公开(公告)号：US11906943B2

公开(公告)日：2024-02-20

申请号：US17400947

申请日：2021-08-12

申请人： Nozomi Networks Sagl

发明人： Roberto Bruttomesso ,  Alessandro Di Pinto ,  Moreno Carullo ,  Andrea Carcano

IPC分类号： G05B19/05

CPC分类号： G05B19/054 ,  G05B19/056 ,  G05B2219/1164 ,  G05B2219/13018 ,  G05B2219/13019 ,  G05B2219/15023

摘要： The present invention relates to a method for automatic translation of ladder logic to a SMT-based model checker in a network comprising defining (10) the topology of the network as an enriched network topology based on packets exchanged in the network, extracting (20) a program from the packets relating to a PLC in the network and identifying inputs, outputs, variables and a ladder diagram of the PLC, translating (30) the inputs, outputs, variables and ladder diagram into a predefined formal model, wherein the predefined formal model is a circuit-like SMT-based model checker, and wherein the translating (30) comprises translating the set of data types of the program according to a predefined model set of data types of the circuit-like SMT-based model checker, translating the inputs of the PLC as model inputs of the circuit-like SMT-based model checker of the same type, translating the outputs of the PLC as model output latches of the circuit-like SMT-based model checker of the same type, translating the variables of the PLC as model variable latches of the circuit-like SMT-based model checker of the same type, translating comparators and arithmetic operators of the ladder diagram into a plurality of predefined model functions of the circuit-like SMT-based model checker, translating contacts and coils of the ladder diagram according to predefined model recursive procedures relating to the predefined model set of data types, the model inputs, the model output latches, the model variable latches and the plurality of predefined model functions, wherein the contacts are switches that can block or allow the flow of the current in a connection and each of the contacts is controlled by a Boolean input or variable, and wherein the coils are assignments to Boolean variables.

公开(公告)号：US11444971B2

公开(公告)日：2022-09-13

申请号：US17064010

申请日：2020-10-06

申请人： Nozomi Networks Sagl

发明人： Ivan Speziale ,  Alessandro Di Pinto ,  Moreno Carullo ,  Andrea Carcano

IPC分类号： H04L9/40

摘要： The present invention relates to a method for assessing the quality of network-related Indicators of Compromise comprising the phase of calculating, by a computerized data processing unit, a quality score for Indicators of Compromise of the IP Address type, the steps of assigning an autonomous system score of the IP Address according to a predefined range of values based on a database of autonomous system owners, assigning a subnet score of said IP Address according to a predefined range of values based on a database of subnet owners, assigning a services hosted score of the IP Address according to a predefined range of values based on known malicious services hosted by the IP Address before the phase of calculating the quality score, calculating the IP Address quality score as sum of the autonomous system score, subnet score and services hosted score and wherein the method comprises a phase of evaluating the calculated quality score comprises, for each of the Indicators of Compromise of the IP Address type, the step of assessing the Indicators of Compromise of the IP Address type as malicious when the IP Address quality score exceed a predefined IP Address quality threshold.

公开(公告)号：US10955831B2

公开(公告)日：2021-03-23

申请号：US16232750

申请日：2018-12-26

申请人： Nozomi Networks Sagl

发明人： Andrea Carcano ,  Moreno Carullo

IPC分类号： G06F16/904 ,  G05B19/418

摘要： The present invention relates to a method for detecting anomalies in an infrastructure comprising the step of analyzing each of the data packets (PD) exchanged in the telecommunication system; identifying for each of the analysed data packets (PD) all the network protocols used and at least one field of each of the protocols; generating a virtual representation of the infrastructure (1) for each of the exchanged data packets (PD) and on the basis of the identified protocols and fields; storing the virtual representation generated for each of the exchanged data packets (PD); comparing the virtual representation stored with at least one comparison element, identifying at least one critical state of the infrastructure from the differences and/or similarities between the stored virtual representation and the comparison elements; signaling, by means of the computerized data processing means, an anomaly of the infrastructure when at least one of the critical states is identified in the virtual representation.