Predicting network activities associated with a given site
Abstract
A method predicting a network activity associated with a given network site is provided. The method can include receiving a request to predict a probability of network activity associated with the network site, analyzing historical data associated with the network site, and, based on the analysis, determining the probability of the network activity in future. The method can further include monitoring the network site, ascertaining evidence associated with the network activity, and, based on the evidence, adjusting treatment of the network site. Additionally, the method can include comparing the probability to a predetermined threshold probability and, based on the comparison, selectively taking an action concerning the network site.
Claims
exact text as granted — not AI-modified1 .- 20 . (canceled)
21 . A computer-implemented method for predicting a network activity associated with a network site, the method comprising:
receiving a request from an interested party to predict a probability of the network activity associated with the network site, the network activity comprising any of malicious and attack activity, and in response to the request: generating an initial probability, at least in part based on:
(i) analyzing historical data associated with the network site, the historical data including one or more past network activities associated with the network site; and,
(ii) one or more environmental parameters including at least one of: a name of a domain associated with the network site, an association with a further network site, a correlation between the network site and the further network site, a malware risk associated with the network site, an activity associated with the network site, and a speed of network traffic;
in response to generation of the initial probability, conducting monitoring of the network site for a particular time period to obtain evidence of network activity; based on the evidence, taking a first action selected from the group of actions that is:
(a) confirming the initial probability to produce a determined probability, and
(b) adjusting the initial probability to produce a determined probability;
comparing any of the determined probability to a threshold probability; and, based on the comparison, selectively taking a second action concerning the network site.
22 . The method of claim 21 , wherein the particular time period is a predefined period of time
23 . The method of claim 21 , wherein the particular time period is dynamically adjusted by the computer during said monitoring.
24 . The method of claim 21 , wherein the particular time period is configured by the interested party
25 . The method of claim 21 , wherein said generating an initial probability comprises:
(i) generating a first probability based on analyzing historical data associated the network site, the historical data including one or more past network activities associated with the network site; and, (ii) adjusting the second probability to product the initial probability, said adjustment based at least in part on one or more environmental parameters including at least one of a name of a domain associated with the network site, an association with a further network site, a correlation between the network site and the further network site, a malware risk associated with the network site, an activity associated with the network site, and a speed of network traffic;
26 . The method of claim 21 , wherein the interested party is any of: a service provider and an enterprise.
27 . The method of claim 21 , wherein the second action includes at least one of reporting the determined probability, warning the interested party, performing a further investigation of the network site, blocking the network site, and redirecting network traffic associated with the network site.
28 . The method of claim 27 , wherein the reporting includes at least one of providing a graphic representation of attributes associated with the network activity and presenting a report to the interested party.
29 . The method of claim 28 , wherein the attributes include at least one of: the confirmation and the evidence gathered from said monitoring.
30 . The method of claim 29 , wherein any of the confirmation and the evidence relates to at least one of: spamming, a Distributed Denial of Service (DDoS) attack, a Domain Name Service (DNS) Amplification DDoS attack, a subdomain DDoS attack, traffic shaping, traffic redirection, interstitial activity, file downloading, association with further network sites, and synchronization time with the further network sites.
31 . The method of claim 21 , wherein said monitoring comprises monitoring at least one of: requests, messages, logins, and misdirected queries to the network site.
32 . The method of claim 21 , wherein the evidence comprises actions performed on behalf of the network site.
33 . A machine-readable non-transitory medium comprising instructions, which when implemented by one or more processors, perform the following operations:
receiving a request from an interested party to predict a probability of the network activity associated with the network site, the network activity comprising any of malicious and attack activity, and in response to the request: generating an initial probability, at least in part based on:
(i) analyzing historical data associated with the network site, the historical data including one or more past network activities associated with the network site; and,
(ii) one or more environmental parameters including at least one of: a name of a domain associated with the network site, an association with a further network site, a correlation between the network site and the further network site, a malware risk associated with the network site, an activity associated with the network site, and a speed of network traffic;
in response to generation of the initial probability, conducting monitoring of the network site for a particular time period to obtain evidence of network activity; based on the evidence, taking a first action selected from the group of actions that is:
(a) confirming the initial probability to produce a determined probability, and
(b) adjusting the initial probability to produce a determined probability;
comparing any of the determined probability to a threshold probability; and, based on the comparison, selectively taking a second action concerning the network site.
34 . The method of claim 21 , wherein the particular time period is a predefined period of time
35 . The machine readable non-transitory medium of claim 33 , wherein the particular time period is dynamically adjusted by the computer during said monitoring.
36 . The machine readable non-transitory medium of claim 33 , wherein the particular time period is configured by the interested party
37 . The machine readable non-transitory medium of claim 33 , wherein the interested party is any of: a service provider and an enterprise.
38 . The machine readable non-transitory medium of claim 33 , wherein the second action includes at least one of reporting the determined probability, warning the interested party, performing a further investigation of the network site, blocking the network site, and redirecting network traffic associated with the network site.
39 . The method of claim 38 , wherein any of the confirmation and the evidence relates to at least one of: spamming, a Distributed Denial of Service (DDoS) attack, a Domain Name Service (DNS) Amplification DDoS attack, a subdomain DDoS attack, traffic shaping, traffic redirection, interstitial activity, file downloading, association with further network sites, and synchronization time with the further network sites.
40 . The machine readable non-transitory medium of claim 33 , wherein said monitoring comprises monitoring at least one of: requests, messages, logins, and misdirected queries to the network site.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.