公开(公告)号：US20180234444A1

公开(公告)日：2018-08-16

申请号：US15433058

申请日：2017-02-15

申请人： Microsoft Technology Licensing, LLC

发明人： Shai Kaplan ,  Yonatan Most

IPC分类号： H04L29/06

CPC分类号： H04L63/1425 ,  H04L63/0281 ,  H04L63/1441

摘要： An anomaly detection system is provided and includes a processor, a memory, and a security application that is stored in the memory and includes instructions. The instructions are configured to collect information of behavior data for the users of an organization accessing cloud applications via a distributed network. The behavior data includes one or more parameters tracked over time for the users. The instructions are further configured to: establish baselines for each of the users and for each of the cloud applications or types of cloud applications of the organization; detect anomalies based on the baselines; provide aggregated anomaly data by aggregating anomalies corresponding to two or more of the baselines and a same behavior or corresponding to multiple users of a same cloud application during a same period of time; determine a risk value based on the aggregated anomaly data; and perform a countermeasure based on the risk value.

公开(公告)号：US20180234438A1

公开(公告)日：2018-08-16

申请号：US15942593

申请日：2018-04-02

申请人： Illusive Networks Ltd.

发明人： Shlomo Touboul ,  Hanan Levin ,  Stephane Roubach ,  Assaf Mischari ,  Itai Ben David ,  Itay Avraham ,  Adi Ozer ,  Chen Kazaz ,  Ofer Israeli ,  Olga Vingurt ,  Liad Gareh ,  Israel Grimberg ,  Cobby Cohen ,  Sharon Sultan ,  Matan Kubovsky

IPC分类号： H04L29/06

CPC分类号： H04L63/1491 ,  G06F21/55 ,  G06F21/554 ,  G06F21/56 ,  G06F21/577 ,  G06N20/00 ,  H04L29/06904 ,  H04L63/10 ,  H04L63/102 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20 ,  H04L2463/146

摘要： A network surveillance method to detect attackers, including planting one or more honeytokens in one or more resources in a network of computers in which users access the resources in the network based on credentials, wherein a honeytoken is an object in memory or storage of a first resource that may be used by an attacker to access a second resource using decoy credentials, including planting a first honeytoken in a first resource, R1, used to access a second resource, R2, using first decoy credentials, and planting a second honeytoken in R1, used to access a third resource, R3, using second decoy credentials, and alerting that an attacker is intruding the network only in response to both (i) an attempt to access R2 using the first decoy credentials, and (ii) a subsequent attempt to access R3 using the second decoy credentials.

公开(公告)号：US20180219912A1

公开(公告)日：2018-08-02

申请号：US15881481

申请日：2018-01-26

申请人： Level 3 Communications, LLC

发明人： Joel C. Maslak ,  Todd J. Williamson ,  Kevin Brady

IPC分类号： H04L29/06

CPC分类号： H04L63/1441 ,  H04L63/1425 ,  H04L63/1458

摘要： Aspects of the present disclosure involve systems, methods, computer program products, and the like, for providing a proxy server or scrubbing service for an authoritative domain name server (DNS) of a CDN to prevent or otherwise mitigate attacks on the server. The proxy server may receive incoming requests to the authoritative DNS and determine which requests are valid and which are potentially part of an attack on the network. In one embodiment, the proxy server may then “scrub” or otherwise remove the requests of the attack to mitigate the effect of the attack on the network. For example, the proxy server may ignore the request, may direct the request to a “dead-end” server or other device to prevent overloading of the target device, may instruct a device from which the request was sent to discard the request, etc.

公开(公告)号：US20180219911A1

公开(公告)日：2018-08-02

申请号：US15420521

申请日：2017-01-31

申请人： HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

发明人： Pratyusa K. Manadhata ,  William G. Horne ,  Tomas Sander ,  Manish Marwah ,  Tomasz Jaroslaw Bania

IPC分类号： H04L29/06

CPC分类号： H04L63/1441 ,  H04L63/1416 ,  H04L63/20

摘要： In some examples, an alert relating to an issue in a computing arrangement is received. It is determined that the received alert is similar to a given alert in an information repository containing information of past processes performed to address respective issues, the determining comprising comparing a property associated with the received alert to a property of alerts associated with the past processes, and the information contained in the information repository comprising actions taken in the past processes to address the respective issues. Performance of a remediation action is triggered that comprises an action, identified by the information in the information repository, taken to respond to the given alert.

公开(公告)号：US20180219883A1

公开(公告)日：2018-08-02

申请号：US15418050

申请日：2017-01-27

申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION

发明人： Guo Qiang Li ,  June-Ray Lin ,  Ronald Williams

IPC分类号： H04L29/06

CPC分类号： H04L63/1425 ,  H04L63/1441

摘要： A method, computer system, and a computer program product for a monitor security process is provided. The present invention may include configuring monitors in a chain configuration where sensors communicate with the monitors. The present invention may include receiving a first set of information from the sensor to a primary and backup monitor based on an event. The present invention may include broadcasting the information from the primary and backup monitor to a plurality of monitors and logging the information. The present invention may include receiving a second set of information from within the chain of monitors. The present invention may include determining that the sets of information conflict. The present invention may include marking at least one temporary log within the plurality of temporary logs as conflicting. The present invention may include determining that a conflicting threshold has been exceeded and then generate an audit and recovery plan.

公开(公告)号：US20180219832A1

公开(公告)日：2018-08-02

申请号：US15940200

申请日：2018-03-29

申请人： PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICA

发明人： Manabu MAEDA ,  Jun ANZAI ,  Yoshihiro UJIIE ,  Masato TANABE ,  Takeshi KISHIKAWA

IPC分类号： H04L29/06 ,  B60R16/023

CPC分类号： H04L63/0209 ,  B60R16/023 ,  G06F21/55 ,  G06F21/85 ,  H04L12/28 ,  H04L12/40006 ,  H04L63/0245 ,  H04L63/14 ,  H04L63/1441 ,  H04L67/12

摘要： A security apparatus is provided that is connected to a bus. The security apparatus includes a receiver that receives a first frame from the bus, a memory that stores an examination parameter defining a content of an examination on the first frame, and processing circuitry that performs operations. The performed operations include first determining whether a predetermined condition is satisfied for the first frame. The performed operations also include, in a case where the first determining determined that the predetermined condition is satisfied, updating the examination parameter stored in the memory. The performed operations further include second determining whether the first frame is an attack frame based on the updated examination parameter stored in the memory.

公开(公告)号：US20180218261A1

公开(公告)日：2018-08-02

申请号：US15420613

申请日：2017-01-31

申请人： PAYPAL, INC.

发明人： Benjamin Hillel Myara ,  David Tolpin

IPC分类号： G06N3/08 ,  H04W12/12 ,  H04L29/06 ,  G06N5/04 ,  G06Q20/40

CPC分类号： G06Q20/4016 ,  G06N3/0445 ,  G06N3/0454 ,  G06N3/084 ,  G06Q20/00 ,  H04L63/1441 ,  H04W12/00505 ,  H04W12/00508 ,  H04W12/12

摘要： A system for predicting that a user session will be fraudulent. The system can analyze an incomplete session and determine the likelihood that the session is fraudulent or not by generating completed sessions based on the incomplete session.

公开(公告)号：US20180212851A1

公开(公告)日：2018-07-26

申请号：US15933846

申请日：2018-03-23

申请人： Juniper Networks, Inc.

发明人： Gunes AYBAY

IPC分类号： H04L12/26 ,  H04L29/06 ,  H04L12/801

CPC分类号： H04L43/0894 ,  H04L43/026 ,  H04L43/04 ,  H04L43/18 ,  H04L47/10 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/1458 ,  H04L63/1466

摘要： In one embodiment, a processor-readable medium storing code representing instructions that when executed by a processor cause the processor to update, at a memory location, a first flow state value associated with a data flow to a second flow state value when at least one of a packet from the data flow is received or the memory location is selected after a time period has expired. At least a portion of the packet is analyzed when the second flow state value represents a flow rate of a network data flow anomaly.

公开(公告)号：US20180205754A1

公开(公告)日：2018-07-19

申请号：US15408007

申请日：2017-01-17

申请人： NextEV USA, Inc.

发明人： Craig North

IPC分类号： H04L29/06

CPC分类号： H04L63/1433 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/20 ,  H04W4/40

摘要： A security system can provide monitoring and vulnerability testing of networks within a vehicle and perform patching or take other remedial action when vulnerabilities are found. Monitoring can comprise maintaining and enforcing security policies on use of the networks of the vehicle, performing anti-virus and/or anti-malware monitoring and/or scanning on messages and use of the networks of the vehicle, monitoring in real-time for certain conditions or on certain aspects of operation of the networks, or performing one or more of a number of different types of automated vulnerability scans on the networks of the vehicle. Patching or take other remedial action can comprise, blocking access to one or more of the networks of the vehicle by an application, component, user, etc. when a threat is detected or a vulnerability is found, reporting a detected threat or vulnerability, obtaining and applying a patch or automatically taking other corrective action as needed.

公开(公告)号：US20180205747A1

公开(公告)日：2018-07-19

申请号：US15919034

申请日：2018-03-12

申请人： Shape Security, Inc.

发明人： Michael J. Ficarra

IPC分类号： H04L29/06

CPC分类号： H04L63/1408 ,  H04L63/08 ,  H04L63/1425 ,  H04L63/1441 ,  H04L67/02 ,  H04L67/42

摘要： Computer systems and methods for improving security or performance of one or more client computers interacting with a plurality of server computers. In an embodiment, a computer system comprises a first server computer and a second server computer; wherein the first server computer is configured to: generate a challenge nonce, wherein the challenge nonce corresponds to a challenge state; generate the challenge state based on the challenge nonce, wherein the challenge state corresponds to a response state; send, to a first client computer, the challenge nonce and the challenge state, but not the response state; wherein the second server computer is configured to: receive, from the first client computer, a test nonce and a test response state; determine whether the test response state matches the response state based on the test nonce, without: receiving the challenge state from the first server computer; receiving the challenge state from the first client computer.