Communication-based reputation system
First Claim
Patent Images
1. A computer-implemented method of providing security against a first entity that communicates with a host, the method comprising:
- identifying reputation information indicating reputations of second entities that communicate with the host;
generating a host reputation score indicating a reputation of the host based on the reputation information indicating reputations of the second entities that communicate with the host;
generating, by a computer, an entity reputation score indicating a likelihood that the first entity that communicates with the host is malware based on the host reputation score indicating the reputation of the host, the first entity comprising a file or software application that communicates with the host when executing on a first client;
and transmitting the entity reputation score to the first client for malware remediation.
2 Assignments
0 Petitions
Accused Products
Abstract
A communication between an entity and a host is identified. Reputation information associated with a set of other entities that communicate with the host is identified. A reputation score associated with the host is generated based on the reputation information associated with a set of other entities. A reputation score associated with the entity is generated based on the reputation score associated with the host.
102 Citations
19 Claims
-
1. A computer-implemented method of providing security against a first entity that communicates with a host, the method comprising:
-
identifying reputation information indicating reputations of second entities that communicate with the host; generating a host reputation score indicating a reputation of the host based on the reputation information indicating reputations of the second entities that communicate with the host; generating, by a computer, an entity reputation score indicating a likelihood that the first entity that communicates with the host is malware based on the host reputation score indicating the reputation of the host, the first entity comprising a file or software application that communicates with the host when executing on a first client; and transmitting the entity reputation score to the first client for malware remediation. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable storage medium encoded with executable computer program code for computer security, the program code comprising program code for:
-
identifying, at a first client, a communication between a first entity and a host that the first entity communicates with, the first entity comprising a file or software application that communicates with the host when executing on a first client; transmitting, to at least one server, information identifying the entity and the host; receiving, from the at least one server, an entity reputation score indicating a likelihood that the entity is malware, the entity reputation score determined by; identifying reputation information indicating reputations of second entities that communicate with the host; generating a host reputation score indicating a reputation of the host based on the reputation information indicating reputations of the second entities that communicate with the host; and generating the entity reputation score indicating the likelihood that the first entity is malware based on the host reputation score indicating the reputation of the host; and remediating the first client responsive to determining that the entity reputation score indicates that the first entity has a high likelihood of containing malware. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A computer system for providing security against a first entity that communicates with a host, the computer system comprising:
-
a hardware processor; and a memory storing instructions that are executable by the hardware processor to; identify reputation information indicating reputations of second entities that communicate with the host; generate a host reputation score indicating a reputation of the host based on the reputation information indicating reputations of the second entities that communicate with the host; generate an entity reputation score indicating a likelihood that the first entity that communicates with the host is malware based on the host reputation score indicating the reputation of the host, the first entity comprising a file or software application that communicates with the host when executing on a first client; and transmit the entity reputation score to the first client for malware remediation. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
Specification