US Patent No. 9,258,328
IDENTIFYING MALICIOUS DEVICES WITHIN A COMPUTER NETWORK
| Patent No. | 9,258,328 |
|---|---|
| Issue Date | February 09, 2016 |
| Title | Identifying Malicious Devices Within A Computer Network |
| Inventorship | Oskar Ibatullin, Sunnyvale, CA (US) Kyle Adams, West Henrietta, NY (US) Daniel J. Quinlan, Sunnyvale, CA (US) |
| Assignee | Juniper Networks, Inc., Sunnyvale, CA (US) |
Claim of US Patent No. 9,258,328
1. A method comprising:
receiving, by a security device, from a device, network traffic directed to one or more computing devices protected by the
security device;
determining, based on content of the network traffic, a first set of data points for the device, the first set of data points
specifying characteristics of a software application executing at the device;
sending, by the security device, a response to the device to ascertain a second set of data points for the device, the second
set of data points including characteristics of an operating environment provided by and local to the device;
receiving, by the security device and from the device, at least a portion of the second set of data points;
determining whether the received portion of the second set of data points and the first set of data points include inconsistent
information;
determining, based on the inconsistent information, a maliciousness rating for the device, wherein the maliciousness rating
indicates an increased likelihood that the device is malicious in response to determining that the received portion of the
second set of data points and the first set of data points include inconsistent information and a decreased likelihood that
the device is malicious in response to determining that the received portion of the second set of data points and the first
set of data points include consistent information; and
selectively managing, based on the maliciousness rating, additional network traffic directed to the one or more computing
devices protected by the security device and received from the device.
receiving, by a security device, from a device, network traffic directed to one or more computing devices protected by the
security device;
determining, based on content of the network traffic, a first set of data points for the device, the first set of data points
specifying characteristics of a software application executing at the device;
sending, by the security device, a response to the device to ascertain a second set of data points for the device, the second
set of data points including characteristics of an operating environment provided by and local to the device;
receiving, by the security device and from the device, at least a portion of the second set of data points;
determining whether the received portion of the second set of data points and the first set of data points include inconsistent
information;
determining, based on the inconsistent information, a maliciousness rating for the device, wherein the maliciousness rating
indicates an increased likelihood that the device is malicious in response to determining that the received portion of the
second set of data points and the first set of data points include inconsistent information and a decreased likelihood that
the device is malicious in response to determining that the received portion of the second set of data points and the first
set of data points include consistent information; and
selectively managing, based on the maliciousness rating, additional network traffic directed to the one or more computing
devices protected by the security device and received from the device.