Method and system for uniquely identifying a user computer in real time for security violations using a plurality of processing parameters and servers

摘要

A method is provided for identifying a compromised client device from a masquerading device. The method includes capturing a plurality of attributes from a network device connecting to a web service. In a specific embodiment, each of the attributes represents a parameter, and the plurality of parameters uniquely identifying the network device from a plurality of other networks devices. The method maintains the network device substantially free from any software programs associated with the capturing of the plurality of attributes. That is, in a specific embodiment, the method does not rely on installing executable code in the network device to capture the attributes. Based on information associated with the attributes, the method can determine if the network device is compromised.

主权项

1. A method for identifying a network device, the method comprising:
capturing, by a hardware processor of one or more servers, a plurality of attributes from the network device being connected to a web service, the plurality of attributes uniquely identifying the network device from a plurality of networks devices; maintaining the network device free from any software programs associated with the capturing of the plurality of attributes; determining, by the hardware processor, a device identifier based on a programmatic transformation of the plurality of attributes captured from the network device, wherein at least a subset of the plurality of attributes are related to one or more of ID information, network information, location information, device information, browser information, site information, or time information associated with the network device; capturing, by the hardware processor, a plurality of second attributes from a second network device being connected to the web service; determining, by the hardware processor, a second device identifier based on a programmatic transformation of the plurality of second attributes captured from the second network device; determining, by the hardware processor, if the network device is compromised based on a comparison of the device identifier and the second device identifier; and determining, by the hardware processor, a classification of the network device based on the device identifier.