INTERNET PROTOCOL THREAT PREVENTION
First Claim
1. A computer-implemented method of assessing a risk associated with an Internet Protocol (IP) address for a risk category, the method comprising:
- storing a plurality of threat information in a memory device, the threat information including the IP address, a risk category associated with the IP address, and a risk confidence level associated with the IP address;
storing a risk category acceptance level in the memory device;
determining a risk category value associated with the IP address as a function of;
the risk confidence level, andtiming information, said timing information comprising;
a number of instances the risk confidence level has exceeded the risk category acceptance level during a first time interval, anda second time interval representing the elapsed time since the risk confidence level previously exceeded the risk category acceptance level;
storing the risk category value in the memory device; and
determining an action associated with the IP address for the risk category as a function of the risk category value and the risk category acceptance level.
6 Assignments
0 Petitions
Accused Products
Abstract
Blocking high-risk IP connections in real-time while allowing tailoring of an acceptable risk profile to match the security requirements of network resources. By acquiring IP threat information about IP addresses, including risk confidence levels, assigning weighting factor values corresponding to various characteristics of the IP addresses, and mathematically transforming the risk confidence levels using the weighting factor values, traffic from IP addresses posing unacceptable levels of risk is blocked. Further, mathematically transforming risk confidence level to a user-defined acceptable risk level permits allowing traffic from the IP addresses having an acceptable level of risk.
32 Citations
21 Claims
-
1. A computer-implemented method of assessing a risk associated with an Internet Protocol (IP) address for a risk category, the method comprising:
-
storing a plurality of threat information in a memory device, the threat information including the IP address, a risk category associated with the IP address, and a risk confidence level associated with the IP address; storing a risk category acceptance level in the memory device; determining a risk category value associated with the IP address as a function of; the risk confidence level, and timing information, said timing information comprising; a number of instances the risk confidence level has exceeded the risk category acceptance level during a first time interval, and a second time interval representing the elapsed time since the risk confidence level previously exceeded the risk category acceptance level; storing the risk category value in the memory device; and determining an action associated with the IP address for the risk category as a function of the risk category value and the risk category acceptance level. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A processor-implemented method of determining an aggregate risk score for a plurality of Internet Protocol (IP) addresses, the method comprising:
-
receiving a plurality of IP addresses from one or more internet risk intelligence providers (IRIPs) for a particular category via a computer communications network; processing instructions for determining a plurality of source characteristics associated with each of the plurality of received IP addresses; processing instructions for assigning one or more weighting factors to each of the plurality of source characteristics; processing instructions for mathematically transforming each of the plurality of weighted source characteristics to adjust a risk confidence level for each of the plurality of received IP addresses; processing instructions for determining an aggregate risk score for the plurality of received IP addresses as a function of the adjusted confidence levels for each of the plurality of received IP addresses; and processing instructions for allowing computer network communication with computing devices associated with each of the plurality of received IP addresses having an acceptable level of risk compared to the aggregate risk score. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A system for determining risk for a plurality of Internet Protocol (IP) addresses received in real-time from a plurality of sources, the system comprising:
-
a memory for storing the plurality of IP addresses, a timestamp associated with each of the plurality of IP addresses, a risk category associated with each of the plurality of IP addresses, and a risk confidence level associated with each of the plurality of IP addresses; a graphical user interface (GUI) for displaying a plurality of risk categories associated with the plurality of IP addresses on a display, and for receiving input from a user, the input including a risk acceptance level for each of the plurality of risk categories; a computer-readable storage media having stored thereon computer processor-executable instructions; a computer processor for executing the computer-executable instructions, said instructions comprising; receiving a plurality of IP addresses associated with a particular risk category from one or more internet risk intelligence providers (IRIPs); determining if the one or more received IP addresses are associated with more than one risk category; determining source characteristics for each of the received IP addresses for a category; assigning a weighting factor to each of the source characteristics for each category; adjusting a confidence level for each of the received IP addresses by using a mathematical transform based on the weighting factors for each category; determining an aggregate risk score for all the IP addresses based on the adjusted confidence levels; receiving an acceptable risk level from a user for each category; comparing the aggregate risk score with the received acceptable risk level from the user; and allowing any IP addresses having an acceptable risk level to pass through the network'"'"'s firewall. - View Dependent Claims (18, 19, 20)
-
-
21. A computer network firewall system, comprising:
-
at least one tangible, non-transitory a computer-readable medium storing processor-executable instructions; a threat assessment processor programmed to execute the instructions, wherein the instructions, when executed by the processor; store a plurality of threat information on the computer-readable medium, the threat information including an IP address, a risk category associated with the IP address, and a risk confidence level associated with the IP address; store a risk acceptance level; determine a risk value associated with the IP address as a function of; the risk confidence level, a number of instances the risk confidence level has exceeded a threshold level during a first time interval, and a second time interval representing the elapsed time since the risk confidence level previously exceeded the threshold level; compare the risk value with the risk acceptance level; and block computer network communications with a computing device associated with the IP address when the risk value is greater than or equal to the risk acceptance level.
-
Specification