DETERMINING A REPUTATION OF A NETWORK ENTITY
First Claim
Patent Images
1. A computer-implemented method, comprising:
- identifying a type of traffic for one or more flows associated with one or more nodes;
determining a reputation score of one or more nodes based on the type of traffic through the one or more nodes; and
blocking a node of the one or more nodes from sending traffic in response to the reputation score for that node being below a predetermined threshold;
wherein the reputation score is calculated by;
Reputation Score=Σ
i=1nValuei+(Recoveryi*[Timecurrent−
Timei])where;
n is the number of events identified during the identifying;
Valuei is an initial relative impact of the type of traffic of an ith event on the reputation score, where Valuei is different for at least two different values of i;
Recoveryi is a constant for the type of traffic of the ith event, wherein the Recovery for at least one event is non-zero, and the recovery for at least one other event is zero;
Timecurrent is a time value based on a current time;
Timei is a time value based on a time of the ith event.
1 Assignment
0 Petitions
Accused Products
Abstract
An example method can include monitoring a network to identify flows between nodes in the network. Once flows have been identified, the flows can be tagged and labelled according to the type of traffic they represent. If a flow represents malicious or otherwise undesirable traffic, it can be tagged accordingly. A request can then be made for a reputation score of an entity which can identify one or more nodes of the network.
5 Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
identifying a type of traffic for one or more flows associated with one or more nodes; determining a reputation score of one or more nodes based on the type of traffic through the one or more nodes; and blocking a node of the one or more nodes from sending traffic in response to the reputation score for that node being below a predetermined threshold; wherein the reputation score is calculated by;
Reputation Score=Σ
i=1nValuei+(Recoveryi*[Timecurrent−
Timei])where; n is the number of events identified during the identifying; Valuei is an initial relative impact of the type of traffic of an ith event on the reputation score, where Valuei is different for at least two different values of i; Recoveryi is a constant for the type of traffic of the ith event, wherein the Recovery for at least one event is non-zero, and the recovery for at least one other event is zero; Timecurrent is a time value based on a current time; Timei is a time value based on a time of the ith event. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer readable media storing instructions which when executed by a system cause the system to perform operations comprising:
-
identifying a type of traffic for one or more flows associated with one or more nodes; determining a reputation score of one or more nodes based on the type of traffic through the one or more nodes; and blocking a node of the one or more nodes from sending traffic in response to the reputation score for that node being below a predetermined threshold; wherein the reputation score is calculated by;
Reputation Score=Σ
i=1nValuei+(Recoveryi*[Timecurrent−
Timei])where; n is the number of events identified during the identifying; Valuei is an initial relative impact of the type of traffic of an ith event on the reputation score, where Valuei is different for at least two different values of i; Recoveryi is a constant for the type of traffic of the ith event, wherein the Recovery for at least one event is non-zero, and the recovery for at least one other event is zero; Timecurrent is a time value based on a current time; Timei is a time value based on a time of the ith event. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system, comprising:
-
a computer readable media storing instructions; a processor programmed to execute the instructions to perform operations comprising; identifying a type of traffic for one or more flows associated with one or more; determining a reputation score of one or more nodes based on the type of traffic through the one or more nodes; and blocking a node of the one or more nodes from sending traffic in response to the reputation score for that node being below a predetermined threshold; wherein the reputation score is calculated by;
Reputation Score=Σ
i=1nValuei+(Recoveryi*[Timecurrent−
Timei])where; n is the number of events identified during the identifying; Valuei is an initial relative impact of the type of traffic of an ith event on the reputation score, where Valuei is different for at least two different values of i; Recoveryi is a constant for the type of traffic of the ith event, wherein the Recovery for at least one event is non-zero, and the recovery for at least one other event is zero; Timecurrent is a time value based on a current time; Timei is a time value based on a time of the ith event. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification