Patents by Inventor Gideon Zenz
Gideon Zenz has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11663331Abstract: A computer-implemented method, a computer program product, and a computer system for creating malware domain sinkholes by domain clustering. The computer system clusters malware domains into domain clusters. The computer system collects domain metrics in the domain clusters. The computer system sorts clustered malware domains in the respective ones of the domain clusters, based on the domain metrics. The computer system selects, from the clustered malware domains in the respective ones of the domain clusters, a predetermined number of top domains as candidates of respective domain sinkholes, wherein the respective domain sinkholes are created for the respective ones of the domain clusters.Type: GrantFiled: February 10, 2020Date of Patent: May 30, 2023Assignee: International Business Machines CorporationInventors: Cheng-Ta Lee, Bo-Yu Kuo, Gideon Zenz, Andrii Iesiev, Jacobus P. Lodewijkx
-
Publication number: 20210248235Abstract: A computer-implemented method, a computer program product, and a computer system for creating malware domain sinkholes by domain clustering. The computer system clusters malware domains into domain clusters. The computer system collects domain metrics in the domain clusters. The computer system sorts clustered malware domains in the respective ones of the domain clusters, based on the domain metrics. The computer system selects, from the clustered malware domains in the respective ones of the domain clusters, a predetermined number of top domains as candidates of respective domain sinkholes, wherein the respective domain sinkholes are created for the respective ones of the domain clusters.Type: ApplicationFiled: February 10, 2020Publication date: August 12, 2021Inventors: Cheng-Ta Lee, Bo-Yu Kuo, Gideon Zenz, Andrii Iesiev, Jacobus P. Lodewijkx
-
Patent number: 10897483Abstract: A method for automated determination of IP address information of malicious attacks. An intrusion detection system may receive an index tree for storing IP addresses in one or more nodes of the index tree in a predefined sorting order. The instruction detection system may receive a data structure including a first set of one or more IP addresses from a honeypot system. The intrusion detection may receive unstructured data indicative of a second set of one or more IP addresses from a predefined data source. The intrusion detection system may process the unstructured data to determine the second set of one or more IP addresses. The intrusion detection system may insert each IP address of the first and second sets of one or more IP addresses into one or more nodes of the index tree.Type: GrantFiled: August 10, 2018Date of Patent: January 19, 2021Assignee: International Business Machines CorporationInventors: Dirk Harz, Matthias Seul, Jens Thamm, Gideon Zenz
-
Patent number: 10686807Abstract: A method for classification of suspicious activities is provided. In the method, a first intrusion detection system comprising a normal operation mode and which is connected to a second intrusion detection system by a first communications connection is implemented. In response to detecting a malfunction of the first communications connection, the first intrusion detection system is switched from the normal operation mode to a limited operation mode for receiving first data from one or more honeypot systems and second data from the second intrusion detection system. A prediction model for representing malicious attacks is generated by execution of a predefined classification algorithm with respect to the received data, wherein the predefined classification algorithm further determine a model evaluation metric with respect to the prediction model. The prediction model is deployed to detect the malicious attacks if the model evaluation metric meets a predefined validation condition.Type: GrantFiled: June 12, 2018Date of Patent: June 16, 2020Assignee: International Business Machines CorporationInventors: Gideon Zenz, Volker Vogeley, Dirk Harz, Mark Usher, Astrid Granacher
-
Publication number: 20200053122Abstract: A method for automated determination of IP address information of malicious attacks. An intrusion detection system may receive an index tree for storing IP addresses in one or more nodes of the index tree in a predefined sorting order. The instruction detection system may receive a data structure including a first set of one or more IP addresses from a honeypot system. The intrusion detection may receive unstructured data indicative of a second set of one or more IP addresses from a predefined data source. The intrusion detection system may process the unstructured data to determine the second set of one or more IP addresses. The intrusion detection system may insert each IP address of the first and second sets of one or more IP addresses into one or more nodes of the index tree.Type: ApplicationFiled: August 10, 2018Publication date: February 13, 2020Inventors: Dirk Harz, Matthias Seul, Jens Thamm, Gideon Zenz
-
Publication number: 20190379677Abstract: A method for classification of suspicious activities is provided. In the method, a first intrusion detection system comprising a normal operation mode and which is connected to a second intrusion detection system by a first communications connection is implemented. In response to detecting a malfunction of the first communications connection, the first intrusion detection system is switched from the normal operation mode to a limited operation mode for receiving first data from one or more honeypot systems and second data from the second intrusion detection system. A prediction model for representing malicious attacks is generated by execution of a predefined classification algorithm with respect to the received data, wherein the predefined classification algorithm further determine a model evaluation metric with respect to the prediction model. The prediction model is deployed to detect the malicious attacks if the model evaluation metric meets a predefined validation condition.Type: ApplicationFiled: June 12, 2018Publication date: December 12, 2019Inventors: Gideon Zenz, Volker Vogeley, Dirk Harz, Mark Usher, Astrid Granacher
-
Patent number: 10284578Abstract: A mechanism is provided for blocking IP connection addresses and prefixes. Header information is extracted from an incoming connection request. A determination is made as to whether a portion of an Internet Protocol address comprised in the header information is blacklisted. Responsive to a portion of the Internet Protocol address being blacklisted, a fingerprint is generated, and a determination is made as to whether the fingerprint is blacklisted. Responsive to the fingerprint being blacklisted, the underlying physical connection is dropped; data associated with the incoming connection request is stored in a buffer, the fingerprint is associated to the incoming connection request; the incoming connection request is merged with stored blacklisted requests of a related originating system; and shared prefixes of the Internet Protocol address of the stored blacklisted requests are filtered out.Type: GrantFiled: March 6, 2017Date of Patent: May 7, 2019Assignee: International Business Machines CorporationInventors: Dominik W. Brugger, Matthias Seul, Volker Vogeley, Gideon Zenz
-
Publication number: 20180255075Abstract: A mechanism is provided for blocking IP connection addresses and prefixes. Header information is extracted from an incoming connection request. A determination is made as to whether a portion of an Internet Protocol address comprised in the header information is blacklisted. Responsive to a portion of the Internet Protocol address being blacklisted, a fingerprint is generated, and a determination is made as to whether the fingerprint is blacklisted. Responsive to the fingerprint being blacklisted, the underlying physical connection is dropped; data associated with the incoming connection request is stored in a buffer, the fingerprint is associated to the incoming connection request; the incoming connection request is merged with stored blacklisted requests of a related originating system; and shared prefixes of the Internet Protocol address of the stored blacklisted requests are filtered out.Type: ApplicationFiled: March 6, 2017Publication date: September 6, 2018Inventors: Dominik W. Brugger, Matthias Seul, Volker Vogeley, Gideon Zenz
-
Patent number: 9954882Abstract: Software that automatically detects anomalous attributes indicative of a potential intrusion in a computing system. The software performs the following operations: (i) determining a baseline pattern for one or more attributes of a computing system, based on a first set of statistical thresholds determined for received values of the one or more attributes, wherein the received values correspond to one or more time periods, and on a second set of statistical thresholds determined for a first subset of values of the received values of the one or more attributes, wherein each value of the first subset exceeds the first set of statistical thresholds; and (ii) in response to identifying, based on the determined baseline pattern, anomalous values in monitored additional values of the one or more attributes, sending an alert to a user of the computing system indicating that a potential intrusion in the computing system has occurred.Type: GrantFiled: July 27, 2016Date of Patent: April 24, 2018Assignee: International Business Machines CorporationInventors: Hyun Kyu Seo, Ronald B. Williams, Gideon Zenz
-
Publication number: 20170155674Abstract: Software that automatically detects anomalous attributes indicative of a potential intrusion in a computing system. The software performs the following operations: (i) determining a baseline pattern for one or more attributes of a computing system, based on a first set of statistical thresholds determined for received values of the one or more attributes, wherein the received values correspond to one or more time periods, and on a second set of statistical thresholds determined for a first subset of values of the received values of the one or more attributes, wherein each value of the first subset exceeds the first set of statistical thresholds; and (ii) in response to identifying, based on the determined baseline pattern, anomalous values in monitored additional values of the one or more attributes, sending an alert to a user of the computing system indicating that a potential intrusion in the computing system has occurred.Type: ApplicationFiled: July 27, 2016Publication date: June 1, 2017Inventors: Hyun Kyu Seo, Ronald B. Williams, Gideon Zenz
-
Patent number: 9471778Abstract: Software that automatically creates baselines from time series data of computer system activity, thereby providing immediate value from observed system data. The software performs the following operations: (i) receiving values of one or more attributes of a computing system that correspond to one or more time periods; (ii) determining a first set of statistical thresholds for the received values, wherein the received values include a subset of values that exceed the first set of statistical thresholds; (iii) determining a second set of statistical thresholds for the subset of values that exceed the first set of statistical thresholds; and (iv) determining a baseline pattern for the one or more attributes based, at least in part, on the determined first set of statistical thresholds and the determined second set of statistical thresholds.Type: GrantFiled: November 30, 2015Date of Patent: October 18, 2016Assignee: International Business Machines CorporationInventors: Hyun Kyu Seo, Ronald B. Williams, Gideon Zenz