Rating network security posture and comparing network maliciousness

Assignee

• THE REGENTS OF THE UNIVERSITY OF MICHIGAN · US

Inventors

• Mingyan Liu · Bourg-la-Reine, FR
• Michael Bailey · Ypsilanti, US
• Manish Karir · Ann Arbor, US
• Yang Liu · Nanhu, CN
• Jing Zhang · Shanghai, CN

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L61/5007
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Embodiments are disclosed for profiling network-level malicious activity. Profiling embodiments include observing malicious activity, representing such activity in accordance with a set of representative features, capturing temporal evolution of this malicious behavior and its dynamics, and using this temporal evolution to reveal key risk related properties of these networks. Embodiments are further disclosed addressing the connectedness of various networks and similarity in network-level maliciousness. Embodiments directed to similarity analyses include focusing on the notion of similarity—a quantitative measure of the extent to which the dynamic evolutions of malicious activities from two networks are alike, and mapping this behavioral similarity to their similarity in certain spatial features, which includes their relative proximity to each other and may be used to help predict the future maliciousness of a particular network. The embodiments described may be applicable to various network aggregation levels.