中科微点-全球专利检索

  1. Login
  2. Sign Up

Search Results

43 records (took 0.032 seconds)

    UNWANTED TUNNELING ALERT SYSTEM
    12.
    发明申请
    UNWANTED TUNNELING ALERT SYSTEM 有权

    公开(公告)号:US20160344756A1

    公开(公告)日:2016-11-24

    申请号:US15228297

    申请日:2016-08-04

    Applicant: Palantir Technologies Inc.

    Inventor: Juan Ricafort Harkirat Singh Philip Martin

    IPC: H04L29/06 H04L29/12

    CPC classification number: H04L63/1416 G06F21/556 H04L61/2007 H04L63/0272 H04L63/1425 H04L63/1441

    Abstract: Various systems and methods are provided that detect malicious network tunneling. For example, VPN logs and data connection logs may be accessed. The VPN logs may list client IP addresses that have established a VPN connection with an enterprise network. The data connection logs may list client IP addresses that have requested connections external to the enterprise network and remote IP addresses to which connections are requested. The VPN logs and the data connection logs may be parsed to identify IP addresses that are present in the VPN logs as a client IP address and in the data connection logs as a remote IP address. If an IP address is so present, user data and traffic data associated with the IP address may be retrieved to generate a risk score. If the risk score exceeds a threshold, an alert to be displayed in a GUI is generated.

    UNWANTED TUNNELING ALERT SYSTEM
    13.
    发明申请
    UNWANTED TUNNELING ALERT SYSTEM 有权
    无人值守的隧道警报系统

    公开(公告)号:US20160050224A1

    公开(公告)日:2016-02-18

    申请号:US14823935

    申请日:2015-08-11

    Applicant: Palantir Technologies Inc.

    Inventor: Juan Ricafort Harkirat Singh Philip Martin

    IPC: H04L29/06 H04L29/12

    CPC classification number: H04L63/1416 G06F21/556 H04L61/2007 H04L63/0272 H04L63/1425 H04L63/1441

    Abstract: Various systems and methods are provided that detect malicious network tunneling. For example, VPN logs and data connection logs may be accessed. The VPN logs may list client IP addresses that have established a VPN connection with an enterprise network. The data connection logs may list client IP addresses that have requested connections external to the enterprise network and remote IP addresses to which connections are requested. The VPN logs and the data connection logs may be parsed to identify IP addresses that are present in the VPN logs as a client IP address and in the data connection logs as a remote IP address. If an IP address is so present, user data and traffic data associated with the IP address may be retrieved to generate a risk score. If the risk score exceeds a threshold, an alert to be displayed in a GUI is generated.

    Abstract translation: 提供了检测恶意网络隧道的各种系统和方法。 例如,可以访问VPN日志和数据连接日志。 VPN日志可以列出已经与企业网络建立VPN连接的客户端IP地址。 数据连接日志可能列出已请求企业网络外部连接的客户端IP地址以及请求连接的远程IP地址。 可以解析VPN日志和数据连接日志,以将VPN日志中存在的IP地址识别为客户端IP地址,并将数据连接日志标识为远程IP地址。 如果IP地址如此存在,则可以检索与IP地址相关联的用户数据和流量数据以产生风险分数。 如果风险分数超过阈值,则生成要在GUI中显示的警报。

    Trend data clustering
    14.
    发明授权
    Trend data clustering 有权
    趋势数据聚类

    公开(公告)号:US09177344B1

    公开(公告)日:2015-11-03

    申请号:US14139640

    申请日:2013-12-23

    Applicant: Palantir Technologies, Inc.

    Inventor: Harkirat Singh Brendan Weickert Matthew Sprague Michael Kross Adam Borochoff Parvathy Menon Michael Harris

    IPC: G06Q40/00 G06Q40/02

    CPC classification number: G06F17/3053 G06F17/30345 G06F17/30412 G06F17/30539 G06F17/30572 G06F17/30598 G06F17/30601 G06F17/30604 G06F17/30699 G06F17/30705 G06F17/3071 G06F17/30867 G06Q10/10 G06Q20/4016 G06Q30/0185 G06Q40/00 G06Q40/02 G06Q40/025 G06Q40/10 G06Q40/123

    Abstract: In various embodiments, systems, methods, and techniques are disclosed for generating a collection of clusters of related data from a seed. Seeds may be generated based on seed generation strategies or rules. Clusters may be generated by, for example, retrieving a seed, adding the seed to a first cluster, retrieving a clustering strategy or rules, and adding related data and/or data entities to the cluster based on the clustering strategy. Various cluster scores may be generated based on attributes of data in a given cluster. Further, cluster metascores may be generated based on various cluster scores associated with a cluster. Clusters may be ranked based on cluster metascores. Various embodiments may enable an analyst to discover various insights related to data clusters, and may be applicable to various tasks including, for example, tax fraud detection, beaconing malware detection, malware user-agent detection, and/or activity trend detection, among various others.

    Abstract translation: 在各种实施例中,公开了用于从种子生成相关数据集合的集合的系统,方法和技术。 可以根据种子生成策略或规则生成种子。 可以通过例如检索种子,将种子添加到第一群集,检索群集策略或规则,以及基于聚类策略将相关数据和/或数据实体添加到群集来生成群集。 可以基于给定簇中的数据的属性来生成各种聚类分数。 此外,可以基于与集群相关联的各种聚类分数来生成集群组合。 群集可能会根据群集元素进行排名。 各种实施例可以使分析人员能够发现与数据集群相关的各种见解,并且可以适用于各种任务,包括例如税欺诈检测,信标恶意软件检测,恶意软件用户代理检测和/或活动趋势检测 其他。

    User-agent data clustering
    15.
    发明授权
    User-agent data clustering 有权
    用户代理数据聚类

    公开(公告)号:US09165299B1

    公开(公告)日:2015-10-20

    申请号:US14139713

    申请日:2013-12-23

    Applicant: Palantir Technologies, Inc.

    Inventor: Geoff Stowe Harkirat Singh Stefan Bach Matthew Sprague Michael Kross Adam Borochoff Parvathy Menon Michael Harris

    IPC: G06Q40/00 G06Q20/40

    CPC classification number: G06F17/3053 G06F17/30345 G06F17/30412 G06F17/30539 G06F17/30572 G06F17/30598 G06F17/30601 G06F17/30604 G06F17/30699 G06F17/30705 G06F17/3071 G06F17/30867 G06Q10/10 G06Q20/4016 G06Q30/0185 G06Q40/00 G06Q40/02 G06Q40/025 G06Q40/10 G06Q40/123

    Abstract: In various embodiments, systems, methods, and techniques are disclosed for generating a collection of clusters of related data from a seed. Seeds may be generated based on seed generation strategies or rules. Clusters may be generated by, for example, retrieving a seed, adding the seed to a first cluster, retrieving a clustering strategy or rules, and adding related data and/or data entities to the cluster based on the clustering strategy. Various cluster scores may be generated based on attributes of data in a given cluster. Further, cluster metascores may be generated based on various cluster scores associated with a cluster. Clusters may be ranked based on cluster metascores. Various embodiments may enable an analyst to discover various insights related to data clusters, and may be applicable to various tasks including, for example, tax fraud detection, beaconing malware detection, malware user-agent detection, and/or activity trend detection, among various others.

    Abstract translation: 在各种实施例中,公开了用于从种子生成相关数据集合的集合的系统,方法和技术。 可以根据种子生成策略或规则生成种子。 可以通过例如检索种子,将种子添加到第一群集,检索群集策略或规则,以及基于聚类策略将相关数据和/或数据实体添加到群集来生成群集。 可以基于给定簇中的数据的属性来生成各种聚类分数。 此外,可以基于与集群相关联的各种聚类分数来生成集群组合。 群集可能会根据群集元素进行排名。 各种实施例可以使分析人员能够发现与数据集群相关的各种见解,并且可以适用于各种任务,包括例如税欺诈检测,信标恶意软件检测,恶意软件用户代理检测和/或活动趋势检测 其他。

    Malware data clustering
    16.
    发明授权
    Malware data clustering 有权
    恶意软件数据集群

    公开(公告)号:US08788407B1

    公开(公告)日:2014-07-22

    申请号:US14139603

    申请日:2013-12-23

    Applicant: Palantir Technologies, Inc.

    Inventor: Harkirat Singh Geoff Stowe Brendan Weickert Matthew Sprague Michael Kross Adam Borochoff Parvathy Menon Michael Harris

    IPC: G06Q40/00

    CPC classification number: G06F17/3053 G06F17/30345 G06F17/30412 G06F17/30539 G06F17/30572 G06F17/30598 G06F17/30601 G06F17/30604 G06F17/30699 G06F17/30705 G06F17/3071 G06F17/30867 G06Q10/10 G06Q20/4016 G06Q30/0185 G06Q40/00 G06Q40/02 G06Q40/025 G06Q40/10 G06Q40/123

    Abstract: In various embodiments, systems, methods, and techniques are disclosed for generating a collection of clusters of related data from a seed. Seeds may be generated based on seed generation strategies or rules. Clusters may be generated by, for example, retrieving a seed, adding the seed to a first cluster, retrieving a clustering strategy or rules, and adding related data and/or data entities to the cluster based on the clustering strategy. Various cluster scores may be generated based on attributes of data in a given cluster. Further, cluster metascores may be generated based on various cluster scores associated with a cluster. Clusters may be ranked based on cluster metascores. Various embodiments may enable an analyst to discover various insights related to data clusters, and may be applicable to various tasks including, for example, tax fraud detection, beaconing malware detection, malware user-agent detection, and/or activity trend detection, among various others.

    Abstract translation: 在各种实施例中,公开了用于从种子生成相关数据集合的集合的系统,方法和技术。 可以根据种子生成策略或规则生成种子。 可以通过例如检索种子,将种子添加到第一群集,检索群集策略或规则,以及基于聚类策略将相关数据和/或数据实体添加到群集来生成群集。 可以基于给定簇中的数据的属性来生成各种聚类分数。 此外,可以基于与集群相关联的各种聚类分数来生成集群组合。 群集可能会根据群集元素进行排名。 各种实施例可以使分析人员能够发现与数据集群相关的各种见解,并且可以适用于各种任务,包括例如税欺诈检测,信标恶意软件检测,恶意软件用户代理检测和/或活动趋势检测 其他。

Patent Agency Ranking