| 发明名称 |
Determining populated IP addresses |
| 摘要 |
A service log of a service provider is analyzed to identify IP addresses used by account holders that are populated IP addresses. Existing information about legitimate and malicious accounts of the service provider is leveraged to determine likely good and bad populated IP addresses based on the accounts that use the populated IP addresses. Features of the good and bad populated IP addresses are used to train a classifier that can identify good and bad populated IP addresses based on features of the populated IP addresses. The classifier may be used to provide security services to the same service provider or different service providers. The services include identifying malicious accounts. |
| 申请公布号 |
US9148434(B2) |
申请公布日期 |
2015.09.29 |
| 申请号 |
US201213528862 |
申请日期 |
2012.06.21 |
| 申请人 |
MICROSOFT TECHNOLOGY LICENSING, LLC |
发明人 |
Yu Fang;Xie Yinglian;Hong Chi-Yao |
| 分类号 |
G06F15/173;H04L29/06;G06F21/57 |
主分类号 |
G06F15/173 |
| 代理机构 |
|
代理人 |
Akhter Julie Kane;Johnston-Holmes Danielle;Minhas Micky |
| 主权项 |
1. A method comprising:
receiving a service log from a service provider at a computing device, wherein the service log comprises a plurality of service requests and each service request is associated with an IP address of a plurality of IP addresses and an account of a plurality of accounts; determining IP addresses of the IP addresses associated with the plurality of service requests that are populated IP addresses by the computing device; determining a first subset of the determined populated IP addresses that are trusted based on the accounts of the service requests associated with the populated IP addresses in the service log by the computing device, the determining comprising:
receiving identifiers of legitimate accounts from the service provider; andfor each populated IP address, determining if the populated IP address is associated with an account that is a legitimate account more than a first threshold percentage, and if so, determining the populated IP address is trusted; determining a second subset of the determined populated IP addresses that are not trusted based on the accounts of the service requests associated with the populated IP addresses in the service log by the computing device; determining one or more features for each of the populated IP addresses in the first subset and the second subset by the computing device; and training a classifier using the determined one or more features of the populated IP addresses in the first and second subset. |
| 地址 |
Redmond WA US |
