首页>
外国专利>
UTILIZING CLUSTERING TO IDENTIFY IP ADDRESSES USED BY A BOTNET
UTILIZING CLUSTERING TO IDENTIFY IP ADDRESSES USED BY A BOTNET
展开▼
机译:利用群集来识别僵尸网络使用的IP地址
展开▼
页面导航
摘要
著录项
相似文献
摘要
Methods and systems are provided for identifying suspect Internet Protocol (IP) addresses, in accordance with embodiments described herein. In particular, embodiments described herein include obtaining a set of login pairs comprising login identifiers (e.g., user identifiers) and IP addresses used in attempts to login to a source. A set of IP clusters is generated using the set of login pairs. Each IP cluster can include one or more IP addresses identified as related based on a login identifier being used to attempt to login to the source via multiple IP addresses or an IP address being used to attempt to login to the source via multiple login identifiers. Thereafter, it is determined that a particular IP cluster exceeds a threshold amount of IP addresses. Each of the IP addresses within the particular IP cluster is designated as a suspect IP address.
展开▼