Communication-based reputation system
First Claim
Patent Images
1. A computer-implemented method of determining a reputation associated with an entity, the method comprising:
- receiving, by at least one server from a client, information indicating a communication between the entity and a host that the entity communicates with, wherein the communication is monitored by the client and occurs while the entity is executed on the client, the entity comprising a file or software application;
identifying, by the least one server, reputation information indicating reputations of a set of other entities that communicate with the host;
generating, by the least one server, a host reputation score indicating a reputation of the host that the entity communicates with based on the reputation information indicating reputations of the set of other entities that communicate with the host;
generating, by the least one server, an entity reputation score indicating a likelihood that the entity is malware based on the host reputation score indicating the reputation of the host that the entity communicates with; and
transmitting, by the at least one server, the entity reputation score to the client for malware remediation.
2 Assignments
0 Petitions
Accused Products
Abstract
A communication between an entity and a host is identified. Reputation information associated with a set of other entities that communicate with the host is identified. A reputation score associated with the host is generated based on the reputation information associated with a set of other entities. A reputation score associated with the entity is generated based on the reputation score associated with the host.
247 Citations
15 Claims
-
1. A computer-implemented method of determining a reputation associated with an entity, the method comprising:
-
receiving, by at least one server from a client, information indicating a communication between the entity and a host that the entity communicates with, wherein the communication is monitored by the client and occurs while the entity is executed on the client, the entity comprising a file or software application; identifying, by the least one server, reputation information indicating reputations of a set of other entities that communicate with the host; generating, by the least one server, a host reputation score indicating a reputation of the host that the entity communicates with based on the reputation information indicating reputations of the set of other entities that communicate with the host; generating, by the least one server, an entity reputation score indicating a likelihood that the entity is malware based on the host reputation score indicating the reputation of the host that the entity communicates with; and transmitting, by the at least one server, the entity reputation score to the client for malware remediation. - View Dependent Claims (2, 3, 4, 5, 15)
-
-
6. A non-transitory computer-readable storage medium encoded with executable computer program code for determining a reputation associated with an entity, the program code comprising program code for:
-
identifying, at a client, a communication between the entity and a host that the entity communicates with, wherein communication occurs while the entity is executed on a client, the entity comprising a file or software application; transmitting, to a server, information uniquely identifying the entity and the host; receiving, from the server, a entity reputation score indicating a likelihood that the entity is malware, wherein the server determines the entity reputation score by; identifying reputation information indicating reputations of set of other entities that communicate with the host, generating a host reputation score indicating a reputation of the host that the entity communicates with based on the reputation information indicating the reputations of the set of other entities that communicate with the host, and generating the entity reputation score indicating a likelihood that the entity is malware based on the host reputation score indicating the reputation of the host that the entity communicates with; and remediating the client responsive to determining that the entity reputation score indicates that the entity has a high likelihood of containing malware. - View Dependent Claims (7, 8, 9)
-
-
10. A computer system for determining a reputation associated with an entity, the computer system comprising:
-
a memory; a hardware processor; a reporting module stored on the memory and executable by the hardware processor to receive, from a client, information indicating a communication between the entity and a host that the entity communicates with, the communication monitored by the client and occurring while the entity is executed on the client, the entity comprising a file or software application; a host reputation scoring module stored on the memory and executable by the hardware processor to identify reputation information indicating reputations of a set of other entities that communicate with the host and generate a host reputation score indicating a reputation of the host that the entity communicates with based on the reputation information indicating reputations of the set of other entities that communicate with the host, the set of other entities being files or software applications that communicate with the host while executing; and an entity reputation scoring module stored on the memory and executable by the hardware processor to generate an entity reputation score indicating a likelihood that the entity is malware based on the host reputation score indicating the reputation of the host that the entity communicates with, wherein the reporting module is further executable to transmit the entity reputation score to the client for malware remediation. - View Dependent Claims (11, 12, 13, 14)
-
Specification