Session slicing of mirrored packets
US-12184680-B2 · Dec 31, 2024 · US
Data transfer for network interaction fraudulence detection
US9231982B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9231982-B2 |
| Application number | US-201414468891-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 26, 2014 |
| Priority date | Mar 22, 2007 |
| Publication date | Jan 5, 2016 |
| Grant date | Jan 5, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Transferring metadata is disclosed. Information about a network interaction is processed to generate metadata describing the network interaction. Based on the metadata it is determined whether the metadata is to be transferred to an aggregator. In the event that the metadata is to be transferred, one or more aggregators are determined to which the metadata is to be transferred. The metadata is transferred to the one or more aggregators.
First claim
Opening claim text (preview).
What is claimed is: 1. A system for acquiring and aggregating data for network fraudulence detection, the system comprising: a plurality of peers, each of the plurality of peers comprising an electronic processor and a storage device, and each of the plurality of peers being configured to: receive network interaction data from hardware configured to detect network traffic, determine, based on one or more models, a score for the received network interaction data, store the received network interaction data in association with the score in a database on the storage device, and forward, based on the score, the network interaction data to an aggregator; and an aggregator communicatively coupled to each of the plurality of peers, the aggregator comprising an electronic processor and a storage device, the aggregator being configured to: receive, from the plurality of peers, the network interaction data, generate, based on the network interaction data, model parameters, and generate reports regarding network interactions. 2. The system of claim 1 , wherein the score is determined based on at least one of the model parameters, network topology, or statistics regarding clicks. 3. The system of claim 2 , wherein the score is determined based on at least statistics regarding clicks, and wherein the statistics regarding clicks comprise statistics regarding at least one of interclick time or interclick distributions. 4. The system of claim 1 , wherein the score is determined based on at least an internet protocol address. 5. The system of claim 1 , wherein at least one of the plurality of peers comprises at least one model that is different from the models used by the other peers. 6. The system of claim 5 , wherein the aggregator is configured to provide the model parameters to each of the plurality of peers. 7. The system of claim 1 , wherein the aggregator comprises a model server configured to generate, based on the network interaction data, model parameters and to develop the one or more models. 8. The system of claim 7 , wherein the aggregator is further configured to provide the model parameters to the model server. 9. The system of claim 1 , wherein the aggregator is further configured to obtain a score for the network interaction data based on a model having the model parameters. 10. The system of claim 1 , wherein the network interaction data comprises an internet protocol address and a timestamp. 11. A method for acquiring and aggregating data for network fraudulence detection, the method comprising: receiving, by peer hardware of each of a plurality of peers, network interaction data, wherein each peer of the plurality of peers comprises an electronic processor and a storage device; determining, by each peer of the plurality of peers and based on one or more models, a respective score for respective network interaction data; storing, by each of the plurality of peers, respective received network interaction data in association with a respective score on a respective storage device; forwarding, based on a respective score, by each of the plurality of peers and to an aggregator communicatively coupled to each of the plurality of peers, the network interaction data; generating, by the aggregator and based on the network interaction data, model parameters, and generating, by the aggregator, reports regarding network interactions. 12. The method of claim 11 , wherein the determining a respective score comprises determining based on at least one of the model parameters, network topology, or statistics regarding clicks. 13. The method of claim 12 , wherein the determining a respective score comprises determining based on at least statistics regarding clicks, wherein the statistics regarding clicks comprise statistics regarding at least one of interclick time or interclick distributions. 14. The method of claim 11 , wherein the determining a respective score comprises determining based on at least an internet protocol address. 15. The method of claim 11 , wherein at least one of the plurality of peers comprises at least one model that is different from the models used by the other peers. 16. The method of claim 15 , further comprising providing, by the aggregator and to each of the plurality of peers, the model parameters. 17. The method of claim 11 , wherein the aggregator comprises a model server, the method further comprising generating, by the model server and based on the network interaction data, model parameters; and developing, by the model server, the one or more models. 18. The method of claim 17 , further comprising providing, by the aggregator and to the model server, the model parameters. 19. The method of claim 11 , further comprising obtaining, by the aggregator, a score for the network interaction data based on a model having the model parameters. 20. The method of claim 11 , wherein the network interaction data comprises an internet protocol address and a timestamp.
Assignees
Inventors
Classifications
Traffic logging, e.g. anomaly detection · CPC title
- H04L63/1416Primary
Event detection, e.g. attack signature detection · CPC title
- H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Rule management · CPC title
for detecting or protecting against malicious traffic · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9231982B2 cover?
- Transferring metadata is disclosed. Information about a network interaction is processed to generate metadata describing the network interaction. Based on the metadata it is determined whether the metadata is to be transferred to an aggregator. In the event that the metadata is to be transferred, one or more aggregators are determined to which the metadata is to be transferred. The metadata is …
- Who is the assignee on this patent?
- Comscore Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1416. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 05 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).