US Patent No. 9,258,328

IDENTIFYING MALICIOUS DEVICES WITHIN A COMPUTER NETWORK


Patent No. 9,258,328
Issue Date February 09, 2016 
Title Identifying Malicious Devices Within A Computer Network
Inventorship Oskar Ibatullin, Sunnyvale, CA (US)
Kyle Adams, West Henrietta, NY (US)
Daniel J. Quinlan, Sunnyvale, CA (US)
Assignee Juniper Networks, Inc., Sunnyvale, CA (US)

Claim of US Patent No. 9,258,328

1. A method comprising:
receiving, by a security device, from a device, network traffic directed to one or more computing devices protected by the
security device;

determining, based on content of the network traffic, a first set of data points for the device, the first set of data points
specifying characteristics of a software application executing at the device;

sending, by the security device, a response to the device to ascertain a second set of data points for the device, the second
set of data points including characteristics of an operating environment provided by and local to the device;

receiving, by the security device and from the device, at least a portion of the second set of data points;
determining whether the received portion of the second set of data points and the first set of data points include inconsistent
information;

determining, based on the inconsistent information, a maliciousness rating for the device, wherein the maliciousness rating
indicates an increased likelihood that the device is malicious in response to determining that the received portion of the
second set of data points and the first set of data points include inconsistent information and a decreased likelihood that
the device is malicious in response to determining that the received portion of the second set of data points and the first
set of data points include consistent information; and

selectively managing, based on the maliciousness rating, additional network traffic directed to the one or more computing
devices protected by the security device and received from the device.