Systems and methods for inferring entity relationships via network communications of users or user devices

1 - 21 . (canceled) 22 . A method for inferring a relationship between two entities, the method comprising the steps of: receiving at a server, from a network device, composite flow information corresponding to a plurality of flows, wherein each individual flow information comprises a source network identifier and a destination network identifier; determining that for a subset of the plurality of flows: (i) the source network identifier in each flow in the subset belongs to a first set of network identifiers, each of which being associated with a first entity, and (ii) the destination network identifier in each flow in the subset belongs to a second set of network identifiers, each of which being associated with a second entity; and determining that a relationship exists between the first entity and the second entity based on, one or more of: (i) a total number of flows in the subset, (ii) a frequency of the flows in the subset, (iii) a total size of the flows in the subset, (iv) a port associated with the flows in the subset. 23 . The method of claim 1 , wherein determining the existence of the relationship comprises determining that: the total number of the flows in the subset is at least equal to a specified flow-count threshold; or the frequency of the flows in the subset is at least equal to a specified flow-frequency threshold; or the total size of the flow in the subset is at least equal to a specified flow-size threshold. 24 . The method of claim 2 , wherein the flow-count threshold, the flow-frequency threshold, or the flow-size threshold is based on, at least in part, a size of the first entity or a size of the second entity. 25 . The method of claim 1 , wherein determining the existence of the relationship comprises identifying a type of a port associated with the subset of flows. 26 . The method of claim 4 , wherein the port type is a file transfer protocol (FTP) port, or a simple mail transfer protocol (SMTP) port. 27 . The method of claim 1 , wherein the determination of existence of the relationship is based on, at least in part, an additional determination that one or more of the network identifiers in the second set are designated for an entity having a relationship with the second entity. 28 . The method of claim 1 , wherein the network device is associated with an Internet service provider (ISP) or an Internet exchange point (IXP), the ISP or the IXP being different from the first entity and the second entity. 29 . The method of claim 1 , wherein: the network device comprises a domain name system (DNS) resolver; and a first individual flow information comprises a first source network identifier, a first destination network identifier, and a response from a reputation service corresponding to the first source network identifier. 30 . A system for inferring a relationship between two entities, comprising: a processor; a network port in communication with the processor and adapted to receive composite flow information corresponding to a plurality of flows; and a memory coupled to the processor and comprising instructions, which when executed by the processor, program the processor to: receive from a network device, the composite flow information corresponding to a plurality of flows, wherein each individual flow information comprises a source network identifier and a destination network identifier; determine that for a subset of the plurality of flows: (i) the source network identifier in each flow in the subset belongs to a first set of network identifiers, each of which being associated with a first entity, and (ii) the destination network identifier in each flow in the subset belongs to a second set of network identifiers, each of which being associated with a second entity; and determine that a relationship exists between the first entity and the second entity based on, one or more of: (i) a total number of flows in the subset, (ii) a frequency of the flows in the subset, (iii) a total size of the flows in the subset, (iv) a port associated with the flows in the subset. 31 . The system of claim 30 , wherein to determine the existence of the relationship, the instructions program the processor to determine that: the total number of the flows in the subset is at least equal to a specified flow-count threshold; or the frequency of the flows in the subset is at least equal to a specified flow-frequency threshold; or the total size of the flow in the subset is at least equal to a specified flow-size threshold. 32 . The system of claim 31 , wherein the flow-count threshold, the flow-frequency threshold, or the flow-size threshold is based on, at least in part, a size of the first entity or a size of the second entity. 33 . The system of claim 30 , wherein to determine the existence of the relationship, the instructions program the processor to: identify a type of a port associated with the subset of flows. 34 . The system of claim 33 , wherein the port type is a file transfer protocol (FTP) port, or a simple mail transfer protocol (SMTP) port. 35 . The system of claim 30 , wherein to determine the existence of the relationship, the instructions program the processor further to: determine that one or more of the network identifiers in the second set are designated for an entity having a relationship with the second entity. 36 . The system of claim 30 , wherein the network device is associated with an Internet service provider (ISP) or an Internet exchange point (IXP), the ISP or the IXP being different from the first entity and the second entity. 37 . The system of claim 30 , wherein: the network device comprises a domain name system (DNS) resolver; and a first individual flow information comprises a first source network identifier, a first destination network identifier, and a response from a reputation service corresponding to the first source network identifier.