Reputation-based in-network filtering of client event information
First Claim
1. A policy management system, comprising:
- a processing device for implementing computing functionality comprising;
a reputation management system, comprising;
logic configured to receive reputation information from at least one reputation system, each instance of the reputation information identifying at least one client of interest and corresponding behaviors relating to attempts to access at least one service; and
logic configured to store the reputation information in a reputation data set; and
an analysis system comprising;
logic configured to receive the reputation information from the reputation management system;
logic configured to receive forwarded client event information provided by filtering logic, the filtering logic being provided within network infrastructure that connects clients to the at least one service, the client event information identifying behaviors relating to attempts to access the at least one service;
logic configured to generate at least one rule based on at least one instance of the reputation information in combination with the forwarded client event information; and
logic configured to deploy said at least one rule in the filtering logic, for the use by the filtering logic in filtering new client event information, produced by the clients, the new client event information being directed to said at least one service.
3 Assignments
0 Petitions
Accused Products
Abstract
A policy management system is described herein which generates rules based, at least in part, on reputation information provided by at least one reputation source and client event information forwarded by filtering logic. The policy management system then deploys the rules to the filtering logic. The filtering logic, which resides in-network between clients and at least one service, uses the rules to process client event information sent by the clients to the service(s). In one illustrative environment, the service corresponds to an ad hosting service, which uses the policy management system and filtering logic to help prevent malicious client traffic from reaching the ad host service, or otherwise negatively affecting the ad hosting service.
-
Citations
19 Claims
-
1. A policy management system, comprising:
-
a processing device for implementing computing functionality comprising; a reputation management system, comprising; logic configured to receive reputation information from at least one reputation system, each instance of the reputation information identifying at least one client of interest and corresponding behaviors relating to attempts to access at least one service; and logic configured to store the reputation information in a reputation data set; and an analysis system comprising; logic configured to receive the reputation information from the reputation management system; logic configured to receive forwarded client event information provided by filtering logic, the filtering logic being provided within network infrastructure that connects clients to the at least one service, the client event information identifying behaviors relating to attempts to access the at least one service; logic configured to generate at least one rule based on at least one instance of the reputation information in combination with the forwarded client event information; and logic configured to deploy said at least one rule in the filtering logic, for the use by the filtering logic in filtering new client event information, produced by the clients, the new client event information being directed to said at least one service. - View Dependent Claims (2, 3)
-
-
4. A computer readable storage device for storing computer readable instructions, the computer readable instructions providing an analysis system when executed by one or more processing devices, the computer readable instructions comprising:
-
logic configured to receive a forwarded instance of client event information from filtering logic, the forwarded instance of client event information being generated in response to an attempt by a new client to interact with a service; logic configured to extract selected information from the forwarded instance of client event information; logic configured to receive reputation information provided by at least one reputation system, the reputation information identifying at least one client of interest and corresponding behaviors relating to attempts to access at least one service; logic configured to compare the selected information with the reputation information to determine whether the forwarded instance of client event information is similar to the reputation information of any of the clients of interest, the new client being referred to as an identified client if the client event information is similar to the reputation information; logic configured to produce at least one rule that is associated with the identified client from the reputation information and the client event information; and logic configured to deploy said at least one rule in the filtering logic, for subsequent use by the filtering logic in filtering new client event information of other new clients. - View Dependent Claims (5, 6, 7, 8, 9)
-
-
10. A method, performed by physical computing functionality, for filtering client event information, comprising the steps of:
-
storing a plurality of rules in a data store of filtering logic; wherein each rule in the plurality of rules is generated, in part, based on reputation information received from at least one reputation system, each instance of the reputation information identifying at least one client of interest and behaviors by the at least one client of interest that reflects activity performed by the at least one client of interest in an attempt to interact with at least one service; receiving an instance of client event information from a new client that reflects activity performed by the new client in an attempt to interact with a service; determining whether the instance of client event information matches a rule in the plurality of rules, to identify a matching rule upon a match; and performing an action on the instance of client event information, as specified by the matching rule, prior to forwarding the instance of client event information to the service. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
Specification