公开(公告)号：US11269995B2

公开(公告)日：2022-03-08

申请号：US16170105

申请日：2018-10-25

Applicant: ENTIT SOFTWARE LLC

Inventor： Manish Marwah ,  Mijung Kim ,  Martin Arlitt

IPC: G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00 ,  G06F21/55 ,  H04L29/06 ,  H04L43/045 ,  H04L41/0631 ,  H04L41/0654 ,  G06F9/54

Abstract: In some examples, a system constructs, based on event data representing a plurality of events in a system, a representation of the plurality of events, the representation including information relating the events, and computes issue indications corresponding to potential issues in the system. The system adds information based on the issue indications to the representation to form an enriched representation, and searches the enriched representation to find a chain of events representing an issue in the system.

公开(公告)号：US11108794B2

公开(公告)日：2021-08-31

申请号：US15884978

申请日：2018-01-31

Applicant: EntIT Software LLC

Inventor： Pratyusa K. Manadhata ,  Kyle Williams ,  Barak Raz ,  Martin Arlitt

IPC: H04L29/06 ,  H04L29/12 ,  G06F40/263 ,  G06F40/284

Abstract: Systems and methods for identifying, in a domain name, n-grams that do not appear in words of a given language, where n is greater than two are disclosed. The disclosed systems and methods may include comparing a value based on a number of the identified n-grams to a threshold and indicating that the domain name is potentially generated by malware in response to the value having a specified relationship with respect to the threshold.

公开(公告)号：US10911481B2

公开(公告)日：2021-02-02

申请号：US15884988

申请日：2018-01-31

Applicant: EntIT Software LLC

Inventor： Pratyusa K. Manadhata ,  Kyle Williams ,  Barak Raz ,  Martin Arlitt

IPC: G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00 ,  H04L29/06 ,  G06F21/56 ,  H04L29/12 ,  G06F40/10

Abstract: In some examples, for a device that transmitted domain names, a system determines a dissimilarity between the domain names, compares a value derived from the determined dissimilarity to a threshold, and identifies the device as malware infected in response to the comparing.

公开(公告)号：US10812509B2

公开(公告)日：2020-10-20

申请号：US15796986

申请日：2017-10-30

Applicant: ENTIT Software LLC

Inventor： Martin Arlitt ,  Alkiviadis Simitsis

IPC: H04L29/06 ,  G06N20/00 ,  H04L29/12

Abstract: A technique includes dynamically assigning, by a server, network addresses selected from a plurality of network addresses to network devices of a network based on a schedule. The schedule represents a time during which a given network address is to remain unassigned. The technique includes, based on the schedule, detecting anomalous behavior associated with the network.

公开(公告)号：US20200274886A1

公开(公告)日：2020-08-27

申请号：US16284884

申请日：2019-02-25

Applicant: ENTIT Software LLC

Inventor： Pratyusa K. Manadhata ,  Martin Arlitt

IPC: H04L29/06

Abstract: A service receives, from client computing devices of client networks, information regarding incoming network traffic addressed to dark Internet Protocol (IP) address spaces the of client networks. The service can predict a cyber attack based on the information received from the client computing devices of the client networks. The server computing device notifies the client computing device of each client network affected by the predicted cyber attack.

公开(公告)号：US20190238573A1

公开(公告)日：2019-08-01

申请号：US15884983

申请日：2018-01-31

Applicant: EntIT Software LLC

Inventor： Pratyusa K. Manadhata ,  Kyle Williams ,  Barak Raz ,  Martin Arlitt

IPC: H04L29/06 ,  H04L29/12 ,  G06F17/21

CPC classification number: H04L63/1425 ,  G06F17/21 ,  H04L61/1511 ,  H04L63/101 ,  H04L63/145

Abstract: In some examples, a system counts a number of digits in a domain name. The system compares a value based on the number of digits to a threshold, and indicates that the domain name is potentially generated by malware in response to the value having a specified relationship with respect to the threshold.

公开(公告)号：US20190238572A1

公开(公告)日：2019-08-01

申请号：US15884978

申请日：2018-01-31

Applicant: EntIT Software LLC

Inventor： Pratyusa K. Manadhata ,  Kyle Williams ,  Barak Raz ,  Martin Arlitt

IPC: H04L29/06 ,  H04L29/12 ,  G06F17/27

CPC classification number: H04L63/1425 ,  G06F17/275 ,  H04L61/1511 ,  H04L63/145

Abstract: In some examples, a system identifies, in a domain name, n-grams that do not appear in words of a given language, where n is greater than two. The system compares a value based on a number of the identified n-grams to a threshold, and indicates that the domain name is potentially generated by malware in response to the value having a specified relationship with respect to the threshold.