公开(公告)号：US11297077B2

公开(公告)日：2022-04-05

申请号：US16177301

申请日：2018-10-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Ramsundar Janakiraman ,  Ronald Calvo Rojas

IPC: H04L29/06 ,  H04L61/4511

Abstract: A system may select a list of servers in a computer network to perform behavioural profiling, wherein each server is associated with a domain name, the list of servers includes domain name entries, and the list of servers is prioritized according to a popularity value for each server. The system may update the list of servers based on a popularity threshold, partition the computer network into one of: subnetworks or subdomains, and establish a hierarchy along one of: the subnetworks or the subdomains based on the domain name entries in the list of servers. The system may update the popularity value for a server associated with a resolved network address, and may update the hierarchy along one of: the subnetworks or the subdomains based on the popularity value.

公开(公告)号：US11025588B2

公开(公告)日：2021-06-01

申请号：US16177288

申请日：2018-10-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Ramsundar Janakiraman

IPC: G06F15/16 ,  H04L29/12 ,  H04L29/06

Abstract: A system may retrieve a packet in a network edge of a computer network. The system may identify a source address of the packet and a domain name that is being resolved that is associated with the packet and determining a time to live for the domain name, based at least in part on a record associated with the domain name. The server may further determine a relevance value indicative of an importance of a server associated with the domain name based at least in part on a frequency of the domain name in a domain name system list comprising a plurality of servers associated with a plurality of domain names, wherein the frequency is normalized by the time to live for the domain name. The system may sort the domain name system list according to the relevance value.

公开(公告)号：US20210075690A1

公开(公告)日：2021-03-11

申请号：US16563669

申请日：2019-09-06

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Ramsundar Janakiraman

IPC: H04L12/24 ,  H04L29/06 ,  G06F17/27

Abstract: Systems and methods are provided for utilizing natural language process (NLP), namely sequence prediction approaches, in the realm of network security. Techniques include analyzing network transaction records to form network sentences representative of network activity. The network sentences are formulated by regularizing transactions records using words, allowing the network sentences to represent the network activity using natural language terminology. In some cases, multiple variations of the network sentences having different sequences of words are generated to form a corpus of network sentences related to a semantics of network activity. Accordingly, an NLP-based network prediction model can be created and trained using the corpus of network sentences. The network prediction model can be trained over to identify dimensions corresponding to particular sequences of words in the network sentences, and predict an expected dimension. Using the network prediction model predictions of expected network are provided, and anomalies efficiently detected.

公开(公告)号：US20200322227A1

公开(公告)日：2020-10-08

申请号：US16374728

申请日：2019-04-03

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Ramsundar Janakiraman

IPC: H04L12/24 ,  H04L12/26 ,  H04L29/12 ,  H04L29/08

Abstract: Systems and methods are provided for interactively clustering a plurality of devices within a communication network. Techniques can include collecting intent to access messages and service advertisement messages that are communicated to a plurality of devices within the communication network. The intent to access messages and service advertisement messages can be formatted in accordance with a discovery protocol. The collected messages are analyzed to identify services, attributes, and attribute values associated with the plurality of devices using text-based analysis. Distances separating each the plurality of devices according to an associated distance value, can be determined. Distance values relate to a degree of similarity between each of the plurality devices based on the identify services, attributes, and attribute values. Clusters of devices can be generated based on the determined distances. A visualization of the communication network including graphical representations of the generated clusters of devices can be provided.