US 11,757,905 B2
Unwanted tunneling alert system
Juan Ricafort, New York, NY (US); Harkirat Singh, New York, NY (US); and Philip Martin, San Jose, CA (US)
Assigned to Palantir Technologies Inc., Denver, CO (US)
Filed by Palantir Technologies Inc., Denver, CO (US)
Filed on Nov. 15, 2021, as Appl. No. 17/526,953.
Application 17/526,953 is a continuation of application No. 16/822,646, filed on Mar. 18, 2020, granted, now 11,201,879.
Application 16/822,646 is a continuation of application No. 15/891,873, filed on Feb. 8, 2018, granted, now 10,609,046, issued on Mar. 31, 2020.
Application 15/891,873 is a continuation of application No. 15/228,297, filed on Aug. 4, 2016, granted, now 9,930,055, issued on Mar. 27, 2018.
Application 15/228,297 is a continuation of application No. 14/823,935, filed on Aug. 11, 2015, granted, now 9,419,992, issued on Aug. 16, 2016.
Claims priority of provisional application 62/036,999, filed on Aug. 13, 2014.
Prior Publication US 2022/0150263 A1, May 12, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); H04L 61/5007 (2022.01); G06F 21/55 (2013.01)
CPC H04L 63/1416 (2013.01) [H04L 61/5007 (2022.05); H04L 63/029 (2013.01); H04L 63/0272 (2013.01); H04L 63/145 (2013.01); H04L 63/1425 (2013.01); H04L 63/1441 (2013.01); H04L 63/20 (2013.01); G06F 21/556 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computing system comprising:
a computer processor; and
a non-transitory computer readable storage medium storing program instructions configured for execution by the computer processor in order to cause the computing system to:
identify a first network address included in a first log and in a second log, wherein the first log identifies one or more second network addresses corresponding to one or more users granted access to a network, and wherein the second log identifies one or more third network addresses requested via the network;
determine based at least partly on the first network address, a score at least partly indicative of a likelihood that a malicious tunneling connection is present; and
generate user interface data that, when executed, causes a user device to display a user interface that depicts a notification derived from the score, wherein a user interface-based interaction with the notification causes the computing system to adjust determination of a future score.