Reputation based load balancing

US 8,578,051 B2
Filed: 08/16/2010
Issued: 11/05/2013
Est. Priority Date: 01/24/2007
Status: Active Grant

First Claim

Patent Images

1. Non-transitory computer readable media encoded with a computer program comprising instructions executable by data processing apparatus that cause the data processing apparatus to perform operations comprising:

receive incoming and outgoing communications for a computer network;

determine an external entity associated with a communication;

derive a reputation vector for the external entity, the reputation vector comprising an aggregation of reputation information indicating the reputation of the external entity for sending malicious communications, the information including data related to reputable and non-reputable criteria in a plurality of categories comprising a plurality of different types of communications; and

select, based on the reputation vector, a subset of tests to perform on the communication, each of the tests in the subset of tests being selected from a plurality of tests, each of the plurality of tests being a respective test that is selected for a communication when a reputation vector for the external entity associated with the communication indicates a non-reputable activity displayed by the external entity.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for operation upon one or more data processors for efficiently processing communications based upon reputation of an entity associated with the communication.

Citations

14 Claims

1. Non-transitory computer readable media encoded with a computer program comprising instructions executable by data processing apparatus that cause the data processing apparatus to perform operations comprising:
- receive incoming and outgoing communications for a computer network;
  
  determine an external entity associated with a communication;
  
  derive a reputation vector for the external entity, the reputation vector comprising an aggregation of reputation information indicating the reputation of the external entity for sending malicious communications, the information including data related to reputable and non-reputable criteria in a plurality of categories comprising a plurality of different types of communications; and
  
  select, based on the reputation vector, a subset of tests to perform on the communication, each of the tests in the subset of tests being selected from a plurality of tests, each of the plurality of tests being a respective test that is selected for a communication when a reputation vector for the external entity associated with the communication indicates a non-reputable activity displayed by the external entity.
- View Dependent Claims (2, 3)
- - 2. The software of claim 1, wherein the instructions cause the one or more computer servers to perform only the tests in the selected subset of tests on the communication.
  - 3. The software of claim 2, wherein malicious communications comprise one or more of a virus, worm, Trojan horse attack, phishing attack and the tests comprise one or more of a virus test, worm test, Trojan horse test, and phishing test.

4. Non-transitory computer readable media encoded with a computer program comprising instructions executable by data processing apparatus that cause the data processing apparatus to perform operations comprising:
- receive incoming and outgoing communications for a computer network;
  
  determine external entities associated with the communications;
  
  for each communication, derive a reputation vector for the external entity associated with the communication, the reputation vector comprising an aggregation of reputation information indicating the reputation of the external entity for sending malicious communications, the information including data related to reputable and non-reputable criteria in a plurality of categories comprising a plurality of different types of communications;
  
  for each communication, prioritize the communication based on the reputation vector associated with the communication, the prioritizing assigning a high priority to communications where the external entity is a reputable entity, and assigning a low priority to communications where the external entity is a non-reputable entity; and
  
  perform a plurality of tests on the communications, each of the tests being performed for the communications according to the priorities of the communications so that an impact on a quality of service for reputable entities is minimized at the expense of a quality of service for non-reputable entities.
- View Dependent Claims (5, 6)
- - 5. The software of claim 4, wherein malicious communications comprise one or more of a virus, worm, Trojan horse attack, phishing attack and the tests comprise one or more of a virus test, worm test, Trojan horse test, and phishing test.
  - 6. The software of claim 4, wherein the instructions cause the one or more server computers to prioritize the communication based on the reputation vector associated with the communication by assigning the communication to respective test queues for each test, each test queue having a queue length based on the prioritization, with a longest queue length for lowest prioritization, and a shortest queue length for a highest prioritization.

7. A computer implemented method performed by one or more computer servers, comprising:
- receiving incoming and outgoing communications for a computer network;
  
  determining external entities associated with the communications;
  
  for each communication, deriving a reputation vector for the external entity associated with the communication, the reputation vector comprising an aggregation of reputation information indicating the reputation of the external entity for sending malicious communications, the information including data related to reputable and non-reputable criteria in a plurality of categories comprising a plurality of different types of communications;
  
  for each communication, prioritizing the communication based on the reputation vector associated with the communication, the prioritizing assigning a high priority to communications where the external entity is a reputable entity, and assigning a low priority to communications where the external entity is a non-reputable entity; and
  
  performing a plurality of tests on the communications, each of the tests being performed for the communications according to the priorities of the communications so that an impact on a quality of service for reputable entities is minimized at the expense of a quality of service for non-reputable entities.
- View Dependent Claims (8, 9)
- - 8. The method of claim 7, wherein malicious communications comprise one or more of a virus, worm, Trojan horse attack, phishing attack and the tests comprise one or more of a virus test, worm test, Trojan horse test, and phishing test.
  - 9. The method of claim 8, wherein prioritizing the communication based on the reputation vector associated with the communication comprises assigning the communication to respective test queues for each test, each test queue having a queue length based on the prioritization, with a longest queue length for lowest prioritization, and a shortest queue length for a highest prioritization.

10. A computer implemented method performed by one or more computer servers, comprising:
- receiving incoming and outgoing communications for a computer network;
  
  determining an external entity associated with a communication;
  
  deriving a reputation vector for the external entity, the reputation vector comprising an aggregation of reputation information indicating the reputation of the external entity for sending malicious communications, the information including data related to reputable and non-reputable criteria in a plurality of categories comprising a plurality of different types of communications; and
  
  selecting, based on the reputation vector, a subset of tests to perform on the communication, each of the tests in the subset of tests being selected from a plurality of tests, each of the plurality of tests being a respective test that is selected for a communication when a reputation vector for the external entity associated with the communication indicates a non-reputable activity displayed by the external entity.
- View Dependent Claims (11, 12)
- - 11. The method of claim 10, further comprising performing only the tests in the selected subset of tests on the communication.
  - 12. The method of claim 11, wherein malicious communications comprise one or more of a virus, worm, Trojan horse attack, phishing attack and the tests comprise one or more of a virus test, worm test, Trojan horse test, and phishing test.

13. A system, comprising:
- at least one processor device;
  
  at least one memory element; and
  
  a network security system adapted, when executed by the at least one processor device, to perform operations comprising;
  
  receiving incoming and outgoing communications for a computer network;
  
  determining an external entity associated with a communication;
  
  deriving a reputation vector for the external entity, the reputation vector comprising an aggregation of reputation information indicating the reputation of the external entity for sending malicious communications, the information including data related to reputable and non-reputable criteria in a plurality of categories comprising a plurality of different types of communications; and
  
  selecting, based on the reputation vector, a subset of tests to perform on the communication, each of the tests in the subset of tests being selected from a plurality of tests, each of the plurality of tests being a respective test that is selected for a communication when a reputation vector for the external entity associated with the communication indicates a non-reputable activity displayed by the external entity.

14. A system, comprisingat least one processor device;
- at least one memory element; and
  
  a network security system adapted, when executed by the at least one processor device, to perform operations comprising;
  
  receiving incoming and outgoing communications for a computer network;
  
  determining external entities associated with the communications;
  
  for each communication, deriving a reputation vector for the external entity associated with the communication, the reputation vector comprising an aggregation of reputation information indicating the reputation of the external entity for sending malicious communications, the information including data related to reputable and non-reputable criteria in a plurality of categories comprising a plurality of different types of communications;
  
  for each communication, prioritizing the communication based on the reputation vector associated with the communication, the prioritizing assigning a high priority to communications where the external entity is a reputable entity, and assigning a low priority to communications where the external entity is a non-reputable entity; and
  
  performing a plurality of tests on the communications, each of the tests being performed for the communications according to the priorities of the communications so that an impact on a quality of service for reputable entities is minimized at the expense of a quality of service for non-reputable entities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Alperovitch, Dmitri, Krasser, Sven, Judge, Paul, Willis, Lamar Lorenzo
Primary Examiner(s)
JEAN GILLES, JUDE

Application Number

US12/857,324
Publication Number

US 20100306846A1
Time in Patent Office

1,177 Days
Field of Search

709/240, 709/229, 709/219, 709/217, 709/245, 709/206, 709/224, 709/227, 709/203
US Class Current

709/240
CPC Class Codes

G06Q 30/0633   Lists, e.g. purchase orders...

H04L 63/104   Grouping of entities

H04L 63/1408   by monitoring network traff...

Reputation based load balancing

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Reputation based load balancing

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links