Patent · US Active

Methods and apparatus to identify an internet protocol address blacklist boundary

US9083730B2 · kind B2 · utility

3Cited by

9References

19Claims

0Family size

Assignee

AT&T Intellectual Property I, L.P. · US

Inventors

Baris Coskun · Glen Rock, US
Suhrid Balakrishnan · Scotch Plains, US
Suhas Mathur · Piscataway, US

Key dates

Filing date	Dec 6, 2013
Grant date	Jul 14, 2015
Priority date	—
Expiry date	Jan 6, 2034

Classification

Technology area (CPC H)Electricity
CPC primaryH04L2463/146
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Methods, apparatus, systems and articles of manufacture are disclosed to identify an Internet protocol address blacklist boundary. An example method includes identifying a netblock associated with a malicious Internet protocol address, the netblock having a lower boundary and an upper boundary, collecting netflow data associated with a plurality of Internet protocol addresses in the netblock, establishing a first window associated with a lower portion of Internet protocol addresses numerically lower than a candidate Internet protocol address, establishing a second window associated with an upper portion of Internet protocol addresses numerically higher than a candidate Internet protocol address, calculating a breakpoint score based on a comparison between a behavioral profile of the first window and a behavioral profile of the second window, and identifying a first sub-netblock when the breakpoint score exceeds a threshold value.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.