at a local reputation engine, the reputation indicator from the global reputation server; and taking an action with respect to the hypertext transfer protocol communication based upon the received reputation indicator associated with the entity; wherein; a reputation of the entity is based upon previous communications received from the entity, the previous communications being previous communications of two or more of the following communication types;
a hypertext transfer protocol communication, an instant message, a file transfer protocol communication, simple object access protocol messages, real-time transport protocol packages, a short message service communication, multimedia message service communication, or a voice over internet protocol communication; andwherein the reputation is determined from; collecting, at each of a plurality of other local reputation engines, the previous communications that are respectively received by the local reputation engine; determining, at each of the plurality of other local reputation engines, identifiers for each of the previous communications, each identifier for each previous communication identifying a sending entity associated with the previous communication, and sending entities include the entity associated with the received hypertext transfer protocol communication; determining, at each of the plurality of other local reputation engines, attributes for each of the previous communications, the attributes indicative of a reputation of the sending entity associated with a previous communication; determining, at each of the plurality of other local reputation engines, a local reputation of the sending entities from the identifiers and the attributes from the previous communications, wherein at least some of the reputations are based on the similarity of attributes associated with two or more identifiers; and aggregating the local reputations at the global reputation server to generate respective reputation indicators, each local reputation produced by an associated local reputation engine, and the local reputation weighted based on a confidence value associated with the respective local reputation engine, wherein the confidence value is based on user feedback indicating a performance of the local reputation engine with respect to actions on communications.
-
Specification