Patents by Inventor Karel Mittig
Karel Mittig has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10757118Abstract: A method for aiding detection of infection of a terminal by malware. The method includes: reception of a current request originating from the terminal asking for access to a resource of a network; detection that the resource requested is malevolent; when the current request includes a reference to an initial resource, verification that access to the initial resource has been requested from the terminal in at least one earlier request, the initial resource having been detected legitimate during processing of the earlier request; and wherein the current request being then considered to be an attempt to infect the terminal.Type: GrantFiled: October 10, 2016Date of Patent: August 25, 2020Assignee: ORANGEInventors: Karel Mittig, Fabien Bignon
-
Publication number: 20180316697Abstract: A method for aiding detection of infection of a terminal by malware. The method includes: reception of a current request originating from the terminal asking for access to a resource of a network; detection that the resource requested is malevolent; when the current request includes a reference to an initial resource, verification that access to the initial resource has been requested from the terminal in at least one earlier request, the initial resource having been detected legitimate during processing of the earlier request; and wherein the current request being then considered to be an attempt to infect the terminal.Type: ApplicationFiled: October 10, 2016Publication date: November 1, 2018Inventors: Karel Mittig, Fabien Bignon
-
Patent number: 10091223Abstract: The invention concerns a method for detecting anomalies in network traffic, said traffic being transmitted by a server (10) in response to requests from at least one client device (11), the method comprising: —a step (E10) of receiving a request, said request being of a given type, —a step (E11) of receiving a response to the request, —a step (E13) of constructing a current bit vector (VN), representative of the response, —a step (E17) of calculating a similarity index representative of a distance between the current bit vector and a model bit vector (Vmod) associated with the request type, —a step of checking (E18) that the similarity index (Isc) does not belong to a compliance interval (IC) calculated for the request type, an anomaly being detected when the similarity index does not belong to the compliance interval.Type: GrantFiled: September 25, 2014Date of Patent: October 2, 2018Assignee: OrangeInventors: Karel Mittig, Fabien Bignon
-
Patent number: 10079857Abstract: Method of forestalling attacks in a network, by slowing down a communication in a network including at least one computer including malware aimed at establishing a communication with a control server. The method includes: reception of a request to transfer data originating from the computer, indicating that the IP address of the security server has been provided to the computer in response to a domain name resolution request including a domain name associated with the IP address of the control server, the domain name being included in a black list; waiting for a smaller duration than an expiry period for a transport protocol transporting packets of the communication, a session being maintained during this expiry period in the event of inactivity; and dispatching a packet including a byte generated pseudo-randomly so as to maintain the session active.Type: GrantFiled: December 16, 2014Date of Patent: September 18, 2018Assignee: ORANGEInventors: Karel Mittig, Nicolas Deschamps, Hachem Guerid
-
Patent number: 9866577Abstract: A method for detecting intrusions on a set of virtual resources in a computer system including at least one physical machine hosting the set of virtual resources. The method includes: calculating an intrusion detection itinerary defined by a sequence of virtual resources from the set, the virtual resources being integrated and arranged in the sequence on the basis of respective vulnerability criticality levels assigned to the virtual resources of the set; and carrying out an intrusion detection operation, following the calculated itinerary.Type: GrantFiled: May 7, 2012Date of Patent: January 9, 2018Assignee: ORANGEInventors: Sylvie Laniepce, Fabien Bignon, Karel Mittig
-
Patent number: 9536077Abstract: A method is provided for attack detection and protection of a set of virtual machines in a system, which includes at least one first host server hosting said set of virtual machines. The method includes: receiving an attack detection message regarding a virtual machine, triggering a first migration of the virtual machine from the first host server toward a security system, and receiving an attack treatment message regarding the migrated virtual machine.Type: GrantFiled: June 21, 2012Date of Patent: January 3, 2017Assignee: ORANGEInventors: Fabien Bignon, Sylvie Laniepce, Karel Mittig
-
Publication number: 20160337402Abstract: Method of forestalling attacks in a network, by slowing down a communication in a network including at least one computer including malware aimed at establishing a communication with a control server. The method includes: reception of a request to transfer data originating from the computer, indicating that the IP address of the security server has been provided to the computer in response to a domain name resolution request including a domain name associated with the IP address of the control server, the domain name being included in a black list; waiting for a smaller duration than an expiry period for a transport protocol transporting packets of the communication, a session being maintained during this expiry period in the event of inactivity; and dispatching a packet including a byte generated pseudo-randomly so as to maintain the session active.Type: ApplicationFiled: December 16, 2014Publication date: November 17, 2016Inventors: Karel Mittig, Nicolas Deschamps, Hachem Guerid
-
Publication number: 20160219069Abstract: The invention concerns a method for detecting anomalies in network traffic, said traffic being transmitted by a server (10) in response to requests from at least one client device (11), the method comprising: a step (E10) of receiving a request, said request being of a given type, a step (E11) of receiving a response to the request, a step (E13) of constructing a current bit vector (VN), representative of the response, a step (E17) of calculating a similarity index representative of a distance between the current bit vector and a model bit vector (Vmod) associated with the request type, a step of checking (E18) that the similarity index (Isc) does not belong to a compliance interval (IC) calculated for the request type, an anomaly being detected when the similarity index does not belong to the compliance interval.Type: ApplicationFiled: September 25, 2014Publication date: July 28, 2016Inventors: Karel Mittig, Fabien Bignon
-
Publication number: 20140223556Abstract: A method is provided for attack detection and protection of a set of virtual machines in a system, which includes at least one first host server hosting said set of virtual machines. The method includes: receiving an attack detection message regarding a virtual machine, triggering a first migration of the virtual machine from the first host server toward a security system, and receiving an attack treatment message regarding the migrated virtual machine.Type: ApplicationFiled: June 21, 2012Publication date: August 7, 2014Applicant: ORANGEInventors: Fabien Bignon, Sylvie Laniepce, Karel Mittig
-
Publication number: 20140189868Abstract: A method for detecting intrusions on a set of virtual resources in a computer system including at least one physical machine hosting the set of virtual resources. The method includes: calculating an intrusion detection itinerary defined by a sequence of virtual resources from the set, the virtual resources being integrated and arranged in the sequence on the basis of respective vulnerability criticality levels assigned to the virtual resources of the set; and carrying out an intrusion detection operation, following the calculated itinerary.Type: ApplicationFiled: May 7, 2012Publication date: July 3, 2014Applicant: ORANGEInventors: Sylvie Laniepce, Fabien Bignon, Karel Mittig
-
Patent number: 7581014Abstract: A method of and module for masking application processing applied to a request for access to a server by a client workstation connected via successive proxy servers. The application of a first proxy server, is executed, the address of the client workstation is inserted into a specific data field of the access request message header, without calling for any IP spoofing function and the access request message for execution of successive application processing is sent to successive proxy servers. After execution of its application processing by a last proxy server and transmitting of the access request message to the server, the access request message is intercepted at a masking module, the specific field from the header is eliminated to mask the application processing, and a masked access request message is constructed and the masked access request message is sent from the masking module to the server.Type: GrantFiled: August 9, 2004Date of Patent: August 25, 2009Assignee: France TelecomInventors: Karel Mittig, Cedric Goutard, Pierre Agostini
-
Publication number: 20080288470Abstract: The invention concerns distributed DNS resolution of a DNS request comprising an FQDN domain name between terminal (T) and relevant parent server (SPP). The method consists in transmitting (A) a DNS request (r_DNS) to an extended intermediate relay server (SRE), and, in the absence of stored previous DNS resolution solution, inserting (B) in the request a DNS resolution extension variable (VE) to generate an extended DNS request (er_DNS), transmitting (C) the extended request to the parent server. Upon verification of the variable, searching (D) for a distributed DNS resolution agent (A_R_D), transmitting (E) an extended DNS reply EA DNS, containing the agent (A_R_D) to the relay server, executing (F) the agent to generate a DNS reply (A_DNS@IP) comprising at least the (FQDN) IP address and transmitting (G) the reply A DNS(?IP) to the terminal. The invention is applicable to DNS resolution on IP local area network or on the Internet.Type: ApplicationFiled: August 25, 2005Publication date: November 20, 2008Applicant: FRANCE TELECOMInventors: Cedric Goutard, Karel Mittig
-
Publication number: 20050038898Abstract: A method of and module for masking application processing applied to a request for access to a server by a client workstation connected via successive proxy servers. The application of a first proxy server, is executed, the address of the client workstation is inserted into a specific data field of the access request message header, without calling for any IP spoofing function and the access request message for execution of successive application processing is sent to successive proxy servers.Type: ApplicationFiled: August 9, 2004Publication date: February 17, 2005Applicant: FRANCE TELECOMInventors: Karel Mittig, Cedric Goutard, Pierre Agostini