公开(公告)号：US20160044056A1

公开(公告)日：2016-02-11

申请号：US14922744

申请日：2015-10-26

Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.

Inventor： Nathaniel Boggs ,  Wei Wang ,  Baris Coskun ,  Suhas Mathur

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L41/14 ,  H04L63/1416 ,  H04W12/12

Abstract: Anomalies are detected in a network by detecting communication between a plurality of entities and a set of users in the network, determining an overlap between subsets of the set of users that the entities comprising the plurality of entities communicated with, respectively, and determining whether the communication between the plurality of entities and the set of users is anomalous based on the overlap.

Abstract translation: 通过检测多个实体和网络中的一组用户之间的通信来检测网络中的异常，确定包括与所通信的多个实体的实体分别相关联的用户集合的子集之间的重叠， 基于重叠，多个实体和用户组之间的通信是异常的。

公开(公告)号：US20150312269A1

公开(公告)日：2015-10-29

申请号：US14792938

申请日：2015-07-07

Applicant: AT&T Intellectual Property I., L.P.

Inventor： Baris Coskun ,  Suhrid Balakrishnan ,  Suhas Mathur

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L63/14 ,  H04L63/1408 ,  H04L63/1425 ,  H04L2463/146

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to identify candidate boundaries of Internet protocol addresses associated with a malicious Internet protocol address. An example method includes collecting, with a processor, netflow data associated with the Internet protocol addresses within a netblock having a lower boundary Internet protocol address and an upper boundary Internet protocol address, generating, with the processor, a first window of Internet protocol addresses numerically lower than the malicious Internet protocol address, generating, with the processor, a second window of Internet protocol addresses numerically higher than the malicious Internet protocol address, for respective Internet protocol addresses in the first and second windows, calculating, with the processor, occurrence counts associated with behavior features, and identifying candidate boundaries within the netblock based on divergence values caused by the behavior features.

Abstract translation: 公开了方法，装置，系统和制品，以识别与恶意因特网协议地址相关联的因特网协议地址的候选边界。 一个示例性方法包括与处理器一起收集与具有较低边界因特网协议地址和上限网络协议地址的网络块内的因特网协议地址相关联的网络流数据，其中处理器以数字方式生成互联网协议地址的第一窗口 低于恶意互联网协议地址，利用处理器，为第一和第二窗口中的各个互联网协议地址生成数字上高于恶意互联网协议地址的互联网协议地址的第二窗口，与处理器一起计算发生次数 与行为特征相关联，并且基于由行为特征引起的发散值来识别网络块内的候选边界。

公开(公告)号：US20190281000A1

公开(公告)日：2019-09-12

申请号：US16414840

申请日：2019-05-17

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Paul Giura ,  Baris Coskun

IPC: H04L12/58

Abstract: A method of generating a signature for a group of electronic messages that each include a plurality of characters comprises extracting a plurality of blocks of characters from each of the electronic messages, mathematically processing each of the blocks of characters from each electronic message, and generating a signature for the group of electronic messages based at least in part on the mathematically processed blocks of characters. In some embodiments a counting Bloom filter may be used to generate the signature. The signatures generated by these methods may be used to identify spam.

公开(公告)号：US10193900B2

公开(公告)日：2019-01-29

申请号：US14792938

申请日：2015-07-07

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Baris Coskun ,  Suhrid Balakrishnan ,  Suhas Mathur

IPC: H04L29/06 ,  G06F12/14

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to identify candidate boundaries of Internet protocol addresses associated with a malicious Internet protocol address. An example method includes collecting, with a processor, netflow data associated with the Internet protocol addresses within a netblock having a lower boundary Internet protocol address and an upper boundary Internet protocol address, generating, with the processor, a first window of Internet protocol addresses numerically lower than the malicious Internet protocol address, generating, with the processor, a second window of Internet protocol addresses numerically higher than the malicious Internet protocol address, for respective Internet protocol addresses in the first and second windows, calculating, with the processor, occurrence counts associated with behavior features, and identifying candidate boundaries within the netblock based on divergence values caused by the behavior features.

公开(公告)号：US20160065596A1

公开(公告)日：2016-03-03

申请号：US14939593

申请日：2015-11-12

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Arati Baliga ,  Baris Coskun

IPC: H04L29/06 ,  H04W12/06 ,  G06F21/56

CPC classification number: H04L63/145 ,  G06F21/566 ,  H04L63/126 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1441 ,  H04L63/164 ,  H04L2463/144 ,  H04W12/06 ,  H04W12/12

Abstract: Mitigation of bot networks in wireless networks and/or on mobile devices is provided. A botnet detection component is provided that inspects data traffic and data flows on the wireless network to identify mobile devices that are suspected of behaving as bots. A traffic profile of the suspected bot behavior can be generated and forwarded to the mobile devices that are suspected of behaving as bots. The mobile device can correlate data traffic on the device to the traffic profile in order to identify applications responsible for the suspected bot behavior, and remove the identified applications.

Abstract translation: 提供了无线网络和/或移动设备上的机器人网络的减轻。 提供了一种僵尸网络检测组件，其检查无线网络上的数据流量和数据流，以识别被怀疑为机器人的移动设备。 可以生成可疑机器人行为的流量配置文件，并将其转发到被怀疑为机器人的移动设备。 移动设备可以将设备上的数据流量与流量简档相关联，以便识别负责可疑机器人行为的应用，并移除所识别的应用。

公开(公告)号：US09203856B2

公开(公告)日：2015-12-01

申请号：US13784410

申请日：2013-03-04

Applicant: AT&T Intellectual Property, I, L.P.

Inventor： Nathaniel Boggs ,  Wei Wang ,  Baris Coskun ,  Suhas Mathur

IPC: G06F15/173 ,  H04L29/06 ,  H04L12/24 ,  H04W12/12

CPC classification number: H04L63/1425 ,  H04L41/14 ,  H04L63/1416 ,  H04W12/12

Abstract: Anomalies are detected in a network by detecting communication between a plurality of entities and a set of users in the network, determining an overlap between subsets of the set of users that the entities comprising the plurality of entities communicated with, respectively, and determining whether the communication between the plurality of entities and the set of users is anomalous based on the overlap.

Abstract translation: 通过检测多个实体和网络中的一组用户之间的通信来检测网络中的异常，确定包括与所通信的多个实体的实体分别相关联的用户组的子集之间的重叠， 基于重叠，多个实体和用户组之间的通信是异常的。

公开(公告)号：US20140250221A1

公开(公告)日：2014-09-04

申请号：US13784410

申请日：2013-03-04

Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.

Inventor： Nathaniel Boggs ,  Wei Wang ,  Baris Coskun ,  Suhas Mathur

IPC: H04L12/26

CPC classification number: H04L63/1425 ,  H04L41/14 ,  H04L63/1416 ,  H04W12/12

Abstract: Anomalies are detected in a network by detecting communication between a plurality of entities and a set of users in the network, determining an overlap between subsets of the set of users that the entities comprising the plurality of entities communicated with, respectively, and determining whether the communication between the plurality of entities and the set of users is anomalous based on the overlap.

Abstract translation: 通过检测多个实体和网络中的一组用户之间的通信来检测网络中的异常，确定组合用户组的子集与包含多个实体的实体分别进行交换，并确定是否 基于重叠，多个实体和用户组之间的通信是异常的。

公开(公告)号：US11095586B2

公开(公告)日：2021-08-17

申请号：US16414840

申请日：2019-05-17

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Paul Giura ,  Baris Coskun

IPC: G06F15/16 ,  H04L12/58

Abstract: A method of generating a signature for a group of electronic messages that each include a plurality of characters comprises extracting a plurality of blocks of characters from each of the electronic messages, mathematically processing each of the blocks of characters from each electronic message, and generating a signature for the group of electronic messages based at least in part on the mathematically processed blocks of characters. In some embodiments a counting Bloom filter may be used to generate the signature. The signatures generated by these methods may be used to identify spam.

公开(公告)号：US10659492B2

公开(公告)日：2020-05-19

申请号：US14939593

申请日：2015-11-12

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Arati Baliga ,  Baris Coskun

IPC: H04L29/06 ,  H04W12/06 ,  H04W12/12 ,  G06F21/56

Abstract: Mitigation of bot networks in wireless networks and/or on mobile devices is provided. A botnet detection component is provided that inspects data traffic and data flows on the wireless network to identify mobile devices that are suspected of behaving as bots. A traffic profile of the suspected bot behavior can be generated and forwarded to the mobile devices that are suspected of behaving as bots. The mobile device can correlate data traffic on the device to the traffic profile in order to identify applications responsible for the suspected bot behavior, and remove the identified applications.

公开(公告)号：US09773068B2

公开(公告)日：2017-09-26

申请号：US15269096

申请日：2016-09-19

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Andrea G. Forte ,  Baris Coskun ,  Qi Shen ,  Ilona Murynets ,  Jeffrey Bickford ,  Mikhail Istomin ,  Paul Giura ,  Roger Piqueras Jover ,  Ramesh Subbaraman ,  Suhas Mathur ,  Wei Wang

IPC: G06F7/00 ,  G06F17/30 ,  G06Q10/00

CPC classification number: G06F17/30867 ,  G06F17/30554 ,  G06Q10/00

Abstract: A method, non-transitory computer readable medium and apparatus for deriving trustful metadata for an application are disclosed. For example, the method crawls online for the application, analyzes the application to determine a function of the application, and generates trustful meta-data for the application based upon the function of the application.