| 发明名称 | System and method for evaluating network threats and usage | ||
| 摘要 | Systems and methods are presented for generating a threat score and a usage score of each of a plurality of IP addresses. The threat score may be determined based on quantity of occurrences and recency of each occurrence of an IP address in network alert datasets, in addition to a weighting factor for each data source indicating the accuracy of the data source. | ||
| 申请公布号 | US9560066(B2) | 申请公布日期 | 2017.01.31 |
| 申请号 | US201514816748 | 申请日期 | 2015.08.03 |
| 申请人 | PALANTIR TECHNOLOGIES INC. | 发明人 | Visbal Alexander |
| 分类号 | G06F21/00;H04L29/06 | 主分类号 | G06F21/00 |
| 代理机构 | Knobbe, Martens, Olson & Bear, LLP | 代理人 | Knobbe, Martens, Olson & Bear, LLP |
| 主权项 | 1. A system for detecting computer network threats, the system comprising: one or more computer hardware processors that execute specific code instructions to cause the system to at least: receive a network address from a first data source, the first data source comprising a computing system connected to a network, the computing system configured to receive network traffic;determine a threat indicator for the network address, wherein the threat indicator indicates a risk level associated with the network address, and wherein the threat indicator is based at least in part on: a quantity of occurrences of the network address in the first data source,a cumulative time between respective occurrences of the network address in the first data source and a first time, anda likelihood that a perceived threat of the network address is an actual threat, wherein the likelihood is based at least in part on historical data of past threat events from the first data source; andprovide the threat indicator to an entity device, wherein the entity device is configured to block the network address based at least in part on the threat indicator. | ||
| 地址 | Palo Alto CA US | ||