Non-protocol specific system and method for classifying suspect IP addresses as sources of non-targeted attacks on cloud based machines

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Royi Ronen · Nes Ziona, IL
• Hani Hana Neuvirth · Redmond, US
• Tomer Koren · Nes Ziona, IL
• Omer Karin · Tel Aviv-Yafo, IL

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L67/10
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A system for detecting a non-targeted attack by a first machine on a second machine is provided. The system includes an application that includes instructions configured to: extract network data corresponding to traffic flow between the first and second machines, where the second machine is implemented in a cloud-based network; identify a first suspect external IP address based on the network data; calculate features for the first suspect external IP address, where the features include exploration type features and exploitation type features; train a classifier based on predetermined examples and the features to generate and update a model; classify the first suspect external IP address based on the model and at least some of the features; and perform a countermeasure if a classification provided from classifying the first suspect external IP address indicates that the first suspect external IP address is associated with a malicious attack on the second machine.