System and method for prosecuting dangerous IP addresses on the internet
First Claim
Patent Images
1. A method for identifying and prosecuting a threatening Internet Protocol (IP) address on the Internet, the method comprising:
- transmitting information to a server, the information comprising one or more events emanating from an IP address;
analyzing the one or more events at a server;
determining that the one or more events have violated a predetermined policy for conduct on the Internet;
publishing the IP address on a list of threatening IP addresses to be blocked by users adhering to the predetermined policy for conduct on the Internet; and
performing a threat aging algorithm for the IP address published on the list of threatening IP addresses to determine if the IP address should be removed from the list of threatening IP addresses, the threat aging algorithm comprising one or more of (i) determining a reoccurring behavior associated with the IP address and (ii) determining a volume of events performed by the IP address.
10 Assignments
0 Petitions
Accused Products
Abstract
A method and system for prosecuting threatening IP addresses on the Internet and publishing a list of these threatening IP addresses for users to block is disclosed herein. If the IP address behaves properly according to a policy adhered to by the users, then the IP address may be paroled and removed from the list.
-
Citations
21 Claims
-
1. A method for identifying and prosecuting a threatening Internet Protocol (IP) address on the Internet, the method comprising:
-
transmitting information to a server, the information comprising one or more events emanating from an IP address; analyzing the one or more events at a server; determining that the one or more events have violated a predetermined policy for conduct on the Internet; publishing the IP address on a list of threatening IP addresses to be blocked by users adhering to the predetermined policy for conduct on the Internet; and performing a threat aging algorithm for the IP address published on the list of threatening IP addresses to determine if the IP address should be removed from the list of threatening IP addresses, the threat aging algorithm comprising one or more of (i) determining a reoccurring behavior associated with the IP address and (ii) determining a volume of events performed by the IP address. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for prosecuting threatening Internet Protocol (IP) addresses on the Internet, the system comprising:
-
a plurality of sensors for detecting incidents associated with one or more IP addresses and generating event data associated with the one or more IP addresses; a database for storing the event data generated by the plurality of sensors; and a server configured to receive the event data, determine if an Internet policy code has been violated by the incidents associated with the one or more IP addresses, publish the one or more IP addresses on a list of threatening IP addresses, and perform a threat aging algorithm for the one or more IP addresses published on the list of threatening IP addresses to determine if the one or more IP addresses should be removed from the list of threatening IP addresses, the threat aging algorithm comprising one or more of (i) determining a reoccurring behavior associated with the one or more IP addresses and (ii) determining a volume of events performed by the one or more IP addresses. - View Dependent Claims (11, 12, 13)
-
-
14. A method for identifying and prosecuting a threatening IP address on the Internet, the method comprising:
-
detecting, at a sensor, an event associated with one or more IP addresses; generating event data for the event associated with the one or more IP addresses; transmitting the event data to an application server; transmitting the event data from the application server to a database; processing the event data at a Map/Reduce engine to generate threatening events information for one or more IP addresses; transmitting the threatening events information to a prosecution server; analyzing the threatening events information at the prosecution server; determining that the threatening events associated with the one or more IP addresses has violated a predetermined policy for conduct on the Internet; publishing the one or more IP addresses on a list of threatening IP addresses to be blocked by users adhering to the predetermined policy for conduct on the Internet; and performing a threat aging algorithm for the one or more IP addresses published on the list of threatening IP addresses to determine if the one or more IP addresses should be removed from the list of threatening IP addresses, the threat aging algorithm comprising at least one of (i) determining a reoccurring behavior associated with the one or more IP addresses and (ii) determining a volume of events performed by the one or more IP addresses. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
Specification