A Method For The Generation and Use of Global Network Reputation

University of Michigan
posted on 02/09/2012

A Method For The Generation and Use of Global Network Reputation

Innovation Details

Detailed Description

Reputation Systems for Network Security Reputation systems, used in IPS (Intruder Prevention Systems) and UTM (Unified Thread Management) systems, have seen rapid adoption as an integral part of operational network security. These host reputation systems simply publish a list of IP addresses that have been identified as origins of malicious behavior. These lists can be used to identify infected hosts in a given network for cleanup or in block lists to prevent traffic to and from such hosts. But, malicious behavior of hosts is often a reflection of the general security posture of a given network. Network reputation (as opposed to host reputation) is a measure that aims to capture the overall security and health condition of a network. Such a measure, when established globally and uniformly, will allow the Internet community to easily interpret the relative security posture of a given network, and to adopt the appropriate local security policy that is consistent with the perceived risks when communicating with another network. More importantly, this will provide the incentive for the administrators and operators of a network to enhance its security image by adopting better and more effective security measures. Current revenues in IPS and UTM border $4.5 Billion in revenues, and this technology will be key for companies trying to stay competitive in this market. Network Reputation Systems Researchers at the University of Michigan have developed a methodology and architecture for generating and using a global network reputation system. In a lot of ways this network reputation system can be considered similar in nature to the consumer credit rating system as the reputation index of a network is a direct reflection of the relative security posture, policies and health of that network or organization. The technology compiles information from passive data sources, other networks, and active data gathering to provide a single network reputation index. This index is then used to select the security policies to be followed when interacting with the network in question. Applications • Network Security Applications • Firewall Policies • Network Security Policies • Application Security • Secure Routing of Network Traffic • E-mail SPAM Detection • IPS (Intrusion Prevention Systems) • UTM (Unified Threat Management) Advantages • Help assess the security risk of entire networks, instead of individual hosts. • Integrate the knowledge of other networks in our policy decisions. • Allow for increased flexibility when selecting security policies for interacting with unknown networks. • Provide an incentive for network administrators to address security issues in order to maintain a good reputation.

File Number: 4993 

IP Protection

Patent Number(s): 14/627736

License Online

This innovation currently is not available for online licensing. Please contact Jessica Soulliere at University of Michigan for more information.

Request more info via email request more info

Case Manager:

Jessica Soulliere Jessica Soulliere

Innovations (62)

Download Technology Brief (PDF)

Followed By

Follow this innovation

No one is following this innovation.

Related Tags

Find more innovations

February 11, 2009

13,501 members 17,755 innovations 176 organizations


Martin Lehr, Osage University Partners

"iBridge is a great resource for entrepreneurs who are looking for technologies to license. Many premiere universities including Michigan, Columbia, MIT, Penn, and Harvard, participate in the iBridge program."  read more...