Patents by Inventor Derek Abdine
Derek Abdine has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11729189Abstract: Methods and systems for monitoring network activity. Various embodiments may deploy virtual security appliances to a certain location or with a specific configuration based on data regarding previous attacks and attacker activity. Accordingly, the deployed virtual security appliance(s) are better suited to gather more useful behavior regarding threat actor behavior and attacks.Type: GrantFiled: October 29, 2020Date of Patent: August 15, 2023Assignee: Rapid7, Inc.Inventors: Paul Deardorff, Derek Abdine, Andreas Galauner, Mark Momburg
-
Patent number: 11700276Abstract: Methods and systems for monitoring activity on a network. The systems may include a host computer executing a non-honeypot service. The host computer may also include a control module configured to enable or disable a honeypot service on the host computer in response to at least one of computational resource availability and configured tolerance for degraded service.Type: GrantFiled: September 28, 2020Date of Patent: July 11, 2023Assignee: Rapid7, Inc.Inventors: Roy Hodgman, Derek Abdine
-
Patent number: 11681936Abstract: Systems and methods are disclosed to infer, using a machine learned model, a service protocol of a server based on the banner data produced by the server. In embodiments, the machine learned model is implemented by a network scanner configured to receive banner data from open ports on servers. A received banner is parsed into a set of features, such as the counts or presence of particular characters or strings in the banner. In embodiments, certain types of banner content such as network addresses, hostnames, dates, and times, are replaced with special characters. The machine learned model is applied to the features to infer a most likely protocol of the server port that produced the banner. Advantageously, the model can be trained to perform the inference task with high accuracy and without using human-specified rules, which can be brittle for unconventional banner data and carry undesired biases.Type: GrantFiled: October 12, 2022Date of Patent: June 20, 2023Assignee: Rapid7, Inc.Inventors: Roy Hodgman, Derek Abdine, Thomas Sellers, Prashant Subbarao
-
Publication number: 20230034866Abstract: Systems and methods are disclosed to infer, using a machine learned model, a service protocol of a server based on the banner data produced by the server. In embodiments, the machine learned model is implemented by a network scanner configured to receive banner data from open ports on servers. A received banner is parsed into a set of features, such as the counts or presence of particular characters or strings in the banner. In embodiments, certain types of banner content such as network addresses, hostnames, dates, and times, are replaced with special characters. The machine learned model is applied to the features to infer a most likely protocol of the server port that produced the banner. Advantageously, the model can be trained to perform the inference task with high accuracy and without using human-specified rules, which can be brittle for unconventional banner data and carry undesired biases.Type: ApplicationFiled: October 12, 2022Publication date: February 2, 2023Applicant: Rapid7, Inc.Inventors: Roy Hodgman, Derek Abdine, Thomas Sellers, Prashant Subbarao
-
Patent number: 11522912Abstract: Disclosed herein are methods, systems, and processes for recovering opaque credentials in deception systems. A plaintext credential is received at a honeypot and a plaintext lookup table is accessed. It is determined that the plaintext credential does not exist in the plaintext lookup table and the plaintext credential is added to the plaintext lookup table and a protocol specific plaintext lookup table. An opaque credential is generated for the plaintext credential and the opaque credential is added to a protocol specific opaque lookup table.Type: GrantFiled: March 18, 2021Date of Patent: December 6, 2022Assignee: Rapid7, Inc.Inventors: Thomas Eugene Sellers, Derek Abdine
-
Patent number: 11507860Abstract: Systems and methods are disclosed to infer, using a machine learned model, a service protocol of a server based on the banner data produced by the server. In embodiments, the machine learned model is implemented by a network scanner configured to receive banner data from open ports on servers. A received banner is parsed into a set of features, such as the counts or presence of particular characters or strings in the banner. In embodiments, certain types of banner content such as network addresses, hostnames, dates, and times, are replaced with special characters. The machine learned model is applied to the features to infer a most likely protocol of the server port that produced the banner. Advantageously, the model can be trained to perform the inference task with high accuracy and without using human-specified rules, which can be brittle for unconventional banner data and carry undesired biases.Type: GrantFiled: February 24, 2020Date of Patent: November 22, 2022Assignee: Rapid7, Inc.Inventors: Roy D. Hodgman, Derek Abdine, Thomas E. Sellers, Prashant Subbarao
-
Publication number: 20210226992Abstract: Disclosed herein are methods, systems, and processes for recovering opaque credentials in deception systems. A plaintext credential is received at a honeypot and a plaintext lookup table is accessed. It is determined that the plaintext credential does not exist in the plaintext lookup table and the plaintext credential is added to the plaintext lookup table and a protocol specific plaintext lookup table. An opaque credential is generated for the plaintext credential and the opaque credential is added to a protocol specific opaque lookup table.Type: ApplicationFiled: March 18, 2021Publication date: July 22, 2021Applicant: Rapid7, Inc.Inventors: Thomas Eugene Sellers, Derek Abdine
-
Patent number: 10986130Abstract: Disclosed herein are methods, systems, and processes for recovering opaque credentials in deception systems. A plaintext credential is received at a honeypot and a plaintext lookup table is accessed. It is determined that the plaintext credential does not exist in the plaintext lookup table and the plaintext credential is added to the plaintext lookup table and a protocol specific plaintext lookup table. An opaque credential is generated for the plaintext credential and the opaque credential is added to a protocol specific opaque lookup table. Attack context metadata associated with the original attack event is generated and stored in the protocol specific opaque lookup table in association with the plaintext credential and the opaque credential. If the honeypot receives the opaque credential from a subsequent attacker who initiates a subsequent attack event, the protocol specific opaque lookup table is accessed and the plaintext credential associated with the opaque credential is recovered.Type: GrantFiled: June 10, 2019Date of Patent: April 20, 2021Assignee: Rapid7, Inc.Inventors: Thomas Eugene Sellers, Derek Abdine
-
Patent number: 10986128Abstract: Disclosed herein are methods, systems, and processes for recovering opaque credentials in deception systems. A plaintext credential is received at a honeypot and a plaintext lookup table is accessed. It is determined that the plaintext credential does not exist in the plaintext lookup table and the plaintext credential is added to the plaintext lookup table and a protocol specific plaintext lookup table. An opaque credential is generated for the plaintext credential and the opaque credential is added to a protocol specific opaque lookup table.Type: GrantFiled: March 29, 2019Date of Patent: April 20, 2021Assignee: Rapid7, Inc.Inventors: Thomas Eugene Sellers, Derek Abdine
-
Patent number: 10848507Abstract: Methods and systems for monitoring network activity. Various embodiments may deploy virtual security appliances to a certain location or with a specific configuration based on data regarding previous attacks and attacker activity. Accordingly, the deployed virtual security appliance(s) are better suited to gather more useful behavior regarding threat actor behavior and attacks.Type: GrantFiled: June 18, 2019Date of Patent: November 24, 2020Assignee: Rapid7, Inc.Inventors: Paul Deardorff, Derek Abdine, Andreas Galauner, Mark Momburg
-
Patent number: 10826939Abstract: Methods and systems for monitoring activity on a network. The systems may include a host computer executing a non-honeypot service. The host computer may also include a control module configured to enable or disable a honeypot service on the host computer in response to at least one of computational resource availability and configured tolerance for degraded service.Type: GrantFiled: January 19, 2018Date of Patent: November 3, 2020Assignee: Rapid7, Inc.Inventors: Roy Hodgman, Derek Abdine
-
Patent number: 10367832Abstract: Methods and systems for monitoring network activity. Various embodiments may deploy virtual security appliances to a certain location or with a specific configuration based on data regarding previous attacks and attacker activity. Accordingly, the deployed virtual security appliance(s) are better suited to gather more useful behavior regarding threat actor behavior and attacks.Type: GrantFiled: January 27, 2017Date of Patent: July 30, 2019Assignee: Rapid7, Inc.Inventors: Paul Deardorff, Derek Abdine, Andreas Galauner, Mark Momburg
-
Publication number: 20190230124Abstract: Methods and systems for monitoring activity on a network. The systems may include a host computer executing a non-honeypot service. The host computer may also include a control module configured to enable or disable a honeypot service on the host computer in response to at least one of computational resource availability and configured tolerance for degraded service.Type: ApplicationFiled: January 19, 2018Publication date: July 25, 2019Inventors: Roy Hodgman, Derek Abdine
-
Publication number: 20180219880Abstract: Methods and systems for monitoring network activity. Various embodiments may deploy virtual security appliances to a certain location or with a specific configuration based on data regarding previous attacks and attacker activity. Accordingly, the deployed virtual security appliance(s) are better suited to gather more useful behavior regarding threat actor behavior and attacks.Type: ApplicationFiled: January 27, 2017Publication date: August 2, 2018Inventors: Paul Deardorff, Derek Abdine, Andreas Galauner, Mark Momburg