Patent · US Active

Methods and apparatus for detecting suspicious network activity by new devices

US10367835B1 · kind B1 · utility

4Cited by

1References

20Claims

0Family size

Assignee

EMC IP Holding Company LLC · US

Inventors

Kineret Raviv · Herzliya, IL
Dan Karpati · Even Yehuda, IL
Eyal Kolman · Nes Ziona, IL
Ofri Mann · Nes Ziona, IL
Alon Kaufman · Herut, IL

Key dates

Filing date	Jun 24, 2016
Grant date	Jul 30, 2019
Priority date	—
Expiry date	Dec 2, 2036

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/102
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Methods and apparatus are provided for detecting suspicious network activity by new devices. An exemplary method comprises: obtaining network event data for a given entity that comprises a user or a user device; determining a number of distinct other entities associated with the given entity during a predefined short time window, wherein the distinct other entities comprise user devices used by the user if the given entity comprises a user and comprise users of the user device if the given entity comprises a user device; determining a number of distinct other entities associated with the given entity during a predefined longer time window; and assigning a risk score to the given entity based on (i) the number during the predefined short time window relative to the number during the predefined longer time window, and/or (ii) the number during the predefined short time window relative to a predefined number.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.