Patents by Inventor Nicolas BEAUCHESNE
Nicolas BEAUCHESNE has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9900336Abstract: Disclosed is an improved approach to implement a system and method for detecting insider threats, where models are constructed that is capable of defining what constitutes the normal behavior for any given hosts and quickly find anomalous behaviors that could constitute a potential threat to an organization. The disclosed approach provides a way to identify abnormal data transfers within and external to an organization without the need for individual monitoring software on each host, by leveraging metadata that describe the data exchange patterns observed in the network.Type: GrantFiled: November 2, 2015Date of Patent: February 20, 2018Assignee: Vectra Networks, Inc.Inventors: Nicolas Beauchesne, David Lopes Pegna
-
Patent number: 9853988Abstract: An approach for detecting network attacks using metadata vectors may initially involve receiving network communications or packets, extracting metadata items from the packets. The metadata items describe the communications without requiring deep content inspection of the data payload or contents. The communications may be clustered into groups using the metadata items. If a cluster exceeds a threshold, an alarm may be generated.Type: GrantFiled: November 17, 2015Date of Patent: December 26, 2017Assignee: Vectra Networks, Inc.Inventors: Nicolas Beauchesne, David Lopes Pegna, Karl Lynn
-
Patent number: 9847968Abstract: A host identification engine receives network traffic from a network and uses one or more artifact extractors to extract artifact data items that can identify a host. The artifact data items can be stored in a host signature database. Network addresses to which the hosts correspond can be stored in a network address database. A mapping table can be implemented to match the data in the signature database and network database to generate durable host identification data that can accurately track hosts as they use different identification data and/or move between hosts.Type: GrantFiled: March 10, 2015Date of Patent: December 19, 2017Assignee: Vectra Networks, Inc.Inventors: Nicolas Beauchesne, Monty Sher Gill, Oliver Kourosh Tavakoli
-
Patent number: 9628512Abstract: A system and method for detecting malicious relay communications is disclosed. Network communications can be received and analyzed using such network components as a network switch. The received traffic can be parsed into sessions. Relay metadata can be extracted from the sessions and further be used to categorize the sessions into one or more types of relay metadata behaviors. Once a significant amount of sessions are detected an alarm may be triggered and/or alarm data may be generated for analysis by network security administrators.Type: GrantFiled: March 10, 2015Date of Patent: April 18, 2017Assignee: Vectra Networks, Inc.Inventors: Ryan James Prenger, Nicolas Beauchesne, Karl Matthew Lynn
-
Patent number: 9602533Abstract: A method and system for detecting network reconnaissance is disclosed wherein network traffic can be parsed into unidirectional flows that correspond to sessions. A learning module may categorize computing entities inside the network into assets and generate asset data to monitor the computing entities. If one or more computing entities address a flow to an address of a host that no longer exists, ghost asset data may be recorded and updated in the asset data. When a computing entity inside the network contacts an object in the dark-net, the computing entity may be recorded a potential mapper. When the computing entity tries to contact a number of objects in the dark-net, such that a computed threshold is exceeded, the computing entity is identified a malicious entity performing network reconnaissance.Type: GrantFiled: March 10, 2015Date of Patent: March 21, 2017Assignee: Vectra Networks, Inc.Inventors: Nicolas Beauchesne, Sungwook Yoon
-
Patent number: 9565208Abstract: Approaches for detecting network intrusions, such as malware infection, Trojans, worms, or bot net mining activities includes: identifying one or more threat detections in session datasets, the session datasets corresponding to network traffic from a plurality of hosts; determining a layered detection score, the layered detection score corresponding to a certainty score and threat score; determining a layered host score, the layered host score corresponding to a certainty score and threat score; and generating alarm data comprising the layered detection score and the layered host score. In some embodiments, the network traffic may be received passively through a network switch; for example, by “tapping” the switch. Other additional objects, features, and advantages of the invention are described in the detailed description, figures and claims.Type: GrantFiled: March 10, 2015Date of Patent: February 7, 2017Assignee: Vectra Networks, Inc.Inventors: Oskar Ibatullin, Ryan James Prenger, Nicolas Beauchesne, Karl Matthew Lynn, Oliver Kourosh Tavakoli
-
Patent number: 9407647Abstract: A detection engine may be implemented by receiving network traffic and processing the traffic into one or more session datasets. Sessions not initiated by an internal host may be discarded. The frequency between the communication packets from the internal host to external host may be grouped or processed into rapid-exchange instances. The number of rapid-exchange instances, the time intervals between them, and/or the rhythm and directions of the initiation of the instances may be analyzed to determine that a human actor is manually controlling the external host. In some embodiments, when it is determined that only one human actor is involved, alarm data may be generated that indicates that a network intrusion involving manual remote control has occurred or is underway.Type: GrantFiled: March 10, 2015Date of Patent: August 2, 2016Assignee: Vectra Networks, Inc.Inventors: Nicolas Beauchesne, Ryan James Prenger
-
Publication number: 20160191563Abstract: Disclosed is an improved approach to implement a system and method for detecting insider threats, where models are constructed that is capable of defining what constitutes the normal behavior for any given hosts and quickly find anomalous behaviors that could constitute a potential threat to an organization. The disclosed approach provides a way to identify abnormal data transfers within and external to an organization without the need for individual monitoring software on each host, by leveraging metadata that describe the data exchange patterns observed in the network.Type: ApplicationFiled: November 2, 2015Publication date: June 30, 2016Applicant: VECTRA NETWORKS, INC.Inventors: Nicolas Beauchesne, David Lopes Pegna
-
Publication number: 20160191551Abstract: An approach for detecting network attacks using metadata vectors may initially involve receiving network communications or packets, extracting metadata items from the packets. The metadata items describe the communications without requiring deep content inspection of the data payload or contents. The communications may be clustered into groups using the metadata items. If a cluster exceeds a threshold, an alarm may be generated.Type: ApplicationFiled: November 17, 2015Publication date: June 30, 2016Applicant: VECTRA NETWORKS, INC.Inventors: Nicolas Beauchesne, David Lopes Pegna, Karl Lynn
-
Publication number: 20160149936Abstract: An approach for detecting network threats is disclosed, that may involve receiving network traffic, plotting the network traffic in a n-dimensional feature space to form a network map, generating a client signature at least by placing new client points in the map, setting a threshold, and generating an alarm if one or more client activity points exceed the threshold. In some embodiments, the network map and the client signature are updated using sliding windows and distance calculations.Type: ApplicationFiled: November 17, 2015Publication date: May 26, 2016Applicant: VECTRA NETWORKS, INC.Inventors: David Lopes Pegna, Nicolas Beauchesne
-
Publication number: 20150312211Abstract: A host identification engine receives network traffic from a network and uses one or more artifact extractors to extract artifact data items that can identify a host. The artifact data items can be stored in a host signature database. Network addresses to which the hosts correspond can be stored in a network address database. A mapping table can be implemented to match the data in the signature database and network database to generate durable host identification data that can accurately track hosts as they use different identification data and/or move between hosts.Type: ApplicationFiled: March 10, 2015Publication date: October 29, 2015Applicant: VECTRA NETWORKS, INC.Inventors: Nicolas Beauchesne, Monty Sher Gill, Oliver Kourosh Tavakoli
-
Publication number: 20150264078Abstract: A method and system for detecting network reconnaissance is disclosed wherein network traffic can be parsed into unidirectional flows that correspond to sessions. A learning module may categorize computing entities inside the network into assets and generate asset data to monitor the computing entities. If one or more computing entities address a flow to an address of a host that no longer exists, ghost asset data may be recorded and updated in the asset data. When a computing entity inside the network contacts an object in the dark-net, the computing entity may be recorded a potential mapper. When the computing entity tries to contact a number of objects in the dark-net, such that a computed threshold is exceeded, the computing entity is identified a malicious entity performing network reconnaissance.Type: ApplicationFiled: March 10, 2015Publication date: September 17, 2015Applicant: VECTRA NETWORKS, INC.Inventors: Nicolas Beauchesne, Sungwook Yoon
-
Publication number: 20150264061Abstract: Approaches for detecting network intrusions, such as malware infection, Trojans, worms, or bot net mining activities includes: identifying one or more threat detections in session datasets, the session datasets corresponding to network traffic from a plurality of hosts; determining a layered detection score, the layered detection score corresponding to a certainty score and threat score; determining a layered host score, the layered host score corresponding to a certainty score and threat score; and generating alarm data comprising the layered detection score and the layered host score. In some embodiments, the network traffic may be received passively through a network switch; for example, by “tapping” the switch. Other additional objects, features, and advantages of the invention are described in the detailed description, figures and claims.Type: ApplicationFiled: March 10, 2015Publication date: September 17, 2015Applicant: VECTRA NETWORKS, INC.Inventors: Oskar IBATULLIN, Ryan James PRENGER, Nicolas BEAUCHESNE, Karl Matthew LYNN, Oliver Kourosh TAVAKOLI
-
Publication number: 20150264069Abstract: A detection engine may be implemented by receiving network traffic and processing the traffic into one or more session datasets. Sessions not initiated by an internal host may be discarded. The frequency between the communication packets from the internal host to external host may be grouped or processed into rapid-exchange instances. The number of rapid-exchange instances, the time intervals between them, and/or the rhythm and directions of the initiation of the instances may be analyzed to determine that a human actor is manually controlling the external host. In some embodiments, when it is determined that only one human actor is involved, alarm data may be generated that indicates that a network intrusion involving manual remote control has occurred or is underway.Type: ApplicationFiled: March 10, 2015Publication date: September 17, 2015Applicant: Vectra Networks, Inc.Inventors: Nicolas Beauchesne, Ryan James Prenger
-
Publication number: 20150264083Abstract: A system and method for detecting malicious relay communications is disclosed. Network communications can be received and analyzed using such network components as a network switch. The received traffic can be parsed into sessions. Relay metadata can be extracted from the sessions and further be used to categorize the sessions into one or more types of relay metadata behaviors. Once a significant amount of sessions are detected an alarm may be triggered and/or alarm data may be generated for analysis by network security administrators.Type: ApplicationFiled: March 10, 2015Publication date: September 17, 2015Applicant: Vectra Networks, Inc.Inventors: Ryan James Prenger, Nicolas Beauchesne, Karl Matthew Lynn
-
Publication number: 20150264068Abstract: A bot detection engine to determine whether hosts in an organization's network are performing bot-related activities is disclosed. is A bot detection engine can receive network traffic between hosts in a network, and/or between hosts across several networks. The bot engine may parse the network traffic into session datasets and discard the session datasets that were not initiated by hosts in a given network. The session datasets may be analyzed and state data may be accumulated. The state data may correspond to actions performed by the hosts, such as requesting a website or clicking ads, or requesting content within the website (e.g. clicking on a image which forms a HTTP request/response transaction for the image file).Type: ApplicationFiled: March 10, 2015Publication date: September 17, 2015Applicant: VECTRA NETWORKS, INC.Inventor: Nicolas Beauchesne
-
Patent number: 8429403Abstract: A method performed by a network device may include generating and storing a first public key and a first private key in a first device, transmitting a serial number and the first public key from the first device to a second device, generating, by the second device, a second public key and a second private key, transmitting the second public key from the second device to the first device and transmitting the serial number, the first public key, the second public key and the second private key to a third device, establishing and authenticating a connection between the first device and the third device using the first public key and the second public key and transmitting encrypted configuration information with the two key pairs from the third device to the first device.Type: GrantFiled: August 12, 2008Date of Patent: April 23, 2013Assignee: Juniper Networks, Inc.Inventors: Eric Moret, Robert Hubbard, Kent A. Watsen, Muku Murthy, Nicolas Beauchesne
-
Publication number: 20100042834Abstract: A method performed by a network device may include generating and storing a first public key and a first private key in a first device, transmitting a serial number and the first public key from the first device to a second device, generating, by the second device, a second public key and a second private key, transmitting the second public key from the second device to the first device and transmitting the serial number, the first public key, the second public key and the second private key to a third device, establishing and authenticating a connection between the first device and the third device using the first public key and the second public key and transmitting encrypted configuration information with the two key pairs from the third device to the first device.Type: ApplicationFiled: August 12, 2008Publication date: February 18, 2010Applicant: JUNIPER NETWORKS INC.Inventors: Eric MORET, Robert HUBBARD, Kent A. WATSEN, Muku MURTHY, Nicolas BEAUCHESNE