Method and system for processing a stream of information from a computer network using node based reputation characteristics
First Claim
1. A method, implemented in a computer system that includes at least one processor and at least one storage device, for determining a reputation of a node using information received electronically from a plurality of submitters, the method comprising:
- receiving information about one or more nodes from a submitter of the plurality of submitters, the one or more nodes being associated with a network, wherein the submitter is distinct from the one or more nodes;
identifying, using the at least one processor, a reputation of the submitter from a knowledge base, wherein the reputation of the submitter is determined at least by assertions associated with the submitter'"'"'s past behavior and attributes from one or more submitters of a second plurality of submitters weighted by reputations of the one or more submitters;
determining, using the at least one processor, a node reputation of the node based upon at least the reputation of the submitter and the received information from the submitter wherein the node reputation of the node in a context is determined by calculating the sum of all assertions from the submitter with respect to the context weighted by each submitter'"'"'s reputation in the context, wherein the node reputation is expressed as a rational number based on normalized assertions, where a normalized assertion is expressed as
1 Assignment
0 Petitions
Accused Products
Abstract
A method for processing information from a variety of submitters, e.g., forensic sources. The method includes receiving information about one or more nodes from a submitter from a plurality of submitters numbered from 1 through N. In a specific embodiment, the one or more nodes are associated respectively with one or more IP addresses on a world wide network of computers. The method includes identifying a submitter reputation of the submitter from a knowledge base and associating a node reputation of the node based upon at least the reputation of the submitter and submitted information from the submitter. The method also transfers the node reputation.
-
Citations
32 Claims
-
1. A method, implemented in a computer system that includes at least one processor and at least one storage device, for determining a reputation of a node using information received electronically from a plurality of submitters, the method comprising:
-
receiving information about one or more nodes from a submitter of the plurality of submitters, the one or more nodes being associated with a network, wherein the submitter is distinct from the one or more nodes; identifying, using the at least one processor, a reputation of the submitter from a knowledge base, wherein the reputation of the submitter is determined at least by assertions associated with the submitter'"'"'s past behavior and attributes from one or more submitters of a second plurality of submitters weighted by reputations of the one or more submitters; determining, using the at least one processor, a node reputation of the node based upon at least the reputation of the submitter and the received information from the submitter wherein the node reputation of the node in a context is determined by calculating the sum of all assertions from the submitter with respect to the context weighted by each submitter'"'"'s reputation in the context, wherein the node reputation is expressed as a rational number based on normalized assertions, where a normalized assertion is expressed as - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for determining a reputation of an actor using information received electronically from a plurality of submitters, the system comprising:
-
a processor; a non-transitory storage medium; and computer code stored in said non-transitory storage medium wherein said computer code, when retrieved from said storage medium and executed by said processor, results in; receiving information about an actor from a submitter of the a plurality of submitters the actor being associated with a network, wherein the submitter is distinct from the actor; identifying a reputation of the submitter from a knowledge base, wherein the reputation of the submitter is associated with past behavior of the submitter and is determined at least by assertions from one or more submitters from a second plurality of submitters weighted by reputations of the one or more submitters; determining a reputation of the actor based upon at least the reputation of the submitter and the received information from the submitter, wherein the reputation of the actor is determined at least by assertions regarding past behaviors of the actor from the submitter weighted by the submitter reputation; and transferring to a user of the system the reputation of the actor; wherein the reputation of the submitter in a context is determined by calculating the sum of all assertions from the one or more submitter with respect to the context weighted by reputation in the context of each of the one or more submitters; wherein the reputation of the actor is expressed as a rational number based on normalized assertions, where a normalized assertion is expressed as - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. In a system for characterizing reputations of one or more nodes in a computer network environment, the system comprising at least one processor and a knowledge base implemented on at least one non-transitory storage device, the at least one non-transitory device comprises a knowledge base which, when accessed by the at least one processor, provides reputations for the one or more nodes,
the knowledge base having information about a plurality of nodes, each of the nodes being assigned one or more reputation characteristics, each of the reputation characteristics comprising one or more of a plurality of properties, one or more of the properties being associated with a submitter, the submitter having a submitter reputation characteristic, wherein the submitter reputation characteristics is determined at least by assertions regarding past behaviors of the submitter from one or more submitters from a second plurality of submitters weighted by reputations of the one or more submitters; -
wherein the reputation characteristic of the submitter in a context is determined by calculating the sum of all assertions from the one or more submitter with respect to the context weighted by reputation in the context of each of the one or more submitters; wherein the reputation of the actor is expressed as a rational number based on normalized assertions, where a normalized assertion is expressed as - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A method, implemented in a computer system that includes at least one processor and at least one storage device, for creating a real time knowledge base of a plurality of nodes based on input received electronically from a plurality of submitters, the method comprising:
-
receiving first information about one or more nodes from a first submitter of the plurality of submitters, the one or more nodes being associated with a network, wherein the submitter is distinct from the one or more nodes; identifying, using the at least one processor, a reputation of the first submitter from a knowledge base, the submitter being one of the plurality of submitters, wherein the reputation of the submitter is associated with past behavior of the submitter; determining, using the at least one processor, a node reputation of the node based upon at least the reputation of the first submitter and first submitted assertion regarding past behavior of the node from the first submitter; storing the first submitted assertion in a first portion of the knowledge base; and repeating the receiving, identifying, associating, and storing for second information from a second submitter; wherein the node reputation of the node in a context is determined according to the following equations, - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32)
-
Specification