| 发明名称 | Identifying malicious devices within a computer network | ||
| 摘要 | This disclosure describes techniques for proactively identifying possible attackers based on a profile of a device. For example, a device includes one or more processors and network interface cards to receive, from a remote device, network traffic directed to one or more computing devices protected by the device, determine, based on content of the network traffic, a first set of data points for the device, send a response to the remote device to ascertain a second set of data points for the device, and receive, from the remote device, at least a portion of the second set of data points. The device also includes a security module operable by the processors to determine a maliciousness rating, and selectively manage, based on the maliciousness rating, additional network traffic directed to the one or more computing devices protected by the security device and received from the remote device. | ||
| 申请公布号 | US9258328(B2) | 申请公布日期 | 2016.02.09 |
| 申请号 | US201514689255 | 申请日期 | 2015.04.17 |
| 申请人 | Juniper Networks, Inc. | 发明人 | Ibatullin Oskar;Adams Kyle;Quinlan Daniel J. |
| 分类号 | H04L29/06;G06F21/55;H04L29/08 | 主分类号 | H04L29/06 |
| 代理机构 | Shumaker & Sieffert, P.A. | 代理人 | Shumaker & Sieffert, P.A. |
| 主权项 | 1. A method comprising: receiving, by a security device, from a device, network traffic directed to one or more computing devices protected by the security device; determining, based on content of the network traffic, a first set of data points for the device, the first set of data points specifying characteristics of a software application executing at the device; sending, by the security device, a response to the device to ascertain a second set of data points for the device, the second set of data points including characteristics of an operating environment provided by and local to the device; receiving, by the security device and from the device, at least a portion of the second set of data points; determining whether the received portion of the second set of data points and the first set of data points include inconsistent information; determining, based on the inconsistent information, a maliciousness rating for the device, wherein the maliciousness rating indicates an increased likelihood that the device is malicious in response to determining that the received portion of the second set of data points and the first set of data points include inconsistent information and a decreased likelihood that the device is malicious in response to determining that the received portion of the second set of data points and the first set of data points include consistent information; and selectively managing, based on the maliciousness rating, additional network traffic directed to the one or more computing devices protected by the security device and received from the device. | ||
| 地址 | Sunnyvale CA US | ||