Patents by Inventor Yukiko Sawaya
Yukiko Sawaya has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9386030Abstract: An apparatus and method predict and detect network attacks by using a diverse set of indicators to measure aspects of the traffic and by encoding traffic characteristics using these indicators of potential attacks or anomalous behavior. The set of indicators is analyzed by supervised learning to automatically learn a decision rule which examines the temporal patterns in the coded values of the set of indicators to accurately detect and predict network attacks. The rules automatically evolve in response to new attacks as the system updates its rules periodically by analyzing new data and feedback signals about attacks associated with that data. To assist human operators, the system also provides human interpretable explanations of detection and prediction rules by pointing to indicators whose values contribute to a decision that there is an existing network attack or an imminent network attack. When such indictors are detected, an operator can take remediation actions.Type: GrantFiled: September 17, 2013Date of Patent: July 5, 2016Assignee: VENCORE LABS, INC.Inventors: Akshay Vashist, Ritu Chadha, Abhrajit Ghosh, Alexander Poylisher, Yukiko Sawaya, Akira Yamada, Ayumu Kubota
-
Patent number: 9130982Abstract: A system and a method for detecting anomalous attacks in Internet network flow operate by counting a number of Internet traffic messages that are detected as anomalous attacks to provide a count; computing a running average of the number of messages that are detected as anomalous attacks; and comparing the count to the running average to provide an anomalous attack alarm if the count is greater than a multiple of the running average. The attacks can include at least one of spoofing attacks or denial of service attacks. A computer readable storage medium stores instructions of a computer program, which when executed by a computer system, results in performance of steps of the method.Type: GrantFiled: June 13, 2013Date of Patent: September 8, 2015Assignee: Vencore Labs, Inc.Inventors: Yitzchak Gottlieb, Aditya Naidu, Abhrajit Ghosh, Akira Yamada, Yukiko Sawaya, Ayumu Kubota
-
Patent number: 8938804Abstract: An inventive system and method for creating source profiles to detect spoofed traffic comprises obtaining a routing path for data to traverse nodes using traffic profiles, each routing path comprising at least a target AS, initializing one or more AS sets with last hop ASes, enhancing the AS sets by connecting the AS sets to routers, for each enhanced AS set, filtering observed traffic flows, and using the filtered flows to associate enhanced AS sets with network monitoring points to create the source profiles. In one aspect, filtering flows comprise TCP session filtering and/or destination bogon filtering. In one aspect, the routers are border gateway protocol routers. In one aspect, the last hop ASes are one hop away from the target AS.Type: GrantFiled: July 12, 2012Date of Patent: January 20, 2015Assignees: Telcordia Technologies, Inc., KDDI CorporationInventors: Ravichander Vaidyanathan, Abhrajit Ghosh, Akira Yamada, Yukiko Sawaya, Ayumu Kubota
-
Patent number: 8925079Abstract: A method, an apparatus and a program for detecting spoofed Internet Protocol (IP) traffic directed to a network having a plurality of autonomous systems (AS) is provided. The method comprises receiving an incoming packet through an AS, the incoming packet containing a source IP address and a destination IP address, acquiring a corresponding source and destination IP address prefixes, converting the corresponding source and destination IP address prefixes into a source AS number and a destination AS number, determining if the incoming packet arrived from an unexpected source based upon the corresponding destination IP address prefix and the converted source and destination AS number using an unexpected pair tuple table generated from network routing information and generating an alert indicating that the incoming packet is not allowed to enter the network.Type: GrantFiled: November 14, 2011Date of Patent: December 30, 2014Assignees: Telcordia Technologies, Inc., KDDI CorporationInventors: Ravichander Vaidyanathan, Abhrajit Ghosh, Aditya Naidu, Akira Yamada, Ayumu Kubota, Yukiko Sawaya, Yutaka Miyake
-
Patent number: 8769677Abstract: A system and method for spammer host detection from network flow data profiles comprises constructing one or more cluster profiles and detecting spammer hosts. Construction cluster profiles comprises observing network flow data from one or more hosts; for each host, representing the network flow data associated with the host as a multidimensional vector; clustering the vectors of the hosts into the plurality of cluster profiles; annotating each cluster profile using at least one of black lists and white lists; and calculating a confidence in each cluster profile annotation. Detecting spammer hosts comprises observing the network flow data from a new host; representing the network flow data associated with the new host as a multidimensional vector, and placing the new multidimensional vector of the new host into one cluster profile of the one or more cluster profiles.Type: GrantFiled: July 12, 2012Date of Patent: July 1, 2014Assignees: Telcordia Technologies, Inc., KDDI CorporationInventors: Akshay Vashist, Yitzchak M. Gottlieb, Abhrajit Ghosh, Yukiko Sawaya, Ayumu Kubota
-
Publication number: 20140082730Abstract: An apparatus and method predict and detect network attacks by using a diverse set of indicators to measure aspects of the traffic and by encoding traffic characteristics using these indicators of potential attacks or anomalous behavior. The set of indicators is analyzed by supervised learning to automatically learn a decision rule which examines the temporal patterns in the coded values of the set of indicators to accurately detect and predict network attacks. The rules automatically evolve in response to new attacks as the system updates its rules periodically by analyzing new data and feedback signals about attacks associated with that data. To assist human operators, the system also provides human interpretable explanations of detection and prediction rules by pointing to indicators whose values contribute to a decision that there is an existing network attack or an imminent network attack. When such indictors are detected, an operator can take remediation actions.Type: ApplicationFiled: September 17, 2013Publication date: March 20, 2014Inventors: Akshay VASHIST, Ritu CHADHA, Abhrajit GHOSH, Alexander POYLISHER, Yukiko SAWAYA, Akira YAMADA, Ayumu KUBOTA
-
Publication number: 20140020066Abstract: A system and method for spammer host detection from network flow data profiles comprises constructing one or more cluster profiles and detecting spammer hosts. Construction cluster profiles comprises observing network flow data from one or more hosts; for each host, representing the network flow data associated with the host as a multidimensional vector; clustering the vectors of the hosts into the plurality of cluster profiles; annotating each cluster profile using at least one of black lists and white lists; and calculating a confidence in each cluster profile annotation. Detecting spammer hosts comprises observing the network flow data from a new host; representing the network flow data associated with the new host as a multidimensional vector, and placing the new multidimensional vector of the new host into one cluster profile of the one or more cluster profiles.Type: ApplicationFiled: July 12, 2012Publication date: January 16, 2014Applicants: KDDI Corporation, Telcordia Technologies, Inc.Inventors: Akshay Vashist, Yitzchak M. Gottlieb, Abhrajit Ghosh, Yukiko Sawaya, Ayumu Kubota
-
Publication number: 20140020099Abstract: An inventive system and method for creating source profiles to detect spoofed traffic comprises obtaining a routing path for data to traverse nodes using traffic profiles, each routing path comprising at least a target AS, initializing one or more AS sets with last hop ASes, enhancing the AS sets by connecting the AS sets to routers, for each enhanced AS set, filtering observed traffic flows, and using the filtered flows to associate enhanced AS sets with network monitoring points to create the source profiles. In one aspect, filtering flows comprise TCP session filtering and/or destination bogon filtering. In one aspect, the routers are border gateway protocol routers. In one aspect, the last hop ASes are one hop away from the target AS.Type: ApplicationFiled: July 12, 2012Publication date: January 16, 2014Applicants: KDDI Corporation, Telcordia Technologies, Inc.Inventors: Ravichander Vaidyanathan, Abhrajit Ghosh, Akira Yamada, Yukiko Sawaya, Ayumu Kubota
-
Publication number: 20130340079Abstract: A system and a method for detecting anomalous attacks in Internet network flow operate by counting a number of Internet traffic messages that are detected as anomalous attacks to provide a count; computing a running average of the number of messages that are detected as anomalous attacks; and comparing the count to the running average to provide an anomalous attack alarm if the count is greater than a multiple of the running average. The attacks can include at least one of spoofing attacks or denial of service attacks. A computer readable storage medium stores instructions of a computer program, which when executed by a computer system, results in performance of steps of the method.Type: ApplicationFiled: June 13, 2013Publication date: December 19, 2013Inventors: Yitzchak GOTTLIEB, Aditya NAIDU, Abhrajit GHOSH, Akira YAMADA, Yukiko SAWAYA, Ayumu KUBOTA
-
Publication number: 20130125235Abstract: A method, an apparatus and a program for detecting spoofed Internet Protocol (IP) traffic directed to a network having a plurality of autonomous systems (AS) is provided. The method comprises receiving an incoming packet through an AS, the incoming packet containing a source IP address and a destination IP address, acquiring a corresponding source and destination IP address prefixes, converting the corresponding source and destination IP address prefixes into a source AS number and a destination AS number, determining if the incoming packet arrived from an unexpected source based upon the corresponding destination IP address prefix and the converted source and destination AS number using an unexpected pair tuple table generated from network routing information and generating an alert indicating that the incoming packet is not allowed to enter the network.Type: ApplicationFiled: November 14, 2011Publication date: May 16, 2013Applicants: TELCORDIA TECHNOLOGIES, INC.Inventors: Ravichander Vaidyanathan, Abhrajit Ghosh, Aditya Naidu, Akira Yamada, Ayumu Kubota, Yukiko Sawaya, Yutaka Miyake