Patent · US Active

Detecting botnets

US11824891B2 · kind B2 · utility

0Cited by

6References

21Claims

0Family size

Assignee

Cujo LLC · US

Inventors

Leonardas Marozas · Vilnius, LT
Filip Savin · Vilnius, LT
Matteo Cafasso · Torino, IT
Santeri Kangas · Kirkkonummi, FI
Sean Tiernan · El Segundo, US

Key dates

Filing date	Feb 15, 2021
Grant date	Nov 21, 2023
Priority date	—
Expiry date	May 16, 2041

Classification

Technology area (CPC H)Electricity
CPC primaryH04L2463/144
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A network apparatus maintains a data repository comprising network traffic data related to a plurality of user devices, the network traffic data being collected from a plurality of Network Service Providers (NSPs). A subset of the plurality of user devices are detected to be communicating with one or more same endpoint devices based on analysing the network traffic data. A number of historical connections between each user device of the subset of the plurality of user devices and the one or more endpoint devices is determined based on analysing historical connection data maintained in the data repository, and in response to detecting that the number of historical connections between the subset of the plurality of user devices and the one or more endpoint devices exceeds a predetermined threshold, the one or more endpoint devices are identified as a suspected botnet.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.