公开(公告)号：US20240062133A1

公开(公告)日：2024-02-22

申请号：US18462849

申请日：2023-09-07

Applicant: Sophos Limited

Inventor： Joshua Daniel Saxe ,  Andrew J. Thomas ,  Russell Humphries ,  Simon Neil Reed ,  Kenneth D. Ray ,  Joseph H. Levy

IPC: G06Q10/0635 ,  H04L9/40 ,  G06N5/046 ,  G06N20/00 ,  G06F17/18 ,  G06F21/56 ,  G06Q10/0639 ,  G06F16/955 ,  G06F11/07 ,  G06N7/00 ,  G06F21/55 ,  G06N5/04 ,  G06F9/54 ,  G06N5/022 ,  G06N20/20 ,  G06V20/52 ,  G06F18/214 ,  G06F18/21 ,  G06F18/23213 ,  G06F18/2413 ,  G06N5/01

CPC classification number: G06Q10/0635 ,  H04L63/1416 ,  H04L63/20 ,  G06N5/046 ,  H04L63/1433 ,  H04L63/0263 ,  G06N20/00 ,  G06F17/18 ,  G06F21/562 ,  G06Q10/06395 ,  H04L63/1425 ,  G06F16/955 ,  G06F11/079 ,  G06F21/565 ,  G06N7/00 ,  G06F21/554 ,  G06N5/04 ,  G06F21/56 ,  H04L63/0227 ,  G06F9/542 ,  H04L63/1441 ,  G06N5/022 ,  G06N20/20 ,  G06V20/52 ,  H04L63/1408 ,  G06F18/214 ,  G06F18/2178 ,  G06F18/23213 ,  G06F18/24143 ,  G06N5/01 ,  G06Q30/0185

Abstract: An automated system attempts to characterize code as safe or unsafe. For intermediate code samples not placed with sufficient confidence in either category, human-readable analysis is automatically generated to assist a human reviewer in reaching a final disposition. For example, a random forest over human-interpretable features may be created and used to identify suspicious features in a manner that is understandable to, and actionable by, a human reviewer. Similarly, a k-nearest neighbor algorithm may be used to identify similar samples of known safe and unsafe code based on a model for, e.g., a file path, a URL, an executable, and so forth. Similar code may then be displayed (with other information) to a user for evaluation in a user interface. This comparative information can improve the speed and accuracy of human interventions by providing richer context for human review of potential threats.

公开(公告)号：US11899763B2

公开(公告)日：2024-02-13

申请号：US16165255

申请日：2018-10-19

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： Sayed Hassan Abdelaziz ,  Maria Puertas Calvo ,  Laurentiu Bogdan Cristofor ,  Rajat Luthra

IPC: H04L9/00 ,  G06F21/31 ,  H04L9/40 ,  G06N20/00

CPC classification number: G06F21/316 ,  G06N20/00 ,  H04L63/102 ,  H04L63/105 ,  H04L63/1441 ,  H04L63/308

Abstract: Systems are provided for improving computer security systems that are based on user risk scores. These systems can be used to improve both the accuracy and usability of the user risk scores by applying multiple tiers of machine learning to different the user risk profile components used to generate the user risk scores and in such a manner as to dynamically generate and modify the corresponding user risk scores.

公开(公告)号：US11895134B2

公开(公告)日：2024-02-06

申请号：US17228118

申请日：2021-04-12

Applicant: SAP SE

Inventor： Sudhir Verma ,  Ayushi Singla ,  Sumit Kumar ,  Sarma Adithe Venkata Ram ,  Jani Mahammad

IPC: H04L67/50 ,  H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/105 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/168 ,  H04L67/535

Abstract: Systems, methods, and computer media are described for user risk assessment using similarity analysis. Records of transactions performed by a user while in previous enhanced application access sessions can be evaluated against records of transactions performed by other users in previous sessions. The more similar a user is to other users, the more likely it is the user was acting in a typical manner, and the less likely the user poses a security risk. A similarity analysis can be performed using a bipartite graph linking a group of users and a group of application transactions. By examining an edge between a user and a performed transaction, other edges (and corresponding other users) can be identified that also performed the transaction. A similarity score can be calculated based on the bipartite graph and can be used to determine a risk classification and allow or deny an enhanced application access session request.

公开(公告)号：US11895129B2

公开(公告)日：2024-02-06

申请号：US17304958

申请日：2021-06-29

Applicant: Juniper Networks, Inc.

Inventor： Paul Randee Dilim Kimayong ,  Mounir Hahad

IPC: G06F21/56 ,  H04L9/40

CPC classification number: H04L63/1416 ,  G06F21/563 ,  G06F21/564 ,  H04L63/1441

Abstract: A device may receive a malicious file associated with a network of network devices and may identify a file type and file characteristics associated with the malicious file. The device may determine one or more rules to apply to the malicious file based on the file type and the file characteristics associated with the malicious file and may apply the one or more rules to the malicious file to generate a partial file signature for the malicious file. The device may provide the partial file signature for the malicious file to one or more of the network devices of the network. The partial file signature may cause the one or more of the network devices to block the malicious file.

公开(公告)号：US20240040003A1

公开(公告)日：2024-02-01

申请号：US18482480

申请日：2023-10-06

Applicant: Nasdaq, Inc.

Inventor： Vladimir MITEVSKI

IPC: H04L67/146 ,  H04L67/02 ,  H04L67/141 ,  H04L9/40 ,  H04L67/53 ,  H04L67/50

CPC classification number: H04L67/146 ,  H04L67/02 ,  H04L67/141 ,  H04L63/1441 ,  H04L67/53 ,  H04L67/535 ,  H04L43/10

Abstract: The described technology provides a capability for web applications from different domains to interact within one application environment. For example, an enterprise web application executing on a client terminal is provided the capability to monitor a second web application from a third party vendor even when the second web application is independently executing within an iframe or the like within the enterprise web applications container or context. In some example embodiments, the communication is enabled by a composite cookie or key that incorporates portions of an enterprise web application cookie or key and also portions of a vendor web application cookie or key.

公开(公告)号：US11888889B2

公开(公告)日：2024-01-30

申请号：US17687603

申请日：2022-03-05

Applicant: UAB 360 IT

Inventor： Adrianus Warmenhoven

IPC: H04L9/40 ,  H04L41/16 ,  G06F16/955

CPC classification number: H04L63/1433 ,  G06F16/9566 ,  H04L41/16 ,  H04L63/08 ,  H04L63/0876 ,  H04L63/1441

Abstract: A method determining, by an infrastructure device in communication with a user device, authentic feature information that indicates a characteristic associated with an authentic feature included in an authentic communication associated with an authentic entity, with which the user device intends to communicate over a network; and transmitting, by the infrastructure device to the user device, authentic entity information that includes the authentic feature information and an association between the characteristic associated with the authentic feature and authentic communication information associated with the authentic communication. Various other aspects are contemplated.

公开(公告)号：US11888877B2

公开(公告)日：2024-01-30

申请号：US16949865

申请日：2020-11-18

Applicant: Juniper Networks, Inc.

Inventor： Prakash T. Seshadri ,  Binh Phu Le ,  Srinivas Nimmagadda ,  Jeffrey S. Marshall ,  Kartik Krishnan S. Iyyer

IPC: H04L9/40 ,  G06F16/23 ,  G06F16/22 ,  H04L67/52

CPC classification number: H04L63/1425 ,  G06F16/2228 ,  G06F16/2379 ,  H04L63/0209 ,  H04L63/1416 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20 ,  H04L67/52

Abstract: A device receives network segment information identifying network segments associated with a network, and receives endpoint host session information identifying sessions associated with endpoint hosts communicating with the network. The device generates, based on the network segment information and the endpoint host session information, a data structure that includes information associating the network segments with the sessions associated with the endpoint hosts. The device updates the data structure based on changes in the sessions associated with the endpoint hosts and based on changes in locations of the endpoint hosts within the network segments, and identifies, based on the data structure, a particular endpoint host, of the endpoint hosts, that changed locations within the network segments. The device determines a threat policy action to enforce for the particular endpoint host, and causes the threat policy action to be enforced, by the network, for the particular endpoint host.

公开(公告)号：US11882145B2

公开(公告)日：2024-01-23

申请号：US17845514

申请日：2022-06-21

Applicant: Palantir Technologies Inc.

Inventor： Elliot Colquhoun ,  Abhishek Agarwal ,  Andrew Eggleton ,  Brandon Helms ,  Carl Ambroselli ,  Cem Zorlular ,  Daniel Kelly ,  Gautam Punukollu ,  Jeffrey Tsui ,  Morten Kromann ,  Nikhil Seetharaman ,  Raj Krishnan ,  Samuel Jones ,  Tareq Alkhatib ,  Dayang Shi

IPC: H04L9/40 ,  G06F8/65 ,  H04L67/75

CPC classification number: H04L63/1433 ,  G06F8/65 ,  H04L63/1441 ,  H04L67/75

Abstract: A method, apparatus, and computer program are disclosed. The method may be performed by one or more processors and may comprise receiving first data representing an infrastructure of a computer network, the first data comprising an indication of hosts which form at least part of the computer network and one or more software resources on respective hosts. The method may also comprise receiving second data from a vulnerability scanning software, the second data comprising an indication of one or more vulnerabilities detected in the one or more software resources provided on at least some of the hosts of the computer network. Using a combination of the first data and the second data, output data may be generated representing a risk profile of the computer network infrastructure, the output data indicating one or more subsets of hosts, determined as being at risk of being affected by the detected vulnerabilities by virtue of the software resources they provide for output on a user interface.

公开(公告)号：US11882094B2

公开(公告)日：2024-01-23

申请号：US17348476

申请日：2021-06-15

Applicant: Cobalt Iron Inc.

Inventor： Richard Raymond Spurlock ,  Robert Merrill Marett ,  James Thomas Kost ,  Gregory John Tevis

IPC: H04L9/40 ,  H04L47/10

CPC classification number: H04L63/0227 ,  H04L47/10 ,  H04L63/1441 ,  H04L63/166

Abstract: A system includes a memory and at least one processor to set a network throughput level setting to a default network traffic rate in a computer network, begin a data protection operation at the network throughput level setting in the computer network, continually monitor the computer network and determine that a condition has occurred in the computer network, dynamically adjust the network throughput level setting in response to the condition by one of decreasing the network throughput level setting by a network traffic rate increment and increasing the network throughput level setting by the network traffic rate increment, and dynamically shape network or storage traffic for the data protection operation using the network throughput level setting.

公开(公告)号：US20240022593A1

公开(公告)日：2024-01-18

申请号：US17862460

申请日：2022-07-12

Applicant: Akamai Technologies, Inc.

Inventor： Nadav George Costa ,  Ziv Eli

IPC: H04L9/40 ,  H04L41/16

CPC classification number: H04L63/1441 ,  H04L63/102 ,  H04L41/16

Abstract: A method executes upon receiving data (email, IP address) associated with an account registration. In response, an encoding is applied to the data to generate a node vector. The node vector indexes a database of such node vectors that the system maintains (from prior registrations). The database potentially includes one or more node vector(s) that may have a given similarity to the encoded node vector. To determine whether there are such vectors present, a set of k-nearest neighbors to the encoded node vector are then obtained from the database. This set of k-nearest neighbors together with the encoded node vector comprise a virtual graph that is then fed as a graph input to a Graph Neural Network previously trained on a set of training data. The GNN generates a probability that the virtual graph represents a NAF. If the probability exceeds a configurable threshold, the system outputs an indication that the registration is potentially fraudulent, and a mitigation action is taken.