Methods and apparatus to identify an internet protocol address blacklist boundary
US10193900B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jul 7, 2015 |
| Grant date | Jan 29, 2019 |
| Priority date | — |
| Expiry date | Dec 20, 2035 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/146
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Methods, apparatus, systems and articles of manufacture are disclosed to identify candidate boundaries of Internet protocol addresses associated with a malicious Internet protocol address. An example method includes collecting, with a processor, netflow data associated with the Internet protocol addresses within a netblock having a lower boundary Internet protocol address and an upper boundary Internet protocol address, generating, with the processor, a first window of Internet protocol addresses numerically lower than the malicious Internet protocol address, generating, with the processor, a second window of Internet protocol addresses numerically higher than the malicious Internet protocol address, for respective Internet protocol addresses in the first and second windows, calculating, with the processor, occurrence counts associated with behavior features, and identifying candidate boundaries within the netblock based on divergence values caused by the behavior features.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.