| 发明名称 | Method and system for tracking machines on a network using fuzzy guid technology | ||
| 摘要 | A method for querying a knowledgebase of malicious hosts numbered from 1 through N. The method includes providing a network of computers, which has a plurality of unknown malicious host machines. In a specific embodiment, the malicious host machines are disposed throughout the network of computers, which includes a worldwide network of computers, e.g., Internet. The method includes querying a knowledge base including a plurality of known malicious hosts, which are numbered from 1 through N, where N is an integer greater than 1. In a preferred embodiment, the knowledge base is coupled to the network of computers. The method includes receiving first information associated with an unknown host from the network; identifying an unknown host and querying the knowledge base to determine if the unknown host is one of the known malicious hosts in the knowledge base. The method also includes outputting second information associated with the unknown host based upon the querying process. | ||
| 申请公布号 | US9449168(B2) | 申请公布日期 | 2016.09.20 |
| 申请号 | US201414298823 | 申请日期 | 2014.06.06 |
| 申请人 | THREATMETRIX PTY LTD | 发明人 | Thomas Scott;Jones David G. |
| 分类号 | G06F21/00;G06F21/50;H04L29/06;G06F21/55 | 主分类号 | G06F21/00 |
| 代理机构 | Alston & Bird LLP | 代理人 | Alston & Bird LLP |
| 主权项 | 1. A method tracking machines on a network of computers, the method comprising: identifying a malicious host coupled to the network of computers; determining a first IP address and one or more first attributes associated with the malicious host during a first time period, wherein the one or more first attributes includes first behavior information associated with the malicious host during the first time period; classifying the malicious host to be in a determined state; determining that the malicious host is in a latent state during a second time periods; identifying an unknown host during the second time period when the malicious host is in the latent state, the unknown host being associated with a second IP address and one or more second attributes, wherein the one or more second attributes includes second behavior information associated with the unknown host during the second time period; processing the second IP address and the one or more second attributes of the unknown host with the first IP address and the one or more first attributes of the malicious host; and determining if the unknown host is the malicious host based on results of the processing of the second IP address and the one or more second attributes of the unknown host with the first IP address and the one or more first attributes of the malicious host. | ||
| 地址 | Chatswood NSW AU | ||