公开(公告)号：US11853415B1

公开(公告)日：2023-12-26

申请号：US17116419

申请日：2020-12-09

Applicant: Rapid7, Inc.

Inventor： Douglas George Wainer

IPC: G06F16/17 ,  G06F21/55 ,  G06F40/284 ,  G06F40/30 ,  G06N20/00

CPC classification number: G06F21/552 ,  G06F16/1734 ,  G06F40/284 ,  G06F40/30 ,  G06N20/00

Abstract: Disclosed herein are methods, systems, and processes for context-based identification of anomalous log data. Log data with multiple original logs is received at an anomalous log data identification system. A context associated training dataset is generated by splitting a string in a log into multiple split strings, generating a context association between each split string and a unique key that corresponds to the log, and generating an input/output (I/O) string data batch that includes I/O string data for each split string in the log by training each split string against every other split string in the log. A context-based anomalous log data identification model is then trained according to a machine learning technique using the I/O string data batch that includes a list of unique strings in the context associated training dataset. The training tunes the context-based anomalous log data identification model to classify or cluster a vector associated with a new string in a new log that is not part of the multiple original logs as anomalous.

公开(公告)号：US11848951B2

公开(公告)日：2023-12-19

申请号：US17643952

申请日：2021-12-13

Applicant: Nant Holdings IP, LLC

Inventor： Thomas M. Wittenschlaeger

IPC: H04L9/40 ,  G06F21/55

CPC classification number: H04L63/1425 ,  G06F21/552 ,  H04L63/18 ,  H04L63/1408

Abstract: A hybrid-fabric apparatus comprises a black box memory configured to store a plurality of behavior metrics and an anomaly agent coupled to the black box. The anomaly agent determines a baseline vector corresponding to nominal behavior of the fabric, wherein the baseline vector comprises at least two different behavior metrics that are correlated with each other. The anomaly agent disaggregates anomaly detection criteria into a plurality of anomaly criterion to be distributed among network nodes in the fabric, the anomaly detection criteria characterizing a variation from the baseline vector, and each of the plurality of anomaly criterion comprising a function of a measured vector of behavior metrics. The variation can be calculated based on a variation function applied to a vector of measured behavior metrics having elements corresponding to member elements of the baseline vector. Anomaly criterion statuses calculated by at least some of the network nodes are aggregated.

公开(公告)号：US11843633B2

公开(公告)日：2023-12-12

申请号：US17261173

申请日：2019-04-26

Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATION

Inventor： Daiki Chiba ,  Mitsuaki Akiyama

IPC: G06F18/22 ,  H04L9/40 ,  G06F21/55

CPC classification number: H04L63/1483 ,  G06F18/22 ,  G06F21/552 ,  G06F2221/2119

Abstract: An analysis device includes an input unit that receives input of communication destination information to be analyzed, a conversion unit that converts a partial character string included in the communication destination information into an image, a search unit that obtains a character string that is visually similar to an image converted by the conversion unit and searches for known communication destination information that is visually similar to the communication destination information based on the character string obtained, and an output unit that outputs a combination of the communication destination information and the known communication destination information that is visually similar to the communication destination information.

公开(公告)号：US11843616B2

公开(公告)日：2023-12-12

申请号：US17702606

申请日：2022-03-23

Applicant: Threatology, Inc.

Inventor： Frederick Frey ,  Timothy Nary

IPC: H04L9/40 ,  G06F21/55 ,  G06F21/56 ,  G06F21/57 ,  G06F3/0482 ,  G06N20/00

CPC classification number: H04L63/1416 ,  G06F3/0482 ,  G06F21/552 ,  G06F21/554 ,  G06F21/566 ,  G06F21/577 ,  G06N20/00 ,  H04L63/14 ,  H04L63/145 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/1483 ,  H04L63/20 ,  G06F2221/034

Abstract: Disclosed is a cyber threat intelligence platform configured to: a) designate a virtual machine as an attacker machine; b) designate a virtual machine as a victim machine; c) receive cyberattack data representative of a cyberattack executed by the attacker machine against the victim machine; e) receive defense action data representative of a defense action executed by the victim machine against the cyberattack; f) mark a first point in time when the cyberattack is executed, and mark a second point in time when the defense action is initiated; g) compare the first point in time with the second point in time to ascertain an attack-defense time lapse as a performance measure for computer system threat management of cyberattacks or defense actions, and h) view or analyze cyberattack and defense actions for effectiveness, including perspectives derived from the relative timing of the actions as indicated on the time lapse.

公开(公告)号：US20230394367A1

公开(公告)日：2023-12-07

申请号：US18450263

申请日：2023-08-15

Applicant: Pivotal Software, Inc.

Inventor： Jin Yu ,  Regunathan Radhakrishnan ,  Anirudh Kondaveeti

IPC: G06N20/00 ,  G06F16/28 ,  G06F21/31 ,  G06F21/55 ,  H04L9/40

CPC classification number: G06N20/00 ,  G06F16/285 ,  G06F21/316 ,  G06F21/552 ,  H04L63/1425

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for classifying user behavior as anomalous. One of the methods includes obtaining user behavior data representing behavior of a user in a subject system. An initial model is generated from training data, the initial model having first characteristic features of the training data. A resampling model is generated from the training data and from multiple instances of the first representation for a test time period. A difference between the initial model and the resampling model is computed. The user behavior in the test time period is classified as anomalous based on the difference between the initial model and the resampling model.

公开(公告)号：US20230394137A1

公开(公告)日：2023-12-07

申请号：US18034051

申请日：2020-11-20

Applicant: Beijing BOE Technology Development Co., Ltd. ,  BOE Technology Group Co., Ltd.

Inventor： Xiangye WEI ,  Liming XIU

IPC: G06F21/55

CPC classification number: G06F21/552 ,  G06F2221/034

Abstract: Provided is a security protection method for a heterogeneous system, wherein the heterogeneous system includes a processor. The processor includes a first region, wherein the first region includes a physical unclonable function circuit. The method includes: detecting whether an input of the heterogeneous system is abnormal; acquiring a configuration file in response to the input of the heterogeneous system being detected as abnormal, wherein the acquired configuration file is different from a configuration file of the physical unclonable function circuit that has run; and reconstructing, on the processor, a mapping of the physical unclonable function circuit based on the acquired configuration file.

公开(公告)号：US20230385410A1

公开(公告)日：2023-11-30

申请号：US17838446

申请日：2022-06-13

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ishwar AGARWAL ,  Bharat PILLILLI ,  Vishal SONI

IPC: G06F21/55 ,  G06F21/54 ,  G06F21/79 ,  G06F9/30 ,  G06F9/38

CPC classification number: G06F21/556 ,  G06F21/54 ,  G06F21/552 ,  G06F21/79 ,  G06F9/30047 ,  G06F9/3857

Abstract: Systems and methods related to flush plus reload cache side-channel attack mitigation are described. An example method for mitigating a side-channel timing attack in a system including a processor having at least one cache is described. The method includes receiving a first instruction, where the first instruction, when executed by the processor, is configured to flush at least one cache line from the at least one cache associated with the processor. The method further includes, prior to execution of the first instruction by the processor, automatically mapping the first instruction to a second instruction such that the at least one cache line is not flushed from the at least one cache even in response to receiving the first instruction.

公开(公告)号：US20230385405A1

公开(公告)日：2023-11-30

申请号：US17826285

申请日：2022-05-27

Applicant: The Boeing Company

Inventor： Mingyan Li ,  Su-Nei Nina Shen ,  David S. Mier

IPC: G06F21/55 ,  G06F16/28

CPC classification number: G06F21/552 ,  G06F16/285 ,  G06F2221/034

Abstract: A system includes a processor and a storage device containing instructions. Execution of the instructions causes the processor to: (1) connect with an onboard system of a vehicle, wherein the onboard system is connectable to a network; (2) collect an activity log generated by the onboard system, wherein the activity log includes log messages indicative of an activity of the onboard system; (3) extract a feature list from the activity log, wherein the feature list includes features and each one of the features includes select information from a corresponding one of the log messages; (4) extract an episode from the feature list, wherein the episode is indicative of the activity of the onboard system; and (5) classify the episode with an episode classification, wherein the episode classification is indicative of an event that occurred during the activity.

公开(公告)号：US11829472B2

公开(公告)日：2023-11-28

申请号：US17380228

申请日：2021-07-20

Applicant: Panasonic Intellectual Property Corporation of America

Inventor： Ryo Hirano ,  Takeshi Kishikawa ,  Yoshihiro Ujiie ,  Tomoyuki Haga

IPC: G06F21/14 ,  G06F21/56 ,  G06F21/55

CPC classification number: G06F21/56 ,  G06F21/552

Abstract: An anomalous vehicle detection server includes an anomaly score calculator that detects a suspicious behavior different from a predetermined driving behavior based on pieces of vehicle information that are received from a plurality of vehicles, respectively, and are each based on a vehicle log including the content of an event that has occurred in a vehicle system provided in the vehicle, and acquires an anomaly score of each of the plurality of vehicles that indicates a likelihood that reverse engineering is performed on the vehicle; and an anomalous vehicle determiner that determines whether one vehicle of the plurality of vehicles is an anomalous vehicle based on the anomaly score of the one vehicle and a statistical value of the anomaly scores of two or more vehicles of the plurality of vehicles.

公开(公告)号：US20230376594A1

公开(公告)日：2023-11-23

申请号：US18197134

申请日：2023-05-15

Applicant: The Trustees of Columbia University in the City of New York

Inventor： Siddhartha Dalal ,  Zihe Wang ,  Siddhanth Sabharwal

IPC: G06F21/56 ,  G06F21/55 ,  G06Q20/02

CPC classification number: G06F21/565 ,  G06F21/552 ,  G06Q20/02

Abstract: Disclosed are methods, systems, and other implementations, including a method for identifying and predicting illegal digital currency transactions that includes obtaining one or more blockchains of transaction blocks for transactions involving digital currency, deriving from the one or more blockchains of transaction blocks a transaction graph of sequential transactions, and applying clustering processing to the transaction graph to generate resultant one or more entity graphs representative of likely chains of digital currency transfers by respective one or more entities. The method further includes extracting graph feature data from the resultant one or more entity graphs, and applying classification processing (e.g., supervised learning classification processing) to the extracted graph feature data to identify a suspected malicious entity from the one or more entities associated with the one or more entity graphs.