Network appliance for dynamic protection from risky network activities
First Claim
Patent Images
1. An electronic appliance on a computer network for enhancing computer security, the appliance comprising:
- (a) a data storage configured to store a template of risky addresses, the risky addresses comprising a first numerical address and a portion of a second numerical address;
(b) a receiving module configured to receive data packets from two or more computing devices at two or more distinct geolocations;
(c) a detection module configured to;
1) analyze addresses in the data packets to identify a threat address, wherein the analysis;
(i) is based on one or more artificial intelligence algorithms without using any of the following;
a deep packet inspection, a signature, and a virtual network machine; and
(ii) comprises evaluating a plurality of risk factors of the addresses in the data packets, deriving a single actionable risk score, and determining the threat address based on the single actionable risk score;
wherein the analysis further comprises;
identifying a source address in the data packets, identifying and tracking a location of the data packets, exploring a history of past analyses, and associating a risk category with the data packets;
2) block one or more risky data packets associated with the threat address;
or remove the one or more risky data packets and generate one or more safe data packets; and
3) update the template of the risky addresses based on results of the analysis; and
(d) a transmission module configured to transmit the one or more safe data packets to a destination computing device.
3 Assignments
0 Petitions
Accused Products
Abstract
Electronic appliances, computer-implemented systems, non-transitory media, and methods are provided to identify risky network activities using intelligent algorithms. The appliances, systems, media, and methods enable rapid detection of risky activities.
76 Citations
24 Claims
-
1. An electronic appliance on a computer network for enhancing computer security, the appliance comprising:
-
(a) a data storage configured to store a template of risky addresses, the risky addresses comprising a first numerical address and a portion of a second numerical address; (b) a receiving module configured to receive data packets from two or more computing devices at two or more distinct geolocations; (c) a detection module configured to; 1) analyze addresses in the data packets to identify a threat address, wherein the analysis;
(i) is based on one or more artificial intelligence algorithms without using any of the following;
a deep packet inspection, a signature, and a virtual network machine; and
(ii) comprises evaluating a plurality of risk factors of the addresses in the data packets, deriving a single actionable risk score, and determining the threat address based on the single actionable risk score;
wherein the analysis further comprises;
identifying a source address in the data packets, identifying and tracking a location of the data packets, exploring a history of past analyses, and associating a risk category with the data packets;2) block one or more risky data packets associated with the threat address;
or remove the one or more risky data packets and generate one or more safe data packets; and3) update the template of the risky addresses based on results of the analysis; and (d) a transmission module configured to transmit the one or more safe data packets to a destination computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An electronic appliance on a computer network for enhancing computer security, the appliance comprising:
-
(a) a communication module configured to allow the appliance to communicate with one or more honeypot computers; (b) a data storage configured to store information of risky addresses, wherein the information is provided by the one or more honeypot computers regularly or irregularly and the risky addresses comprise a first numerical address and a portion of a second numerical address; (c) a receiving module configured to receive data packets from two or more computing devices at two or more distinct geolocations; (d) a detection module configured to; 1) analyze addresses in the data packets to identify a threat address, wherein the analysis;
(i) is based on one or more artificial intelligence algorithms without using any of the following;
a deep packet inspection, a signature, and a virtual network machine; and
(ii) comprises evaluating a plurality of risk factors of the addresses in the data packets, deriving a single actionable risk score, and determining the threat address based on the single actionable risk score;
wherein the analysis further comprises;
identifying a source address in the data packets, identifying and tracking a location of the data packets, exploring a history of past analyses, and associating a risk category with the data packets;2) block one or more risky data packets associated with the threat address;
or remove the one or more risky data packets and generate one or more safe data packets; and3) update the information of the risky addresses based on results of the analysis; and (e) a transmission module configured to transmit the one or more safe data packets to a destination computing device. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system on a computer network for enhancing computer security, the system comprising:
-
(a) a digital signal processor; (b) memory; and (c) an operating system configured to execute computer instructions to create a software application comprising; 1) a database configured to store a template of risky addresses, the risky addresses comprising a first numerical address and a portion of a second numerical address; 2) a receiving module configured to receive one or more data packets from two or more computing devices at two or more distinct geolocations; 3) a detection module configured to; i) analyze addresses in the data packets to identify a threat address, wherein the analysis;
(A) is based on one or more artificial intelligence algorithms without using any of the following;
a deep packet inspection, a signature, and a virtual network machine, and (B) comprises evaluating a plurality of risk factors of the addresses in the data packets, deriving a single actionable risk score, and determining the threat address based on the single actionable risk score;wherein the analysis further comprises;
identifying a source address in the data packets, identifying and tracking a location of the data packets, exploring a history of past analyses, and associating a risk category with the data packets;ii) block one or more risky data packets associated with the threat address;
or remove the one or more risky data packets and generate one or more safe data packets; andiii) update the template of the risky addresses based on results of the analysis; and 4) a transmission module configured to transmit the one or more safe data packets to a destination computing device. - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
Specification