Graph prioritization for improving precision of threat propagation algorithms
US10523691B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jan 6, 2017 |
| Grant date | Dec 31, 2019 |
| Priority date | — |
| Expiry date | Apr 30, 2037 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/146
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Systems described herein preemptively detect newly registered network domains that are likely to be malicious before network behavior of the domains is actually observed. A network security device (e.g., a router) receives domain registration data that associates network domains with keys and generating a graph representing the domain registration data. Each edge of the graph connects a vertex representing a domain and a vertex representing a registration attribute (e.g., a registrant email address). The network security device identifies a connected component of the graph that meets a graph robustness threshold. The network security device determines whether a domain of the connected component whose behavior has not yet been observed is malicious using a predictive model based on existing maliciousness labels for other domains of the connected component.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.