Determining a reputation through network characteristics

US 9,769,186 B2
Filed: 12/23/2014
Issued: 09/19/2017
Est. Priority Date: 12/23/2014
Status: Active Grant

First Claim

Patent Images

1. At least one non-transitory computer-readable medium comprising one or more instructions that when executed by at least one processor, cause the processor to:

monitor network traffic to and from a device;

compare the monitored network traffic to characteristics of the device to determine if the monitored traffic is outside the characteristics of the device, wherein the characteristics of the device at least partially include characteristics from an original equipment manufacturer related to sending and receiving packets, and wherein the characteristics from an original equipment manufacturer are retrieved while monitoring network traffic; and

assign an untrusted reputation to the device if the monitored traffic is outside the characteristics of the device.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Particular embodiments described herein provide for an electronic device that can be configured to monitor network traffic to and from a device, compare the monitored network traffic to characteristics of the device to determine if the monitored traffic is outside the characteristics of the device, and take remedial action if the monitored traffic is outside the characteristics of the device.

Citations

18 Claims

1. At least one non-transitory computer-readable medium comprising one or more instructions that when executed by at least one processor, cause the processor to:
- monitor network traffic to and from a device;
  
  compare the monitored network traffic to characteristics of the device to determine if the monitored traffic is outside the characteristics of the device, wherein the characteristics of the device at least partially include characteristics from an original equipment manufacturer related to sending and receiving packets, and wherein the characteristics from an original equipment manufacturer are retrieved while monitoring network traffic; and
  
  assign an untrusted reputation to the device if the monitored traffic is outside the characteristics of the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The at least one computer-readable medium of claim 1, wherein the device characteristics are created from previous network traffic to and from the device.
  - 3. The at least one computer-readable medium of claim 1, wherein the device characteristics are at least partially based on other device characteristics of similar devices.
  - 4. The at least one computer-readable medium of claim 1, wherein the device characteristics are obtained from the original equipment manufacturer.
  - 5. The at least one computer-readable medium of claim 1, further comprising one or more instructions that when executed by the at least one processor, further cause the processor to:
    - monitor network traffic to and from a plurality of devices on a local network;
      
      compare the monitored network traffic to and from each of the plurality of devices to characteristics of each of the plurality of devices;
      
      determine if the monitored network traffic to and from a specific device is outside characteristics of the specific device; and
      
      initiate remedial action if the monitored traffic is outside the characteristics of the specific device.
  - 6. The at least one computer-readable medium of claim 1, wherein the characteristics at least partially include uploading sensitive data.
  - 7. The at least one computer-readable medium of claim 1, wherein the remedial action includes restricting network access for the device.
  - 8. The at least one computer-readable medium of claim 1, wherein the remedial action includes scanning the device for malware.

9. An apparatus comprising:
- a hardware processor; and
  
  a behavior reputation engine configured to;
  
  monitor network traffic to and from a device;
  
  compare the monitored network traffic to characteristics of the device to determine if the monitored traffic is outside the characteristics of the device, wherein the characteristics of the device at least partially include characteristics from an original equipment manufacturer related to sending and receiving packets, and wherein the characteristics from an original equipment manufacturer are retrieved while monitoring network traffic; and
  
  assign an untrusted reputation to the device if the monitored traffic is outside the characteristics of the device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The apparatus of claim 9, wherein the device characteristics are created from previous network traffic to and from the device.
  - 11. The apparatus of claim 9, wherein the device characteristics are at least partially based on other device characteristics of similar devices.
  - 12. The apparatus of claim 9, wherein the device characteristics are obtained from the original equipment manufacturer.
  - 13. The apparatus of claim 9, wherein the behavior reputation module is further configured to:
    - monitor network traffic to and from a plurality of devices on a local network;
      
      compare the monitored network traffic to and from each of the plurality of devices to characteristics of each of the plurality of devices;
      
      determine if the monitored network traffic to and from a specific device is outside characteristics of the specific device; and
      
      initiate remedial action if the monitored traffic is outside the characteristics of the specific device.
  - 14. The apparatus of claim 9, wherein the characteristics at least partially include uploading sensitive data.
  - 15. The apparatus of claim 9, wherein the remedial action includes restricting network access for the device.
  - 16. The apparatus of claim 9, wherein the remedial action includes scanning the device for malware.

17. A system for determining a reputation through network characteristics, the system comprising:
- a hardware processor; and
  
  a behavior reputation engine configured for;
  
  monitoring network traffic to and from a device;
  
  comparing the monitored network traffic to characteristics of the device to determine if the monitored traffic is outside the characteristics of the device, wherein the characteristics of the device at least partially include characteristics from an original equipment manufacturer related to sending and receiving packets, and wherein the characteristics from an original equipment manufacturer are retrieved while monitoring network traffic; and
  
  assigning an untrusted reputation to the device if the monitored traffic is outside the characteristics of the device.
- View Dependent Claims (18)
- - 18. The system of claim 17, wherein the system is further configured for:
    - monitoring network traffic to and from a plurality of devices on a local network;
      
      comparing the monitored network traffic to and from each of the plurality of devices to characteristics of each of the plurality of devices;
      
      determining if the monitored network traffic to and from a specific device is outside characteristics of the specific device; and
      
      initiating remedial action if the monitored traffic is outside the characteristics of the specific device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Teddy, John D., Venugopalan, Ramnath, Cochin, Cedric, Spurlock, Joel R.
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US14/581,922
Publication Number

US 20160182538A1
Time in Patent Office

1,001 Days
Field of Search

726 23
US Class Current
CPC Class Codes

H04L 63/102   Entity profiles

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04W 12/122   Counter-measures against at...

H04W 12/128   Anti-malware arrangements, ...

Determining a reputation through network characteristics

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Determining a reputation through network characteristics

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links