Reputation and confidence scoring for network identifiers based on network telemetry

Assignee

• AMAZON TECHNOLOGIES, INC. · US

Inventors

• Wayne Alan Fullen · Falls Church, US
• Patrick Collard · Arlington, US
• William Kupersanin · Pasadena, US
• Michael Lowney · Arlington, US
• Jared Sylvester · Ellicott City, US
• Catherine Watkins · Baltimore, US
• Stephen Goodman · Owings Mills, US
• Ravi Karnam · Novi, US
• Jacob Nguyen · Annandale, US
• Luke Kenneth Schubert · Edgewater, US
• Elisabeth Margaret Nagy · Dover, US
• Evripidis Paraskevas · Royal Oak, US
• John Schweitzer · Virginia Beach, US
• Sai Srinivas Vemula · Frederick, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/166
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Described are systems and methods for determining a reputation score and/or a confidence score for a network identifier that represents, respectively, a likelihood that the network identifier presents a threat and/or a likelihood that the network activity associated with the network identifier corresponds to a port scanning, enumeration, or other malicious event. Embodiments of the present disclosure can utilize various network telemetry information, such as authentication activity, outbound traffic activity, web activity, honeypot connection activity, or network classification information to determine the reputation and/or confidence scores in response to a query/request and/or in connection with potentially malicious activity that can represent a likelihood that the detected potentially malicious activity is malicious/legitimate and the potential impact that remediation measures taken against the network identifier may have in the event that the detected network activity was legitimate.