Reduction of false positive reputations through collection of overrides from customer deployments
US7953969B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Aug 17, 2007 |
| Grant date | May 31, 2011 |
| Priority date | — |
| Expiry date | Mar 30, 2030 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/144
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
An automated arrangement for reducing the occurrence and/or minimizing the impact of false positives by a reputation service is provided in which overrides for a reputation of an adversary are reported to a reputation service from security devices, such as unified threat management systems, deployed in enterprise or consumer networks. An override is typically performed by an administrator at a customer network to allow the security device to accept traffic from, or send traffic to a given IP address or URL. Such connectivity is allowed—even if such objects have a blacklisted reputation provided by a reputation service—in cases where the administrator recognizes that the blacklisted reputation is a false positive. The reputation service uses the reported overrides to adjust the fidelity (i.e., a confidence level) of that object's reputation, and then provides an updated reputation, which reflects the fidelity adjustment, to all the security devices that use the reputation service.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.