Patents by Inventor Oleksii MANDRYCHENKO
Oleksii MANDRYCHENKO has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11856020Abstract: Systems and methods are described for scanning or monitoring of Domain Name System (DNS) records of an entity for identifying anomalous changes to the DNS records that may be indicative of possible DNS hijacking. According to one embodiment, DNS monitoring engine running on a network security appliance protecting a private network, or implemented as a cloud-based service can be used for monitoring DNS records of the entity. Any modification in the monitored DNS record(s) can be detected within a pre-defined or configurable time-frame. The detected modification can be determined to be anomalous or not, by assigning a criticality value based on current value and previous value of one or more fields of the DNS record, one or more attributes of the DNS record and one or more derived attributes based on the DNS record.Type: GrantFiled: April 21, 2022Date of Patent: December 26, 2023Assignee: Fortinet, Inc.Inventor: Oleksii Mandrychenko
-
Publication number: 20220247781Abstract: Systems and methods are described for scanning or monitoring of Domain Name System (DNS) records of an entity for identifying anomalous changes to the DNS records that may be indicative of possible DNS hijacking. According to one embodiment, DNS monitoring engine running on a network security appliance protecting a private network, or implemented as a cloud-based service can be used for monitoring DNS records of the entity. Any modification in the monitored DNS record(s) can be detected within a pre-defined or configurable time-frame. The detected modification can be determined to be anomalous or not, by assigning a criticality value based on current value and previous value of one or more fields of the DNS record, one or more attributes of the DNS record and one or more derived attributes based on the DNS record.Type: ApplicationFiled: April 21, 2022Publication date: August 4, 2022Applicant: Fortinet, Inc.Inventor: Oleksii Mandrychenko
-
Patent number: 11343275Abstract: Systems and methods are described for scanning or monitoring of Domain Name System (DNS) records of an entity for identifying anomalous changes to the DNS records that may be indicative of possible DNS hijacking. According to one embodiment, DNS monitoring engine running on a network security appliance protecting a private network, or implemented as a cloud-based service can be used for monitoring DNS records of the entity. Any modification in the monitored DNS record(s) can be detected within a pre-defined or configurable time-frame. The detected modification can be determined to be anomalous or not, by assigning a criticality value based on current value and previous value of one or more fields of the DNS record, one or more attributes of the DNS record and one or more derived attributes based on the DNS record.Type: GrantFiled: September 17, 2019Date of Patent: May 24, 2022Assignee: Fortinet, Inc.Inventor: Oleksii Mandrychenko
-
Patent number: 11223639Abstract: Systems and methods for an agent-based approach that facilitates endpoint network traffic analysis are provided. According to an embodiment, an agent running on an endpoint device associated with an enterprise network collects network communication metadata from the endpoint device responsive to receiving callbacks from a kernel-level tracing facility implemented within an OS of the endpoint device and locally stores the collected network communication metadata. Further, the agent performs time-based aggregation of the collected metadata to reduce transmission bandwidth and local storage requirements. The aggregated metadata from the endpoint device is submitted to an anomaly detection service when the endpoint device is connected to the enterprise network. The anomaly detection service uses a machine-learning based approach for detection of anomalous behavior.Type: GrantFiled: March 7, 2019Date of Patent: January 11, 2022Assignee: Fortinet, Inc.Inventor: Oleksii Mandrychenko
-
Patent number: 11032301Abstract: A forensic analysis method performed in respect of an endpoint device connected to a computer network. The forensic analysis method comprises collecting file system call data from the endpoint device. The file system call data corresponds to a plurality of system calls relating to file system operations arising from activity performed on the endpoint device. The forensic analysis method also comprises collecting network communication metadata from the endpoint device. The network communication metadata is based on a plurality of system calls relating to communication operations over the computer network arising from activity performed on the endpoint device.Type: GrantFiled: May 25, 2018Date of Patent: June 8, 2021Assignee: Fortinet, Inc.Inventors: Oleksii Mandrychenko, Darren Hart, Jamie Robert Graves, Matthew John Little
-
Publication number: 20210084071Abstract: Systems and methods are described for scanning or monitoring of Domain Name System (DNS) records of an entity for identifying anomalous changes to the DNS records that may be indicative of possible DNS hijacking. According to one embodiment, DNS monitoring engine running on a network security appliance protecting a private network, or implemented as a cloud-based service can be used for monitoring DNS records of the entity. Any modification in the monitored DNS record(s) can be detected within a pre-defined or configurable time-frame. The detected modification can be determined to be anomalous or not, by assigning a criticality value based on current value and previous value of one or more fields of the DNS record, one or more attributes of the DNS record and one or more derived attributes based on the DNS record.Type: ApplicationFiled: September 17, 2019Publication date: March 18, 2021Applicant: Fortinet, Inc.Inventor: Oleksii Mandrychenko
-
Publication number: 20200287920Abstract: Systems and methods for an agent-based approach that facilitates endpoint network traffic analysis are provided. According to an embodiment, an agent running on an endpoint device associated with an enterprise network collects network communication metadata from the endpoint device responsive to receiving callbacks from a kernel-level tracing facility implemented within an OS of the endpoint device and locally stores the collected network communication metadata. Further, the agent performs time-based aggregation of the collected metadata to reduce transmission bandwidth and local storage requirements. The aggregated metadata from the endpoint device is submitted to an anomaly detection service when the endpoint device is connected to the enterprise network. The anomaly detection service uses a machine-learning based approach for detection of anomalous behavior.Type: ApplicationFiled: March 7, 2019Publication date: September 10, 2020Applicant: Fortinet, Inc.Inventor: Oleksii Mandrychenko
-
Patent number: 10652255Abstract: The present invention relates to a forensic analysis method performed on a Distributed Computing System (DCS) (10) comprising a server (18) and at least one client machine (14). The method comprises collecting data in a client machine (14) of the DCS (10) to form a first data set, the collected data being a function call to a resource comprised in the DCS. The method further comprises applying a data reduction model to the first data set to form a second data set and processing the second data set in the server (18) of the DCS (10) to provide for detection of suspect behaviour at the client machine (14). The data reduction model is configured to extract a subset of data from the first data set to form the second data set, the subset of data comprising: user account identifier; and process and object identifier.Type: GrantFiled: March 10, 2016Date of Patent: May 12, 2020Assignee: Fortinet, Inc.Inventors: Jamie Robert Graves, Matthew John Little, Oleksii Mandrychenko, Carson Leonard
-
Publication number: 20180351979Abstract: A forensic analysis method performed in respect of an endpoint device connected to a computer network. The forensic analysis method comprises collecting file system call data from the endpoint device. The file system call data corresponds to a plurality of system calls relating to file system operations arising from activity performed on the endpoint device. The forensic analysis method also comprises collecting network communication metadata from the endpoint device. The network communication metadata is based on a plurality of system calls relating to communication operations over the computer network arising from activity performed on the endpoint device.Type: ApplicationFiled: May 25, 2018Publication date: December 6, 2018Inventors: Oleksii MANDRYCHENKO, Darren HART, Jamie Robert GRAVES, Matthew John LITTLE
-
Publication number: 20180069881Abstract: The present invention relates to a forensic analysis method performed on a Distributed Computing System (DCS) (10) comprising a server (18) and at least one client machine (14). The method comprises collecting data in a client machine (14) of the DCS (10) to form a first data set, the collected data being a function call to a resource comprised in the DCS. The method further comprises applying a data reduction model to the first data set to form a second data set and processing the second data set in the server (18) of the DCS (10) to provide for detection of suspect behaviour at the client machine (14). The data reduction model is configured to extract a subset of data from the first data set to form the second data set, the subset of data comprising: user account identifier; and process and object identifier.Type: ApplicationFiled: March 10, 2016Publication date: March 8, 2018Inventors: Jamie Robert GRAVES, Matthew John LITTLE, Oleksii MANDRYCHENKO, Carson LEONARD