US2020344246A1PendingUtilityA1
Apparatus, system and method for identifying and mitigating malicious network threats
Assignee: LEVEL 3 COMMUNICATIONS LLCPriority: Sep 28, 2012Filed: Jul 14, 2020Published: Oct 29, 2020
Est. expirySep 28, 2032(~6.2 yrs left)· nominal 20-yr term from priority
H04L 2463/142G06F 21/55H04L 63/1408H04L 63/1441H04L 2463/144
57
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
Implementations of the present disclosure involve a system and/or method for identifying and mitigating malicious network threats. Network data associated is retrieved from various sources across a network and analyzed to identify a malicious network threat. When a threat is found, the system performs a mitigating action to neutralize the malicious network threat
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method for identifying malicious threats on a network comprising:
retrieving a network data associated with at least one of an IP address or a domain, wherein the network data comprises information indicating an amount of data transceived by at least one element of the network; analyzing the network data to identify a malicious network threat, including identifying a bot command computer by tracing at least some of the data transceived by the at least one element of the network; and causing a mitigating action to be performed to neutralize the malicious network threat.
2 . The method of claim 1 , wherein the network data is retrieved from an edge router.
3 . The method of claim 2 , further comprising measuring a rate of data transceived by the edge router at a measurement aggregator module logically connected to an edge router interface.
4 . The method of claim 3 , wherein the network data comprises data from a border gateway protocol table associated with a primary computer network's connectivity relationships with at least one secondary network.
5 . The method of claim 1 , further comprising:
normalizing the network data to a standard format; supplementing the network data with at least one tag that identifies the network activity data; storing the network data in a database; weighing the network data according to a threat associated with the data; and generating a risk score for the weighted data.
6 . The method of claim 5 , wherein the risk score is generated by:
comparing a new activity at the IP address or the domain to a past activity at the IP address or the domain; determining whether the new activity fits a profile for a malicious IP address or domain; correlating the risk score with a previous malicious threat; and adjust the risk score according to the correlation.
7 . The method of claim 6 , further comprising predicting a network based attack according at least the risk score.
8 . The method of claim 1 , wherein the mitigating action comprises at least one of a null routing the malicious network threat, adjusting an access control list (ACL) to block the malicious network threat, publishing a list identifying a bad actor committing the malicious network threat, or logically separating the IP address or domain from a network.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.