公开(公告)号：US20220237284A1

公开(公告)日：2022-07-28

申请号：US17578836

申请日：2022-01-19

Applicant: Nokia Solutions and Networks Oy

Inventor： Serge PAPILLON ,  Haithem EL ABED ,  Francois BOUTIGNY ,  Pernelle Cathel Sika MENSAH

IPC: G06F21/53 ,  G06F21/56

Abstract: According to an example aspect of the present invention, there is provided a method comprising compiling a behavioural baseline database comprising system call behaviours of a computer program, using a first testing process based at least partly on emulated nodes, running a second test of the computer program using live nodes and logging system call behaviour of the computer program during the second test, and determining whether the system call behaviour logged during the second test comprises behaviour deviates from the behavioural baseline database.

公开(公告)号：US20220229901A1

公开(公告)日：2022-07-21

申请号：US17576674

申请日：2022-01-14

Applicant: Nokia Solutions and Networks Oy

Inventor： Haithem EL ABED ,  Pernelle Cathel Sika MENSAH ,  Francois BOUTIGNY ,  Serge PAPILLON

IPC: G06F21/54 ,  G06F21/56 ,  G06F21/55

Abstract: According to an example aspect of the present invention, there is provided a method, comprising running a multi-thread computer program and recording system calls thereby made to produce a test set of threads with their associated system calls, retrieving a mapping from the threads of the test set to reference threads of a database of reference threads, attempting to map, using the mapping, the threads of the test set to the reference threads of the database, and responsive to a first thread from among the threads of the test set not mapping to the reference threads of the database, flagging the first thread for a security action.

公开(公告)号：US20230413056A1

公开(公告)日：2023-12-21

申请号：US18210725

申请日：2023-06-16

Applicant: Nokia Solutions and Networks Oy

Inventor： Taofik Saidi ,  Serge PAPILLON ,  Siwar KRIAA ,  Renaud SANTORO ,  Afef FEKI

IPC: H04W12/121 ,  H04W74/08 ,  H04W12/63

CPC classification number: H04W12/121 ,  H04W74/0833 ,  H04W12/63

Abstract: A method for a physical random access channel (PRACH) attack detection includes detecting by a base station a plurality of preambles sent by devices through a PRACH; launching by the base station a random access (RA) procedure for at least one device for which a preamble has been detected; decoding by the base station at least one radio resource control (RRC) connection request received in the context of a launched RA procedure; determining by the base station a first metric and a second metric, wherein the first metric is the number of RRC connection requests successfully decoded over time, wherein the second metric is the number of preambles detected over the same time and for which a RA procedure has been launched; determining whether there is a suspicion of storm attack over the PRACH based on a result of a comparison of the first and second metrics.