IN2015DN01085A - - Google Patents

Info

Publication number
IN2015DN01085A
IN2015DN01085A IN1085DEN2015A IN2015DN01085A IN 2015DN01085 A IN2015DN01085 A IN 2015DN01085A IN 1085DEN2015 A IN1085DEN2015 A IN 1085DEN2015A IN 2015DN01085 A IN2015DN01085 A IN 2015DN01085A
Authority
IN
India
Prior art keywords
cluster
host
flow data
network flow
hosts
Prior art date
Application number
Inventor
Akshay Vashist
Yitzchak M Gottlieb
Abhrajit Ghosh
Yukiko Sawaya
Ayumu Kubota
Original Assignee
Telcordia Tech Inc
Kddi Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telcordia Tech Inc, Kddi Corp filed Critical Telcordia Tech Inc
Publication of IN2015DN01085A publication Critical patent/IN2015DN01085A/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/212Monitoring or handling of messages using filtering or selective blocking

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A system and method for spammer host detection from network flow data profiles comprises constructing one or more cluster profiles and detecting spammer hosts. Construction cluster profiles comprises observing network flow data from one or more hosts; for each host representing the network flow data associated with the host as a multidimensional vector; clustering the vectors of the hosts into the plurality of cluster profiles; annotating each cluster profile using at least one of black lists and white lists; and calculating a confidence in each cluster profile annotation. Detecting spammer hosts comprises observing the network flow data from a new host; representing the network flow data associated with the new host as a multidimensional vector and placing the new multidimensional vector of the new host into one cluster profile of the one or more cluster profiles.
IN1085DEN2015 2012-07-12 2013-07-10 IN2015DN01085A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US13/547,174 US8769677B2 (en) 2012-07-12 2012-07-12 System and method for spammer host detection from network flow data profiles
PCT/US2013/049964 WO2014011799A1 (en) 2012-07-12 2013-07-10 System and method for spammer host detection from network flow data profiles

Publications (1)

Publication Number Publication Date
IN2015DN01085A true IN2015DN01085A (en) 2015-06-26

Family

ID=49915194

Family Applications (1)

Application Number Title Priority Date Filing Date
IN1085DEN2015 IN2015DN01085A (en) 2012-07-12 2013-07-10

Country Status (5)

Country Link
US (1) US8769677B2 (en)
EP (1) EP2873217A4 (en)
JP (1) JP6053568B2 (en)
IN (1) IN2015DN01085A (en)
WO (1) WO2014011799A1 (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9959147B2 (en) 2010-01-13 2018-05-01 Vmware, Inc. Cluster configuration through host ranking
US8799418B2 (en) * 2010-01-13 2014-08-05 Vmware, Inc. Cluster configuration
US9135570B2 (en) * 2012-02-22 2015-09-15 Vencore Labs, Inc. Active acquisition of privileged information
US9794278B1 (en) * 2013-12-19 2017-10-17 Symantec Corporation Network-based whitelisting approach for critical systems
US9917751B2 (en) * 2015-06-01 2018-03-13 Lightbend, Inc. Hierarchical service oriented application topology generation for a network
US9954804B2 (en) 2015-07-30 2018-04-24 International Business Machines Coporation Method and system for preemptive harvesting of spam messages
US10397256B2 (en) 2016-06-13 2019-08-27 Microsoft Technology Licensing, Llc Spam classification system based on network flow data
EP3358541B1 (en) * 2017-02-01 2019-07-17 Kapsch TrafficCom AG A method of predicting a traffic behaviour in a road system
US10460101B2 (en) * 2017-06-06 2019-10-29 Microsoft Technology Licensing, Llc Enriching netflow data with passive DNS data for botnet detection
CN113556308B (en) * 2020-04-23 2022-09-30 深信服科技股份有限公司 Method, system, equipment and computer storage medium for detecting flow security

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060015942A1 (en) * 2002-03-08 2006-01-19 Ciphertrust, Inc. Systems and methods for classification of messaging entities
US7949716B2 (en) * 2007-01-24 2011-05-24 Mcafee, Inc. Correlation and analysis of entity attributes
US20090089244A1 (en) 2007-09-27 2009-04-02 Yahoo! Inc. Method of detecting spam hosts based on clustering the host graph
US20090089285A1 (en) 2007-09-28 2009-04-02 Yahoo! Inc. Method of detecting spam hosts based on propagating prediction labels
US20090089373A1 (en) 2007-09-28 2009-04-02 Yahoo! Inc. System and method for identifying spam hosts using stacked graphical learning
US8745731B2 (en) 2008-04-03 2014-06-03 Microsoft Corporation Clustering botnet behavior using parameterized models
JP2009302823A (en) * 2008-06-12 2009-12-24 Nec Biglobe Ltd E-mail system, e-mail transfer method and program
US8170966B1 (en) * 2008-11-04 2012-05-01 Bitdefender IPR Management Ltd. Dynamic streaming message clustering for rapid spam-wave detection
US8438638B2 (en) * 2010-04-08 2013-05-07 At&T Intellectual Property I, L.P. Bot-network detection based on simple mail transfer protocol (SMTP) characteristics of e-mail senders within IP address aggregates

Also Published As

Publication number Publication date
JP2014023144A (en) 2014-02-03
EP2873217A1 (en) 2015-05-20
US8769677B2 (en) 2014-07-01
JP6053568B2 (en) 2016-12-27
US20140020066A1 (en) 2014-01-16
WO2014011799A1 (en) 2014-01-16
EP2873217A4 (en) 2016-03-23

Similar Documents

Publication Publication Date Title
IN2015DN01085A (en)
WO2016178088A3 (en) Systems and methods for detecting and reacting to malicious activity in computer networks
WO2013084068A3 (en) System and method for identifying related events in a resource network monitoring system
GB2509036A (en) Providing a network-accessible malware analysis
GB2529774A (en) Methods and systems for improved document comparison
MX348693B (en) Method and system for tagging information about image, apparatus and computer-readable recording medium thereof.
WO2013172898A3 (en) System for detecting, analyzing, and controlling infiltration of computer and network systems
WO2013077987A3 (en) Management of privacy settings for a user device
GB2485121A (en) Dynamically managing a social network
PH12014502159A1 (en) Method, system, and apparatus for exchanging data between client devices
WO2013108043A3 (en) Improved positioning system
MX342021B (en) System for automatic structure footprint detection from oblique imagery.
MX343875B (en) Method and system for determining image similarity.
GB201109873D0 (en) Object detection metadata
WO2014047465A3 (en) Collision prediction
WO2014146086A3 (en) Computer-based method and system of analyzing, editing and improving content
MX352127B (en) Real-world view of location-associated social data.
NZ629509A (en) Family networks
WO2011156799A8 (en) Detecting state estimation network model data errors
PH12016501476A1 (en) Method and apparatus for social relation analysis and management
EP2811417A3 (en) Systems and methods for synchronizing geographic information system (GIS) network models
PH12016501255A1 (en) Improved molecular breeding methods
IN2014DN05680A (en)
EP2685695A4 (en) Method, system and computer storage medium for displaying microblog wall
MY187577A (en) Method and system for recognizing faces