Innovation

A Method For The Generation and Use of Global Network Reputation

University of Michigan
posted on 02/09/2012

A Method For The Generation and Use of Global Network Reputation


Innovation Details
 

Detailed Description

Reputation Systems for Network Security Reputation systems, used in IPS (Intruder Prevention Systems) and UTM (Unified Thread Management) systems, have seen rapid adoption as an integral part of operational network security. These host reputation systems simply publish a list of IP addresses that have been identified as origins of malicious behavior. These lists can be used to identify infected hosts in a given network for cleanup or in block lists to prevent traffic to and from such hosts. But, malicious behavior of hosts is often a reflection of the general security posture of a given network. Network reputation (as opposed to host reputation) is a measure that aims to capture the overall security and health condition of a network. Such a measure, when established globally and uniformly, will allow the Internet community to easily interpret the relative security posture of a given network, and to adopt the appropriate local security policy that is consistent with the perceived risks when communicating with another network. More importantly, this will provide the incentive for the administrators and operators of a network to enhance its security image by adopting better and more effective security measures. Current revenues in IPS and UTM border $4.5 Billion in revenues, and this technology will be key for companies trying to stay competitive in this market. Network Reputation Systems Researchers at the University of Michigan have developed a methodology and architecture for generating and using a global network reputation system. In a lot of ways this network reputation system can be considered similar in nature to the consumer credit rating system as the reputation index of a network is a direct reflection of the relative security posture, policies and health of that network or organization. The technology compiles information from passive data sources, other networks, and active data gathering to provide a single network reputation index. This index is then used to select the security policies to be followed when interacting with the network in question. Applications • Network Security Applications • Firewall Policies • Network Security Policies • Application Security • Secure Routing of Network Traffic • E-mail SPAM Detection • IPS (Intrusion Prevention Systems) • UTM (Unified Threat Management) Advantages • Help assess the security risk of entire networks, instead of individual hosts. • Integrate the knowledge of other networks in our policy decisions. • Allow for increased flexibility when selecting security policies for interacting with unknown networks. • Provide an incentive for network administrators to address security issues in order to maintain a good reputation.

File Number: 4993 


IP Protection


License Online

This innovation currently is not available for online licensing. Please contact Drew Bennett at University of Michigan for more information.

Request more info via email request more info
People

Case Manager:

Drew Bennett Drew Bennett

Innovations (118)


Download Technology Brief (PDF)


Followed By

Follow this innovation



No one is following this innovation.

Organization
Communities
Profile
Related Tags

Find more innovations


February 11, 2009

12,576 members 18,785 innovations 176 organizations

Browse

Linda L. Restifo, M.D., Ph.D. - University of Arizona

"I want to say again how happy I am about the iBridge Network mechanism. This seems ideal for NeuronMetrics and I'm very pleased we will be part of this venture."  read more...