logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 11444971 B1

PDFFull Text
Date of Patent:
Sep. 13, 2022

Filed:

Oct. 06, 2020

Method for assessing the quality of network-related indicators of compromise

Applicant:

Nozomi Networks Sagl, Mendrisio, CH;

Inventors:

Ivan Speziale, Forcola, IT;

Alessandro Di Pinto, Malnate, IT;

Moreno Carullo, Gavirate, IT;

Andrea Carcano, San Francisco, CA (US);

Assignee:

Nozomi Networks Sagl, Mendrisio, CH;

Attorney:

Jason Lee DeFrancesco

Primary Examiner:

Teshome Hailu

Int. Cl.
CPC ...
H04L 9/40 (2022.01);
U.S. Cl.
CPC ...
H04L 63/1433 (2013.01); H04L 63/1425 (2013.01); H04L 63/1441 (2013.01); H04L 63/164 (2013.01); H04L 63/20 (2013.01);
Abstract

The present invention relates to a method for assessing the quality of network-related Indicators of Compromise comprising the phase of calculating, by a computerized data processing unit, a quality score for Indicators of Compromise of the IP Address type, the steps of assigning an autonomous system score of the IP Address according to a predefined range of values based on a database of autonomous system owners, assigning a subnet score of said IP Address according to a predefined range of values based on a database of subnet owners, assigning a services hosted score of the IP Address according to a predefined range of values based on known malicious services hosted by the IP Address before the phase of calculating the quality score, calculating the IP Address quality score as sum of the autonomous system score, subnet score and services hosted score and wherein the method comprises a phase of evaluating the calculated quality score comprises, for each of the Indicators of Compromise of the IP Address type, the step of assessing the Indicators of Compromise of the IP Address type as malicious when the IP Address quality score exceed a predefined IP Address quality threshold.

Find Patent Forward Citations

Loading…