Intrusion Detection Patents (Class 726/23)
  • Patent number: 11457361
    Abstract: A method to prevent or reduce cyberattacks can include analyzing information of users of a 5G network. The information can include user profile data and social media data. The method can further include ranking the users according to a network security ranking based on a social media ranking, to identify target users as potential hotspots for cyberattacks. The 5G network dynamically assigns computing resources based on the network security ranking to monitor computing device(s) associated with the target users and receives an indication of a malicious software of the computing device(s) as detected by the computing resources.
    Type: Grant
    Filed: August 31, 2020
    Date of Patent: September 27, 2022
    Assignee: T-Mobile USA, Inc.
    Inventor: Venson Shaw
  • Patent number: 11457012
    Abstract: An authentication system determines a risk level for a client device impersonating a client device enrolled in authentication services by comparing device metadata for the impersonating client device to device metadata for the enrolled client device. As part of enrolling the enrolled client device, the authentication system associates one or more authentication credentials with the enrolled client device. In order to authenticate access requests associated with a client device identified as the enrolled client device, the authentication system obtains an authentication token from the client device generated using the authentication credentials and also obtains device metadata corresponding to the client device. Based on the device metadata comparison during authentication, the authentication system detects device metadata anomalies and uses detected device metadata anomalies to determine a risk level for the client device.
    Type: Grant
    Filed: November 3, 2020
    Date of Patent: September 27, 2022
    Assignee: Okta, Inc.
    Inventor: Stephen Woodward Lind
  • Patent number: 11455551
    Abstract: An identification of an item that was misclassified by a classification model constructed in accordance with a machine learning technique is received. One example of such a machine learning technique is a random forest. A subset of training data, previously used to construct the model, and that is associated with the misclassified item is identified. At least a portion of the identified subset is provided as output.
    Type: Grant
    Filed: March 18, 2019
    Date of Patent: September 27, 2022
    Assignee: Palo Alto Networks, Inc.
    Inventors: William Redington Hewlett, II, Seokkyung Chung, Lin Xu
  • Patent number: 11457026
    Abstract: Network-based, unsupervised classifiers are provided. The classifiers identify both known and unknown attacks aimed at industrial networks without the need to have a priori knowledge of known malicious attack patterns.
    Type: Grant
    Filed: September 23, 2019
    Date of Patent: September 27, 2022
    Inventors: Randeep Bhatia, Bhawna Gupta, Steven Benno, Jairo Esteban, T. V. Lakshman
  • Patent number: 11451585
    Abstract: A network device may receive, from a first network, one or more fragments of a first network packet of a first network packet type, where the first network packet encapsulates a second network packet of a second network packet type. The network device may buffer the one or more fragments in. The network device may, upon receiving a fragment of the first network packet that includes an indication of a source network address and a source port for the second network packet, perform an anti-spoof check of the fragment flow without assembling the first network packet. The network device may, based on the fragment flow passing the anti-spoof check, in response to receiving all fragments of the first network packet: assemble the first network packet, decapsulate the second network packet from the assembled first network packet, and forward, to a second network, the second network packet.
    Type: Grant
    Filed: November 13, 2019
    Date of Patent: September 20, 2022
    Assignee: Juniper Networks, Inc.
    Inventors: Ashish Suresh Ghule, Jagadish Narasimha Grandhi
  • Patent number: 11449604
    Abstract: A method of computer security for a host computer system in communication with remote computer systems, including generating an attack map as a directed graph data structure modelling individual events leading to an exploitation of the host computer system and collecting a log of each of a plurality of attack events occurring at the host including network packets involved in each attack event, the attack map being generated in a training phase of the host computer system in which the host is subjected to attacks by one or more attacking remote computer systems, using stacked autoencoders to extract features from the log event in each attack; generating a directed graph representation based on each of the extracted features, using the attack map to identify a sequence of events indicative of an attack, and responsive to the identification, deploying one or more security facilities to mitigate the attack.
    Type: Grant
    Filed: March 18, 2020
    Date of Patent: September 20, 2022
    Assignee: BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY
    Inventors: Ian Herwono, Fadi El-Moussa
  • Patent number: 11449618
    Abstract: A method is provided, comprising actively testing the access control policy of a software target using a probing logic. The method further comprises determining whether an intrusion in the software target has occurred based on monitored side effects. According to the method, the probing logic is to execute at least one operation that is forbidden by the access control policy. The probing logic is further to create at least one predetermined observable side effect based on the successful execution of the operation.
    Type: Grant
    Filed: August 6, 2019
    Date of Patent: September 20, 2022
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: David Plaquin, Christopher Ian Dalton, Ronny Chevalier
  • Patent number: 11451568
    Abstract: In an embodiment, a process for automatic model monitoring for data streams includes receiving an input dataset, using a machine learning model to determine a model score for each data record of at least a portion of the input dataset, and determining monitoring values. Each monitoring value is associated with a measure of similarity between model scores for those data records of the input dataset within a corresponding moving reference window and model scores for those data records of the input dataset within a corresponding moving target window. The process includes outputting the determined monitoring values.
    Type: Grant
    Filed: October 29, 2019
    Date of Patent: September 20, 2022
    Inventors: Marco Oliveira Pena Sampaio, Fábio Hernâni dos Santos Costa Pinto, Pedro Gustavo Santos Rodrigues Bizarro, Pedro Cardoso Lessa e Silva, Ana Margarida Caetano Ruela, Miguel Ramos de Araújo, Nuno Miguel Lourenço Diegues
  • Patent number: 11449635
    Abstract: A rule-based attribution mechanism analyzes documents having different types of data in different formats through the application of script-based rules that apply a tag to the document identifying the type of sensitive data that is contained in the document. Documents having similar tags are aggregated so that the sensitive data is scrubbed from the document leaving the telemetric data available for downstream processing. The scrubbing entails different actions, such as, eliminating the sensitive data, obfuscating the sensitive data, and converting the sensitive data into a non-sensitive value.
    Type: Grant
    Filed: May 9, 2019
    Date of Patent: September 20, 2022
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC.
    Inventors: Brian Boon, Dinesh Chandnani, Zhu Chen, Ram Kumar Donthula, Matthew Sloan Theodore Evans, Andrew Neil, Vijaya Upadya, Geoffrey Staneff, Shibani Basava, Evgenia Steshenko, Carl Brochu, Shaun Miller, Xin Shi
  • Patent number: 11451574
    Abstract: Methods, apparatus, and processor-readable storage media for detecting security threats in storage systems using AI techniques are provided herein. An example computer-implemented method includes obtaining historical performance data and historical capacity data pertaining to one or more storage objects within a storage system; determining supervised datasets pertaining to security threat-related data and non-security threat-related data by processing at least a portion of the obtained data using a first set of AI techniques; configuring a second set of AI techniques based at least in part on the determined supervised datasets; detecting one or more security threats in connection with at least one storage object within the storage system by processing input data from the at least one storage object using the second set of AI techniques; and performing at least one automated action based at least in part on the one or more detected security threats.
    Type: Grant
    Filed: June 29, 2020
    Date of Patent: September 20, 2022
    Assignee: EMC IP Holding Company LLC
    Inventors: Deepak Gowda, Bina K. Thakkar, Wenjin Liu
  • Patent number: 11444878
    Abstract: The disclosed embodiments are directed toward monitoring and classifying encrypted network traffic. In one embodiment, a method is disclosed comprising intercepting an encrypted network request, the network request transmitted by a client device to a network endpoint; identifying a network service associated with the network endpoint based on unencrypted properties of the encrypted network request; identifying, based on the encrypted network request and a series of subsequent network requests issued by the client device, an action taken by the client device, the action comprising an activity performed during a session established with the network service; and updating a catalog of network interactions using the network service and the action.
    Type: Grant
    Filed: September 4, 2019
    Date of Patent: September 13, 2022
    Assignee: YAHOO AD TECH LLC
    Inventors: Atte Lahtiranta, Matti Oikarinen
  • Patent number: 11444962
    Abstract: Detecting and defending against password spraying attacks is provided. Information is received regarding failed attempts to login to user accounts located on a target system of a network. Each password used to attempt a failed login to any of the user accounts located on the target system is recorded. It is determined whether a common password is used in a failed login attempt to a number of different user accounts located on the target system greater than or equal to a predetermined threshold. In response to determining that the common password was used in the failed login attempt to the number of different user accounts on the target system greater than or equal to the predetermined threshold, an alert is sent regarding a password spraying attack corresponding to the common password that resulted in the failed login attempt to the number of different user accounts located on the target system.
    Type: Grant
    Filed: February 5, 2020
    Date of Patent: September 13, 2022
    Assignee: International Business Machines Corporation
    Inventor: Jeffery Lake Crume
  • Patent number: 11444974
    Abstract: Systems, methods, and products comprise an analytic server, which improves security of a unified system of distributed network infrastructure comprising a plurality of cyber-physical systems. The analytic server may instantiate a sub attack tree for each cyber-physical system within the unified system. The analytic server may determine how the interconnection of the plurality of cyber-physical systems may affect the unified system security. The analytic server may monitor systems and receive electronic notifications of alerts in real-time from devices in the plurality of cyber-physical systems. The analytic server may follow the logic of the attack tree model by traversing the attack tree from bottom up and determine how the alerts from the cyber-physical systems may affect the distributed network infrastructure as a whole. The analytic server may generate reports comprising a list of the prioritized attacks and recommendation actions to mitigate the attacks.
    Type: Grant
    Filed: October 23, 2019
    Date of Patent: September 13, 2022
    Assignee: ARCHITECTURE TECHNOLOGY CORPORATION
    Inventors: Martiros Shakhzadyan, Judson Powers, Matthew A. Stillerman
  • Patent number: 11444977
    Abstract: Web sites are crawled using multiple browser profiles to avoid malicious cloaking. Based on web page content returned from HTTP requests using the multiple browser profiles, web sites returning substantively different content to HTTP requests for different browser profiles are identified. Web sites are further filtered by common cloaking behavior, and redirect scripts are extracted from web page content that performed cloaking. Signatures comprising tokenized versions of the redirect scripts are generated and compared to a database of known cloaking signatures. URLs corresponding to signatures having approximate matches with signatures in the database are flagged for recrawling. Recrawled URLs are verified for malicious cloaking again using HTTP requests from multiple browser profiles.
    Type: Grant
    Filed: October 22, 2019
    Date of Patent: September 13, 2022
    Assignee: Palo Alto Networks, Inc.
    Inventors: Oleksii Starov, Zhanhao Chen, Yuchen Zhou, Fang Liu
  • Patent number: 11438166
    Abstract: In accordance with an embodiment, described herein are systems and methods for use of a suffix tree to control blocking of blacklisted encrypted domains. A suffix tree includes encrypted hash keys corresponding to a plurality of domain nodes. A domain-related request packet is received, and a target domain name extracted from the packet. A pair of hash keys are generated for the request packet and target domain; and a hash table is searched with the generated hash key pair. If a corresponding entry is found in the hash table, then a corresponding hash suffix pointer is determined for the packet, and the suffix tree examined to determine whether the node identified by the query is part of a blacklisted node. If the suffix tree indicates the node to be part of a blacklisted node, then the system can perform a specified action associated with that node.
    Type: Grant
    Filed: March 19, 2020
    Date of Patent: September 6, 2022
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventor: Rishi Mutnuru
  • Patent number: 11435998
    Abstract: A computer-implemented system and method of providing utility service network information for a utility service disturbance monitoring equipment management network and system. The system includes six components: an operating system with mirrors/feedback point, a local provider/USI DME application repositories, working snapshots, published snapshots, a quality control test system; and a dedicated provider/USI portion of the Cloud.
    Type: Grant
    Filed: August 27, 2017
    Date of Patent: September 6, 2022
    Inventor: Todd Sampson
  • Patent number: 11438360
    Abstract: Provided is a process that includes: obtaining, with one or more processors, a query identifying a user identification; retrieving, with one or more processors, via an application programming interface, from a database, one or more passwords associated with one or more user identification entries in the database that matches the user identification in response to the obtained query; determining, with one or more processors, whether the one or more passwords matches a password associated with the user identification; blocking, with one or more processors, access to a user account associated with the user identification and the password when the one or more passwords matches the password associated with the user identification; and notifying, with one or more processors, a user associated with the user account to reset the password when the one or more passwords matches the password associated with the user identification.
    Type: Grant
    Filed: October 29, 2019
    Date of Patent: September 6, 2022
    Assignee: SpyCloud, Inc.
    Inventors: David Endler, Alen Puzic, Edward Ross
  • Patent number: 11436512
    Abstract: A method, system and computer-usable medium for performing a feature generation operation. The performing a feature generation operation including: receiving a stream of events, the stream of events comprising a plurality of events; applying labels to applicable events from the plurality of events, the applying labels providing a labeled event; and, processing the labeled event to extract a feature from the labeled event, the processing providing a feature associated with an event.
    Type: Grant
    Filed: July 12, 2018
    Date of Patent: September 6, 2022
    Assignee: Forcepoint, LLC
    Inventors: Christopher Poirel, William Renner, Eduardo Luiggi, Phillip Bracikowski
  • Patent number: 11431741
    Abstract: The present disclosure describes a system, method, and computer program for detecting unmanaged and unauthorized assets on an IT network by identifying anomalously-named assets. A recurrent neural network (RNN) is trained to identify patterns in asset names in a network. The RNN learns the character distribution patterns of the names of all observed assets in the training data, effectively capturing the hidden naming structures followed by a majority of assets on the network. The RNN is then used to identify assets with names that deviate from the hidden naming structures. Specifically, the RNN is used to measure the reconstruction errors of input asset name strings. Asset names with high reconstruction errors are anomalous since they cannot be explained by learned naming structures. After filtering for attributes or circumstances that mitigate risk, such assets are associated with a higher cybersecurity risk.
    Type: Grant
    Filed: May 13, 2019
    Date of Patent: August 30, 2022
    Assignee: Exabeam, Inc.
    Inventors: Derek Lin, Domingo Mihovilovic, Sylvain Gil, Barry Steiman
  • Patent number: 11431734
    Abstract: A computer-implemented method for dynamically identifying security threats comprising a cyber-attack chain composed of a sequence of partial cyber-attacks represented by attack patterns may be provided. The method comprises receiving a sequence of security events, determining, a first cyber-attack pattern by applying a set of predefined rules for detecting an indicator of compromise of a first partial cyber-attack of the cyber-attack chain—thereby, identifying a specific cyber-attack chain—and determining a type and an attribute in the pattern of the first partial cyber-attack. The method comprises further configuring at least one rule for a downstream partial cyber-attack in the specific cyber-attack chain based on the type and the attribute in the attack pattern of the first partial cyber-attack, and adding the at least one configured rule to the set of predefined rules to be used by the correlation engine for dynamically identifying security threats to information technology systems.
    Type: Grant
    Filed: April 18, 2019
    Date of Patent: August 30, 2022
    Assignee: KYNDRYL, INC.
    Inventors: Matthias Seul, Arjun Udupi Raghavendra, Tim Uwe Scheideler, Tiziano Airoldi
  • Patent number: 11431681
    Abstract: Described are platforms, systems, and methods for actuating transmission control protocol/Internet protocol (TCP/IP) through a method comprises: identifying a computer workload during a handshake process for establishing a network connection with a remote host; configuring, based on the computer workload, one or more TCP/IP parameters of the network connection; and completing the handshake process to establish the network connection with the remote host.
    Type: Grant
    Filed: April 7, 2020
    Date of Patent: August 30, 2022
    Assignee: PENSANDO SYSTEMS INC.
    Inventors: Sameer Kittur, Raghava Kodigenahalli Sivaramu, Alok Rathore, Vijay Sampath, Vipin Jain
  • Patent number: 11431744
    Abstract: Embodiments are directed to monitoring network traffic over a network using one or more network monitoring computers. A monitoring engine may be instantiated to perform actions, including: monitoring network traffic to identify client requests provided by clients and server responses provided by servers in response to the client requests; determining request metrics associated with the client requests; and determining response metrics associated with the server responses. An analysis engine may be instantiated that performs actions, including: comparing the request metrics with the response metrics; determining atypical behavior associated with the clients based on the comparison such that the atypical behavior includes an absence of adaption by the clients to changes in the server responses; and providing alerts that may identify the clients be associated with the atypical behavior.
    Type: Grant
    Filed: March 9, 2020
    Date of Patent: August 30, 2022
    Assignee: ExtraHop Networks, Inc.
    Inventors: Arindum Mukerji, Khurram Waheed
  • Patent number: 11422854
    Abstract: In an example embodiment, a new solution is provided for an in-memory database provided in a cloud as a service that enables “job cross running” instead of “parallel job running.” Specifically, job scripts are clustered based on a shared service. A primary job script in the cluster is compiled and executed, but secondary job scripts in the cluster are not compiled until after the execution of the primary job script has begun. A mock library is inserted into each of the secondary job scripts to cause service calls for the shared service in the secondary job scripts to be replaced with mock service calls. The secondary job scripts are then scheduled and executed, and upon completion the primary job script is permitted to delete the shared service.
    Type: Grant
    Filed: February 26, 2020
    Date of Patent: August 23, 2022
    Assignee: SAP SE
    Inventors: Long Du, Le Zhang, Yu Wang
  • Patent number: 11422864
    Abstract: A link binding chain is disclosed that enables multiple hops of link bindings to be cascaded to form a chain of link bindings. The binding chain can be leveraged when a one-hop link binding is infeasible or fails to be established. Dynamic binding method switching is disclosed for updating the binding method after a link binding has been established such that the link binding may be selected for a more proper or efficient link binding method to adapt to the changing environment. Methods for broker assisted link binding are disclosed to facilitate link binding functionalities between a source resource and a destination resource that are connected through a binding broker.
    Type: Grant
    Filed: September 10, 2019
    Date of Patent: August 23, 2022
    Assignee: Convida Wireless, LLC
    Inventors: Lu Liu, Chonggang Wang, Quang Ly, Xu Li, Zhuo Chen, Michael F. Starsinic
  • Patent number: 11423311
    Abstract: Tuning a neural network may include selecting a portion of a first neural network for modification to increase computational efficiency and generating, using a processor, a second neural network based upon the first neural network by modifying the selected portion of the first neural network while offline.
    Type: Grant
    Filed: May 13, 2016
    Date of Patent: August 23, 2022
    Inventors: John W. Brothers, Joohoon Lee
  • Patent number: 11425151
    Abstract: Client-side attack detection via simulation for detecting and mitigating cross-site script code client-side attacks is disclosed. A system can receive, through a network interface from a web server, a first response having a first payload that includes an action based on a request to the web server and a second response having a corresponding payload that is received concurrently with the first response on a signal path from the web server that is different from that of the first response. The system can invoke the action from the first payload and detect malicious activity in the invoked action. The system can verify the detecting of the malicious activity and issue a message indicating a security incident relating to the malicious activity. The system can either allow or restrict passage of the second response to a network based on a mode of the system when the malicious activity is verified.
    Type: Grant
    Filed: August 5, 2020
    Date of Patent: August 23, 2022
    Assignee: PayPal, Inc.
    Inventor: George Chen Kaidi
  • Patent number: 11423143
    Abstract: A cybersecurity system, method, and computer program is provided for detecting whether an entity's collection of processes during an interval is abnormal compared to the historical collection of processes observed for the entity during previous intervals of the same length. Logs from a training period are used to calculate global and local risk probabilities for each process based on the process's execution history during the training period. Risk probabilities may be computed using a Bayesian framework. For each entity in a network, an entity risk score is calculated by summing the applicable risk probabilities of the unique processes executed by the entity during an interval. An entity's historical risk scores form a score distribution. If an entity's current score is an outlier on the historical score distribution, an alert of potentially malicious behavior is generated with respect to the entity. Additional post-processing may be performed to reduce false positives.
    Type: Grant
    Filed: December 20, 2018
    Date of Patent: August 23, 2022
    Assignee: Exabeam, Inc.
    Inventors: Derek Lin, Barry Steiman, Domingo Mihovilovic, Sylvain Gil
  • Patent number: 11425162
    Abstract: Methods, apparatuses and computer program products implement embodiments of the present invention that include protecting a computing device by specifying one or more Internet sites that are accessible by one or more computing devices that communicate over a data network and identifying process binaries that executed on the computing devices accessed and retrieved data from any of the specified one more Internet sites. The identified process binaries are classified into a plurality of classes of matching process binaries, and for a given class, a count of the computing devices that that executed one of the process binaries of the given class is computed. When determining that the count of the computing devices is less than a predefined threshold, a preventive action is initiated to inhibit command and control (C2) channel transmissions from any of the computing devices that executed any of the process binaries of the given class.
    Type: Grant
    Filed: July 1, 2020
    Date of Patent: August 23, 2022
    Assignee: PALO ALTO NETWORKS (ISRAEL ANALYTICS) LTD.
    Inventors: Jonathan Allon, Aviad Meyer, Tomer Schwartz
  • Patent number: 11424993
    Abstract: At an artificial intelligence based service to detect violations of resource usage policies, an indication of a first data set comprising a plurality of network traffic flow records associated with at least a first device of a set of devices may be obtained. Using the first data set, a machine learning model may be trained to predict whether resource usage of a particular device of a particular network violates a first resource usage acceptability criterion. In response to determining, using a trained version of the model, that the probability that a second device has violated the acceptability criterion exceeds a threshold, one or more actions responsive to the violation may be initiated.
    Type: Grant
    Filed: May 30, 2017
    Date of Patent: August 23, 2022
    Assignee: Amazon Technologies, Inc.
    Inventors: Vineet Shashikant Chaoji, Pranav Garg
  • Patent number: 11416606
    Abstract: In one or more examples, there is disclosed a system and method of detecting agent presence for self-healing. An out-of-band monitoring process, such as Intel® AMT, or any process in firmware executing on a co-processor, may monitor one or more processes to determine if one goes down or otherwise meets a security criterion. Crashed processes may be reported to an enterprise security controller (ESC). The ESC may notice trends among affected machines and instruct the machines to take appropriate remedial action, such as booting from a remedial image.
    Type: Grant
    Filed: December 27, 2014
    Date of Patent: August 16, 2022
    Assignee: Musarubra US LLC
    Inventors: Shashin Thakur, Arvind K. Boggarapu, Harvir Singh
  • Patent number: 11418940
    Abstract: Systems and methods are provided for mitigating denial of service attacks in a communications network. Based on a determination that requests to access an E11 resource exceeds a threshold, it may be determined that a denial of service attack attempt is occurring. One or more mitigation protocols can be used to block, filter, or re-route attempts that are associated with the denial of service attack. Association with the denial of service attack can be identified based on a distance between the user devices associated with the requests and a time period for which the requests were originated.
    Type: Grant
    Filed: June 3, 2020
    Date of Patent: August 16, 2022
    Assignee: T-MOBILE INNOVATIONS LLC
    Inventors: Raymond Reeves, Mark Peden, Lena Webb, LaReash Bridges
  • Patent number: 11418316
    Abstract: The present invention relates to a receiver (2200) for recognizing blinding attacks in a quantum encrypted channel (1300) comprising an optical fiber, comprising a multipixel detector (2210) comprising a plurality of pixels, and configured to be illuminated by a light beam outputted by the optical fiber, and a processing unit (2220) connected to the multipixel detector (2210) and configured to determine the presence of a blinding attack if a predetermined number of pixels detects light within a predetermined interval. The invention further relates to the use of the receiver (2200) for recognizing blinding attacks in a quantum encrypted channel (1300) and to a method for recognizing blinding attacks in a quantum encrypted channel (1300).
    Type: Grant
    Filed: December 18, 2018
    Date of Patent: August 16, 2022
    Assignee: ID Quantique SA
    Inventors: Félix Bussières, Gaëtan Gras
  • Patent number: 11418543
    Abstract: Disclosed are various approaches for automating the detection and identification of security issues. A plurality of signals received from a plurality of security devices are analyzed to identify a predicted security incident, each of the plurality of signals indicating a potential security issue. A confidence score is then calculated for the predicted security incident. At least one compliance policy is then evaluated to determine whether to perform a remedial action specified in the compliance policy, wherein a determination to perform the remedial action is based at least in part on the confidence score. Finally, the remedial action is performed in response to an evaluation of the at least one compliance policy.
    Type: Grant
    Filed: June 5, 2019
    Date of Patent: August 16, 2022
    Assignee: VMWARE, INC.
    Inventor: Chaoting Xuan
  • Patent number: 11418486
    Abstract: A method and system for controlling internet browsing user security is provided. A control device (120) receives, via a first communication channel, a web page request from a control agent (102) implemented in a browser (101), the browser (101) being installed in a computer device operated by a user. Then, the control device (120) requests, to a control service (130), via a second communication channel, a security level of said requested web page including a status of the user and the presence of risks in the requested web page. The control service (130) executes a security check on said requested web page by checking whether the requested web page is included in a blacklist or a whitelist and also by checking certain risk control criteria of the requested web page. Finally, in response to receipt a result of said security check, the control device (120) allows or denies access to said web page.
    Type: Grant
    Filed: February 11, 2020
    Date of Patent: August 16, 2022
    Assignee: TELEFONICA CYBERSECURITY TECH S.L.
    Inventors: Victor Manuel Mundilla Garcia, Aruna Prem Bianzino, Jose Maria Alonso Cebrian, Sergio De Los Santos Vilchez
  • Patent number: 11418533
    Abstract: Methods, systems, and computer readable media for providing computer security analysis are described. In some implementations, a system providing computer security analysis comprises one or more processors coupled to a non-transitory computer readable storage having software instructions stored thereon configured to cause the one or more processors to: perform a Markov Decision Process (MDP) as part of a cyber-attack mechanism and a Discrete Time Markov Chain (DTMC) process as part of a cyber-defense mechanism, preferably, the cyber-attack and cyber-defense system is modeled as MDP whereas the security analyst SA is modeled as DTMC; synchronize the cyber-attack mechanism with the cyber-defense mechanism through an attack-defense synchronization action; and synchronize an update action, wherein the attack-defense synchronization action includes initiating the DTMC process, and wherein the synchronization of the update action results from one or more actions taken by the DTMC process.
    Type: Grant
    Filed: April 20, 2020
    Date of Patent: August 16, 2022
    Assignee: Prince Mohammad Bin Fahd University
    Inventors: Nazeeruddin Mohammad, Shahabuddin Muhammad
  • Patent number: 11418526
    Abstract: Disclosed are systems and methods for temporal link prediction based on (generalized) random dot product graphs (RDPGs), as well as applications of such temporal link prediction to network anomaly detection. In various embodiments, starting from a time series of adjacency matrices characterizing the evolution of the network, spectral embeddings and time-series models are used to predict estimated link probabilities for a future point in time, and the predicted link probabilities are compared against observed links to identify anomalous behavior. In some embodiments, element-wise independent models are used in the prediction to take network dynamics into account at the granularity of individual nodes or edges.
    Type: Grant
    Filed: May 31, 2020
    Date of Patent: August 16, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Anna Swanson Bertiger, Francesco Sanna Passino, Joshua Neil
  • Patent number: 11418536
    Abstract: A computer-implemented method, computer program product and computing system for importing threat data from a plurality of threat data sources, thus generating a plurality of raw threat data definitions. The plurality of raw threat data definitions are processed, thus generating a plurality of processed threat data definitions. The plurality of processed threat data definitions are processed to form a master threat data definition. The master threat data definition is provided to one or more client electronic devices.
    Type: Grant
    Filed: August 27, 2019
    Date of Patent: August 16, 2022
    Assignee: RELIAQUEST HOLDINGS, LLC
    Inventors: Brian P. Murphy, Joe Partlow
  • Patent number: 11409899
    Abstract: Change fingerprinting is applied to a text file, database table, or data feed to determine the timeframe in which an identified “wild file” was generated, even when its file creation meta-data is missing. Each row in the data contains information on a single object. At least one column in the data contains an age for each object at the time the file was created. The age data can be used to determine the date the file was created, such as by using recognition processing or by looking at data that has been added or dropped from the file based on age. By identifying the timeframe in which the wild file was created, the data owner may greatly reduce the computational burden needed to determine if the wild file contains stolen data because it greatly reduces the universe of files that must be compared to the wild file.
    Type: Grant
    Filed: February 8, 2017
    Date of Patent: August 9, 2022
    Assignee: LiveRamp, Inc.
    Inventors: Arthur Coleman, Martin Rose, Christina Tsz Ling Leung
  • Patent number: 11411987
    Abstract: A method and system for detection of security threats on network resources based on referrer indications are presented. A determination that a second request originated from a first network resource is performed based on second request information associated with a second request for a second network resource. In response to determining that the second request originated from the first network resource, a referrer indication that the first network resource is a referrer to the second network resource is logged. A third request for a third network resource is received. A determination that the third request is part of a cyber-attack on a second server is performed based at least in part on the referrer indication.
    Type: Grant
    Filed: March 24, 2020
    Date of Patent: August 9, 2022
    Assignee: CLOUDFLARE, INC.
    Inventors: Marek Przemyslaw Majkowski, Maciej Biłas, David Paul Wragg
  • Patent number: 11411968
    Abstract: The disclosed computer-implemented method for protecting a cloud computing device from malware may include (i) intercepting, at a computing device, a malicious attempt by the malware to (A) access sensitive information in an encrypted file stored on the computing device and (B) send the sensitive information to the cloud computing device and (ii) performing, responsive to the attempt to access the encrypted file, a security action. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: September 18, 2019
    Date of Patent: August 9, 2022
    Assignee: CA, INC.
    Inventors: Ashok Banerjee, Susan Hassall
  • Patent number: 11411966
    Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected or threat, and to take action promptly.
    Type: Grant
    Filed: July 19, 2019
    Date of Patent: August 9, 2022
    Assignee: SPLUNK INC.
    Inventors: Sudhakar Muddu, Christos Tryfonas
  • Patent number: 11405359
    Abstract: A network firewall detects and protects against persistent low volume attacks based on a sequence of network data having a pattern that matches by some threshold or percentage a sequence of network data from an earlier iteration of the same persistent low volume attack. The attack patterns are derived from tokenizing one or more elements from a captured sequence of network data that is representative of an attack iteration. Counts for different resulting tokens may be stored in a feature vector that represents the attack pattern. If subsequent sequences of network data have a sufficient number of similar token, a pattern match can be identified and the firewall can take protective action including blacklisting the sending clients, blocking the traffic, redirecting the traffic, sending a problem to verify the sender is an actual user, or other actions.
    Type: Grant
    Filed: December 21, 2020
    Date of Patent: August 2, 2022
    Assignee: Edgecast Inc.
    Inventors: Paul Rigor, Harkeerat Singh Bedi
  • Patent number: 11405417
    Abstract: A defense platform for protecting a cloud-hosted application against distributed denial-of-services (DDoS) attacks, wherein the defense platform is deployed out-of-path of incoming traffic of the cloud-hosted application hosted in a plurality of cloud computing platforms, comprising: a detector; a mitigator; and a controller communicatively connected to the detector and the mitigator; wherein the detector is configured to: receive telemetries related to behavior of the cloud-hosted application from sources deployed in the plurality of cloud computing platforms; and detect, based on the telemetries, a potential DDoS attack; wherein, the controller, upon detection of a potential DDoS attack, is configured to: divert traffic directed to the cloud-hosted application to the mitigator; cause the mitigator to perform at least one mitigation action to remove malicious traffic from the diverted traffic; and cause injection of clean traffic to at least one of the plurality of cloud computing platforms hosting the cloud
    Type: Grant
    Filed: February 28, 2018
    Date of Patent: August 2, 2022
    Assignee: Radware, Ltd.
    Inventors: Ehud Doron, Nir Ilani, David Aviv, Yotam Ben Ezra, Amit Bismut
  • Patent number: 11399312
    Abstract: In an embodiment, a computer implemented method and architecture for managing data in mobile communication network which includes core and access components. This embodiment performs specialized data handling through processing nodes referred as Storage Retention and Intelligent Function (SRIF) nodes, an evaluation operation on control plane and user plane data received from the mobile communication network. This action determines whether any portion of the data needs intelligent processing and applies knowledge extraction algorithm for build-up retention or policy decision. As responsive to the evaluation operation, the SRIF nodes apply decisions on data or enable network nodes to apply data processing rules. The architecture of SRIF is hierarchical comprising end node as serving node, middle node as load balancing node providing flexibility, and central node as the brain.
    Type: Grant
    Filed: August 13, 2019
    Date of Patent: July 26, 2022
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Dharmendra Misra, Seetharaman Sankara Ramasubramanian, Abhinav Aggarwal
  • Patent number: 11392690
    Abstract: A security monitoring apparatus and method for a vehicle network are provided. The apparatus transmits an indicator and an encryption key to a plurality of electronic control units via the controller area network interface. The apparatus receives a response code from each electronic control unit via the controller area network interface, wherein each of the response codes is generated by a serial number of each electronic control unit and the encryption key via a hash algorithm. The apparatus compares the response code returned by each electronic control unit according to a list, the encryption key and the hash algorithm to determine whether each electronic control unit correctly returns the response code. The apparatus determines to generate an alert signal when one of the electronic control units does not correctly return the response code.
    Type: Grant
    Filed: November 25, 2019
    Date of Patent: July 19, 2022
    Assignee: INSTITUTE FOR INFORMATION INDUSTRY
    Inventors: I-Chou Hung, Chih-Min Shih, Hsing-Yu Chen, Wen-Kai Liu
  • Patent number: 11394732
    Abstract: The disclosed computer-implemented method for adaptively managing data drift in a classifier may include (i) receiving, at a computing device, an input sample of digital information having an unknown reputation and (ii) performing a security action that may include (A) identifying the input sample as benign or malicious based on a result obtained by classifying the input sample using a machine learning model trained using activity regularization, (B) calculating an internal activity of the machine learning model occurring during the classifying, (C) calculating an activation entropy of the machine learning model occurring during the classifying, (D) comparing a combination of the internal activity and the activation entropy to a threshold, and (E) when the combination of the internal activity and the activation entropy meets or exceeds the threshold, identifying the result as a low-confidence result. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: September 10, 2019
    Date of Patent: July 19, 2022
    Assignee: NortonLifeLock Inc.
    Inventors: Keith Kenemer, Javier Echauz, Sarfaraz Hussein
  • Patent number: 11392718
    Abstract: A computing system receives a data piece from an electronic device. The data piece includes one or more items of anonymous personal identification information. The computing system identifies an electronic address associated with the data piece. The computing system accesses the one or more servers to identify one or more client systems permitted to transmit data to the electronic device based on the electronic address. The computing system transmits the data piece to the one or more client systems permitted to transmit data to the electronic device.
    Type: Grant
    Filed: December 3, 2019
    Date of Patent: July 19, 2022
    Inventors: Andrew B. Westmoreland, Timothy Hanus
  • Patent number: 11394725
    Abstract: Described is a system for network threat detection. The system identifies a targeted sub-network representing a threat within a multi-layer network having members. The targeted sub-network is identified with differential privacy protection, such that privacy of individuals that are not in the targeted sub-network is protected. The system causes an action to be generated, the action being one of generating an alert of a threat, initiating monitoring of the non-benign persons, or disabling network access of the non-benign persons.
    Type: Grant
    Filed: March 16, 2018
    Date of Patent: July 19, 2022
    Assignee: HRL LABORATORIES, LLC
    Inventors: Chongwon Cho, Tsai-Ching Lu, Hyun (Tiffany) J. Kim
  • Patent number: 11388189
    Abstract: A network device obtains to-be-detected mirrored traffic between a client and a server, obtains a first session information sequence based on the to-be-detected mirrored traffic, where the first session information sequence includes a plurality of pieces of session information, the plurality of pieces of session information have a one-to-one correspondence with a plurality of login sessions, and an arrangement order of the plurality of pieces of session information in the first session information sequence is consistent with a chronological order of the plurality of login sessions, using the first session information sequence as a first Markov chain, and obtains a state chain probability value of the first Markov chain, and determines, based on the state chain probability value of the first Markov chain and a first benchmark probability value, whether the plurality of login sessions are a brute force attack.
    Type: Grant
    Filed: June 17, 2020
    Date of Patent: July 12, 2022
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventor: Duo Yang
  • Patent number: 11388182
    Abstract: Disclosed is a webshell detection method that detects a webshell by collecting process information about a process in execution on a server providing a web service and by determining whether the process is executed by a webshell based on the collected process information.
    Type: Grant
    Filed: November 25, 2020
    Date of Patent: July 12, 2022
    Assignee: NAVER CLOUD CORP.
    Inventors: June Ahn, BongGoo Kang