Method for tracking machines on a network using multivariable fingerprinting of passively available information
First Claim
1. A method for remote tracking of machines on a network of computers, the method comprising:
- determining one or more assertions to be monitored by a first web site, the first web site being coupled to a network of computers;
monitoring traffic flowing to the web site through the network of computers;
identifying the one or more assertions from the traffic coupled to the network of computers to determine a malicious host coupled to the network of computers;
associating a first IP address and first hardware fingerprint to the one or more assertions of the malicious host;
storing information associated with the IP address, hardware fingerprint, and the one or more assertions of the malicious host in one or more memories of a database;
identifying an unknown host from a second web site;
determining a second IP address and second hardware fingerprint with the unknown host; and
determining if the unknown host is a malicious host.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for tracking machines on a network of computers includes determining one or more assertions to be monitored by a first web site which is coupled to a network of computers. The method monitors traffic flowing to the web site through the network of computers and identifies the one or more assertions from the traffic coupled to the network of computers to determine a malicious host coupled to the network of computers. The method includes associating a first IP address and first hardware finger print to the assertions of the malicious host and storing information associated with the malicious host in one or more memories of a database. The method also includes identifying an unknown host from a second web site, determining a second IP address and second hardware finger print with the unknown host, and determining if the unknown host is the malicious host.
-
Citations
8 Claims
-
1. A method for remote tracking of machines on a network of computers, the method comprising:
-
determining one or more assertions to be monitored by a first web site, the first web site being coupled to a network of computers; monitoring traffic flowing to the web site through the network of computers; identifying the one or more assertions from the traffic coupled to the network of computers to determine a malicious host coupled to the network of computers; associating a first IP address and first hardware fingerprint to the one or more assertions of the malicious host; storing information associated with the IP address, hardware fingerprint, and the one or more assertions of the malicious host in one or more memories of a database; identifying an unknown host from a second web site; determining a second IP address and second hardware fingerprint with the unknown host; and determining if the unknown host is a malicious host. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
Specification