1. Field of the Invention
The present invention generally relates to identifying threat IP addresses (“threat IP's”) on the internet and publishing information about threat IP's for consumption by network management products and network administrators to manage risk in network communications.
2. Description of the Related Art
The threat landscape is constantly changing, from the actors involved, as identified by IP addresses, URLs, and files, to the vectors of attack that they employ. As technology evolves, adding new paradigms such as cloud computing or social networking, new opportunities are created for exploitation by these bad actors. The key vector of attack is the web.
The motivation for ‘hacking’ or attacks upon vulnerable networks has also evolved, from simple notoriety and bragging rights to profit, which has significantly increased the investment in malicious software design and implementation, leading to more sophisticated and difficult to detect attacks.
Enterprises, and even the security solutions vendors themselves, have limited visibility into all of the malicious activity occurring on the internet, so there is a need to share data to increase visibility and gain better protection against a broader range of attacks.
Definitions for various terms are set forth below. Domain Name System (“DNS”) translates Internet domain names into numerical IP addresses.
HyperText Markup Language (HTML) is a method of mixing text and other content with layout and appearance commands in a text file, so that a browser can generate a displayed image from the file.
Hypertext Transfer Protocol (HTTP) is a set of conventions for controlling the transfer of information via the Internet from a Web server computer to a client computer, and also from a client computer to a Web server.
Internet is the worldwide, decentralized totality of server computers and data-transmission paths which can supply information to a connected and browser-equipped client computer, and can receive and forward information entered from the client computer.
Internet protocol (IP) is an address is the numerical reference for any device on a computer network using an Internet Protocol for communication between communication nodes.
Sub-domain is a label to the left of a top level domain of a domain name such as www. uspto.gov wherein uspto is a sub-domain.
Top level domain is the right most portion of a domain name such as www uspto.gov wherein .gov is the top level domain.
URL or Uniform Resource Locator is an address on the World Wide Web.
Web-Browser is a complex software program, resident in a client computer, that is capable of loading and displaying text and images and exhibiting behaviors as encoded in HTML (HyperText Markup Language) from the Internet, and also from the client computer's memory. Major browsers include MICROSOFT INTERNET EXPLORER, CHROME, APPLE SAFARI, MOZILLA FIREFOX, and OPERA.
Web-Server is a computer able to simultaneously manage many Internet information-exchange processes at the same time. Normally, server computers are more powerful than client computers, and are administratively and/or geographically centralized. An interactive-form information-collection process generally is controlled from a server computer, to which the sponsor of the process has access. Servers usually contain one or more processors (CPUs), memories, storage devices and network interface cards. Servers typically store the HTML documents and/or execute code that generates Web-pages that are sent to clients upon request. An interactive-form information-collection process generally is controlled from a server computer, to which the sponsor of the process has access.
Thus, there is a need to identify threatening events emanating from IP addresses in real-time, or as close as possible thereto, in order to warn network management products and network administrators of these threatening IP addresses.