×

Method and system for tracking machines on a network using fuzzy guid technology

  • US 8,782,783 B2
  • Filed: 02/13/2012
  • Issued: 07/15/2014
  • Est. Priority Date: 11/28/2005
  • Status: Active Grant
First Claim
Patent Images

1. In a computer-based system which includes a processor, a method for tracking machines on a network of computers, the method comprising:

  • identifying a malicious host coupled to the network of computers;

    determining, using the processor, a first IP (Internet Protocol) address and attributes associated with the malicious host during a first time period;

    determining, using the processor, an attribute fuzzy GUID (Globally Unique Identifier) for the first IP address and each of the attributes, the attribute fuzzy GUID being a globally unique identifier associated with the first IP address and each of the attributes;

    forming, using the processor, a host fuzzy GUID of the malicious host based on the first IP address and the attributes by processing the attribute fuzzy GUID associated with the first IP address and each of the attributes, wherein the host fuzzy GUID is a globally unique identifier for each host and includes behavior information;

    classifying the malicious host to be in a determined state;

    during a second time period, classifying the malicious host to be in a latent state;

    identifying, using the processor, an unknown host during the second time period, the unknown host being associated with a second IP address and one or more attributes;

    processing, using the processor, the second IP address and the one or more attributes of the unknown host in conjunction with the first IP address and the one or more attributes of the malicious host; and

    determining, using the processor, if the malicious host has moved from the first IP address to the second IP address, thereby identifying if the unknown host is the malicious host.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×