Activity filtering based on trust ratings of network

US 9,098,459 B2
Filed: 01/29/2010
Issued: 08/04/2015
Est. Priority Date: 01/29/2010
Status: Active Grant

First Claim

Patent Images

1. A method of filtering activities of nodes interacting with a device having a processor and having access to a border gateway protocol routing table, the nodes connected to the device through a network and respectively having a network address, the method comprising:

executing on the processor instructions configured to;

for respective network entities represented by an autonomous system number in the border gateway protocol routing table;

for respective nodes interacting with the device;

evaluate at least one activity of the node; and

assign to the node a node trust rating based on evaluated activities of the node; and

assign to the network entity a network entity trust rating based on evaluated activities of the nodes having a network address associated, according to the border gateway protocol routing table, with the autonomous system number of the network entity; and

filter activities of a node interacting with the device by;

determining, according to the border gateway protocol routing table, the network entity having an autonomous system number associated with the network address of the node;

comparing the network entity trust rating of the network entity with the node trust rating assigned to the node;

if the node has been assigned a node trust rating that is higher than the network entity trust rating of the network entity, filtering activities of the node based on the node trust rating rather than the network entity trust rating; and

if the node has not been assigned a node trust rating that is higher than the network entity trust rating of the network entity, filtering activities of the node based on the network entity trust rating of the network entity.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The filtering of activities generated by nodes of a network while interacting with a device may be performed by evaluating the desirability of the activities (e.g., a spam or not-spam determination of email messages sent by the node) and assigning a trust rating to the node. However, nodes are often identified by network address, and an operator of a node sending undesirable activities may reassign the network address of the node in order to avoid heavy filtering. Instead, nodes may be identified as being controlled by a network entity (e.g., an autonomous system identified in a border gateway protocol routing table.) The network entity is assigned a network entity trust rating based on the trust ratings of the nodes controlled thereby, and an appropriate level of activity filtering based on the network entity trust rating may be selected for subsequent activities received from all nodes controlled by the network entity.

Citations

20 Claims

1. A method of filtering activities of nodes interacting with a device having a processor and having access to a border gateway protocol routing table, the nodes connected to the device through a network and respectively having a network address, the method comprising:
- executing on the processor instructions configured to;
  
  for respective network entities represented by an autonomous system number in the border gateway protocol routing table;
  
  for respective nodes interacting with the device;
  
  evaluate at least one activity of the node; and
  
  assign to the node a node trust rating based on evaluated activities of the node; and
  
  assign to the network entity a network entity trust rating based on evaluated activities of the nodes having a network address associated, according to the border gateway protocol routing table, with the autonomous system number of the network entity; and
  
  filter activities of a node interacting with the device by;
  
  determining, according to the border gateway protocol routing table, the network entity having an autonomous system number associated with the network address of the node;
  
  comparing the network entity trust rating of the network entity with the node trust rating assigned to the node;
  
  if the node has been assigned a node trust rating that is higher than the network entity trust rating of the network entity, filtering activities of the node based on the node trust rating rather than the network entity trust rating; and
  
  if the node has not been assigned a node trust rating that is higher than the network entity trust rating of the network entity, filtering activities of the node based on the network entity trust rating of the network entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, at least one activity of the node interacting with the device selected from an activity set comprising:
    - sending at least one email message to the device;
      
      sending at least one text message to the device;
      
      sending at least one social network message to the device;
      
      sending at least one weblog post to the device; and
      
      utilizing at least one service of the device.
  - 3. The method of claim 1, evaluating the at least one activity of the node comprising:
    - evaluating at least one activity property of at least one activity of the node, the at least one activity property selected from an activity properties set comprising;
      
      a spam message report relating to at least one spam message sent by the node;
      
      a non-spam message report relating to at least one non-spam message sent by the node;
      
      a phishing report relating to at least one phishing attempt initiated by the node;
      
      a malware report relating to at least one malware item stored by the node;
      
      a message metric of messages sent by the node;
      
      a recipient metric of recipients of at least one message sent by the node;
      
      a returned message metric of returned messages sent to the node in response to at least one message sent by the node;
      
      a sender authentication failure of at least one sender of at least one message sent by the node;
      
      a connection metric of connections established by the node; and
      
      a bandwidth metric of bandwidth utilized by the network.
  - 4. The method of claim 1, comprising:
    - generating an activity evaluation of the node based on at least one network property exhibited by the node, the at least one network property selected from a network property set comprising;
      
      a name registry comprising a network name of the node;
      
      at least one network port status of at least one network port of the node;
      
      a geographic location of the node; and
      
      at least one property of at least one network route associated with at least one network address of the node.
  - 5. The method of claim 1, comprising:
    - generating an activity evaluation of the node based on at least one user property of at least one user of the node, the at least one user property selected from a user property set comprising;
      
      a geographic location of the user;
      
      a user type of the user;
      
      a reputation of the user; and
      
      a financial status indicator of the user.
  - 6. The method of claim 1, comprising:
    - generating an activity evaluation of the node by;
      
      querying a user to evaluate at least one activity of the node, andupon receiving from the user an activity evaluation of the node, assigning the activity evaluation to the node.
  - 7. The method of claim 1, comprising:
    - generating an activity evaluation of the node by;
      
      selecting a node activity classification of the activity of the node using a node activity classifier configured to evaluate activities of nodes, andassigning the activity evaluation to the node based on the node activity classification.
  - 8. The method of claim 1, assigning the network entity trust rating of the network entity comprising:
    - selecting a network entity classification of the activity of the node using a network entity classifier configured to evaluate network entities based on activity evaluations of nodes having network addresses associated with the autonomous system number of the network entity according to the border gateway protocol routing table, andassigning the network entity trust rating of the network entity based on the network entity classification.
  - 9. The method of claim 1, comprising:
    - notifying at least one trusted device of at least one network entity trust rating of at least one network entity.
  - 10. The method of claim 1, assigning the network entity trust rating of at least one network entity comprising:
    - receiving at least one network entity trust rating from at least one trusted device, andassigning to the network entity a network entity trust rating based on activity evaluations of nodes having a network address associated, according to the border gateway protocol routing table, with an autonomous system number of the network entity, and the network entity trust rating received from the at least one trusted device.
  - 11. The method of claim 1, comprising:
    - after assigning a network entity trust rating to a network entity;
      
      for nodes interacting with the device and having a network address associated, according to the border gateway protocol routing table, with an autonomous system number of the network entity, evaluating at least one subsequent activity of the node to assign an updated activity evaluation to the node; and
      
      upon detecting an updated activity evaluation of at least one node, assign to the network entity an updated network entity trust rating based on the updated activity evaluation.
  - 12. The method of claim 1, filtering the activity of the node comprising:
    - upon determining that at least one network address of the node is associated, according to the border gateway protocol routing table, with an autonomous system number of a network entity having a poor network entity trust rating, blocking activities received from the node.
  - 13. The method of claim 1, filtering the activity of the node comprising:
    - upon determining that that the is associated, according to the border gateway protocol routing table, with an autonomous system number of a network entity having a poor network entity trust rating, reducing at least one service of the device provided to the node.
  - 14. The method of claim 1, filtering the activity of the node comprising:
    - upon determining that is associated, according to the border gateway protocol routing table, with an autonomous system number of a network entity having a poor network entity trust rating, increasing filtering of at least one activity of the node.
  - 15. The method of claim 14:
    - the activity of the node comprising at least one email message sent to the device, andfiltering the activity of the node comprising;
      
      upon determining that the node is associated, according to the border gateway protocol routing table, with an autonomous system number of a network entity having a poor network entity trust rating, applying at least one email filtering technique selected from an email filtering techniques set comprising;
      
      dropping the email message;
      
      bouncing the email message to the node;
      
      junking the email message;
      
      quarantining the email message;
      
      delaying the email message.
  - 16. The method of claim 1, wherein assigning the node trust rating to the node further comprises:
    - after assigning a network entity trust rating to the network entity of the node;
      
      evaluate at least one subsequent activity of the node; and
      
      upon determining that the at least one subsequent activity of the node indicates a higher level of trust for the node than the network entity trust rating of the network entity, assign to the node a node trust rating that is higher than the network entity trust rating of the network entity.

17. A system configured to filter activities of nodes interacting with a device having a memory device and a processor and having access to a border gateway protocol routing table, the nodes connected to the device through a network and respectively having a network address, the system comprising:
- a node activity trust rating component comprising instructions stored in the memory device that, when executed on the processor, cause the device to, for nodes interacting with the device and having a network address associated, according to the border gateway protocol routing table, with the autonomous system number of a network entity;
  
  evaluate at least one activity of the node; and
  
  assign to the node a node trust rating based on evaluated activities of the node;
  
  a network entity trust rating component comprising instructions stored in the memory device that, when executed on the processor, cause the device to, for respective network entities, assign to the network entity a network entity trust rating based on evaluated activities of nodes having network addresses associated, according to the border gateway protocol routing table, with the autonomous system number of the network entity; and
  
  a node activity filtering component comprising instructions stored in the memory device that, when executed on the processor, cause the device to filter activities of a node interacting with the device by;
  
  determining the network entity having an autonomous system number associated, according to the border gateway protocol routing table, with the network address of the node; and
  
  comparing the network entity trust rating of the network entity with the node trust rating assigned to the node;
  
  if the node has been assigned a node trust rating that is higher than the network entity trust rating of the network entity, filtering activities of the node based on the node trust rating rather than the network entity trust rating; and
  
  if the node has not been assigned a node trust rating that is higher than the network entity trust rating of the network entity, filtering activities of the node based on the network entity trust rating of the network entity.
- View Dependent Claims (18, 19)
- - 18. The system of claim 17, the instructions of the node activity trust rating component configured to generate the activity evaluation of the node by:
    - selecting a node activity classification of the activity of the node using a node activity classifier configured to evaluate activities of nodes, andassigning the activity evaluation to the node based on the node activity classification.
  - 19. The system of claim 17, the instructions of the network entity trust rating component configured to assign the network entity trust rating of the network entity by:
    - selecting a network entity classification of the activity of the node using a network entity classifier configured to evaluate network entities based on activity evaluations of nodes having network addresses associated with the autonomous system number of the network entity according to the border gateway protocol routing table, andassigning the network entity trust rating of the network entity based on the network entity classification.

20. A memory device storing instructions that, when executed on a processor of a device having access to a border gateway protocol routing table, cause the device to filter activities of nodes interacting with the device through a network, by:
- for respective network entities represented by an autonomous system number in the border gateway protocol routing table;
  
  for respective nodes interacting with the device;
  
  evaluate at least one activity of the node; and
  
  assign to the node a node trust rating based on evaluated activities of the node; and
  
  assigning to the network entity a network entity trust rating based on evaluated activities of the nodes having a network address associated, according to the border gateway protocol routing table, with the autonomous system number of the network entity; and
  
  filtering activities of a node interacting with the device by;
  
  determining, according to the border gateway protocol routing table, the network entity having an autonomous system number associated with the network address of the node;
  
  comparing the network entity trust rating of the network entity with the node trust rating assigned to the node;
  
  if the node has been assigned a node trust rating that is higher than the network entity trust rating of the network entity, filtering activities of the node based on the node trust rating rather than the network entity trust rating; and
  
  if the node has not been assigned a node trust rating that is higher than the network entity trust rating of the network entity, filtering activities of the node based on the network entity trust rating of the network entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Davis, Malcolm H, Ramachandran, Aravind K, Hulten, Geoffrey J, Osipkov, Ivan, Drinic, Milenko, Gillum, Eliot C., Vitaldevara, Krishna C., Walter, Jason D., Bidgoli, Mehrdad, McCann, Robert L.
Primary Examiner(s)
CHAO, MICHAEL W

Application Number

US12/697,170
Publication Number

US 20110191847A1
Time in Patent Office

2,013 Days
Field of Search

709/206, 726/22
US Class Current

1/1
CPC Class Codes

G06F 15/16   Combinations of two or more...

G06F 15/173   using an interconnection ne...

G06F 21/00   Security arrangements for p...

G06Q 50/01   Social networking

H04L 51/212   using filtering or selectiv...

H04L 51/52   for supporting social netwo...

H04L 63/0236   Filtering by address, proto...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/1483   service impersonation, e.g....

H04L 63/20   for managing network securi...

Activity filtering based on trust ratings of network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Activity filtering based on trust ratings of network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links