| 发明名称 | IP reputation | ||
| 摘要 | Systems and methods are presented for generating a threat score and a usage score of each of a plurality of IP addresses. The threat score may be determined based on quantity of occurrences and recency of each occurrence of an IP address in network alert datasets, in addition to a weighting factor for each data source indicating the accuracy of the data source. | ||
| 申请公布号 | US8832832(B1) | 申请公布日期 | 2014.09.09 |
| 申请号 | US201414147402 | 申请日期 | 2014.01.03 |
| 申请人 | Palantir Technologies Inc. | 发明人 | Visbal Alexander |
| 分类号 | G06F21/00;H04L29/06 | 主分类号 | G06F21/00 |
| 代理机构 | Knobbe, Martens, Olson & Bear, LLP | 代理人 | Knobbe, Martens, Olson & Bear, LLP |
| 主权项 | 1. A computer system comprising: one or more computer processors; and a tangible storage device storing one or more modules configured for execution by the one or more computer processors in order to cause the computer system to: determine an IP address for which a threat score is to be determined;access network alert datasets from each of one or more data sources, the data source comprising a computing system connected to a network and the data source has access to originating IP addresses that correspond to a communication protocol of the network, and wherein the network alert datasets comprise: a plurality of recorded network threat events, date and time of each of the plurality of recorded network threat events, an originating IP address for each of the plurality of recorded network threat events, and an event type of each of the plurality of recorded network threat events;determine which of the network alert datasets includes one or more occurrences of the IP address, wherein each occurrence indicates a threat by the IP address;for each of the data sources for which the IP address is a member of the corresponding network alert dataset: determine a quantity of occurrences of the IP address in the network alert dataset;determine a recency of each occurrence of the IP address in the network alert dataset, wherein recency is determined based at least in part on an amount of time between respective occurrences of the IP address in the network alert dataset and a current time, and wherein recency is further determined based at least in part on a cumulative calculation of the amount of time between respective occurrences of the IP address in the network alert dataset and the current time;determine a weighting factor for each of the data sources indicating a likelihood that a perceived threat of the IP address in the network alert dataset is an actual threat, wherein the likelihood is based at least in part on historical data of past threat events for the respective data source of the IP address in the network alert dataset; anddetermine the threat score for the IP address based at least on the determined quantity of occurrences, the recency of occurrences, and the weighting factor for each of the data sources. | ||
| 地址 | Palo Alto CA US | ||