-
公开(公告)号:US20240333742A1
公开(公告)日:2024-10-03
申请号:US18618334
申请日:2024-03-27
申请人: AO Kaspersky Lab
IPC分类号: H04L9/40
CPC分类号: H04L63/1425
摘要: Disclosed herein are systems and methods for detection of anomalies in a cyber-physical system in real-time. In one aspect, an exemplary method comprises: obtaining, in real-time, randomly distributed stream of observations of CPS parameters; converting an observation of the CPS parameter to a uniform temporal grid (UTG); when at least a criterion for unloading at least one UTG node of the converted observations is satisfied, unloading the UTG nodes corresponding to the satisfied criterion; for each unloaded UTG node, calculating a value of each output CPS parameter of a set of output CPS parameters; and detecting an anomaly in the CPS based on the values of the output CPS parameters.
-
公开(公告)号:US12086236B2
公开(公告)日:2024-09-10
申请号:US17320362
申请日:2021-05-14
申请人: AO Kaspersky Lab
IPC分类号: G06F21/56 , G06F18/214 , G06F18/2413 , G06F21/54 , G06F21/55 , G06N20/00
CPC分类号: G06F21/54 , G06F18/214 , G06F18/24147 , G06F21/554 , G06F21/565 , G06F21/568 , G06N20/00
摘要: Disclosed herein are systems and methods for identifying a cryptor that encodes files of a computer system. An exemplary method comprises, identifying one or more files into which a data entry is performed by a suspect process; for each identified file, determining characteristics of the identified file, identifying classes of file modifications using a trained machine learning model and respective characteristics of the identified file, identifying a suspect process as being associated with the cryptor based on the identified classes of file modification of the file, and protecting the computer system from the cryptor.
-
3.发明公开公开(公告)号:US20240106854A1
公开(公告)日:2024-03-28
申请号:US18524871
申请日:2023-11-30
申请人: AO Kaspersky Lab
IPC分类号: H04L9/40 , G06F18/214 , H04L51/08
CPC分类号: H04L63/145 , G06F18/214 , H04L51/08 , H04L63/1416 , H04L63/1483
摘要: A method creating a heuristic rule to identify Business Email Compromise (BEC) attacks includes filtering text of received email messages, using a first classifier, to extract one or more terms indicative of a BEC attack from the text of the received email messages, wherein the first classifier includes a trained recurrent neural network that includes a language model, generating, using the first classifier, one or more n-grams based on the extracted terms, wherein each of the n-grams characterizes a particular extracted term, generating, using a second classifier, a vector representation of the extracted terms based on the generated n-grams, assigning a weight coefficient to each of the extracted terms, wherein a higher weight coefficient indicates higher relevancy to BEC attack of the corresponding extracted term, and generating a heuristic rule associated with the BEC attack by combining the weight coefficients of a combination of the extracted terms.
-
公开(公告)号:US11934560B2
公开(公告)日:2024-03-19
申请号:US17371457
申请日:2021-07-09
申请人: AO Kaspersky Lab
IPC分类号: G06F21/62
CPC分类号: G06F21/6263 , G06F21/6245 , G06F21/6254
摘要: Disclosed herein are systems and methods for processing personal data by application of policies. In one aspect, an exemplary method comprises, by the network infrastructure component, analyzing communication protocols between an IoT device and the network infrastructure component, identifying at least one field that contains personal data, for each identified field, analyzing the identified field using personal data processing policies uploaded to the network infrastructure component, and applying the personal data policies for enforcement.
-
5.发明公开公开(公告)号:US20240070444A1
公开(公告)日:2024-02-29
申请号:US18361976
申请日:2023-07-31
申请人: AO Kaspersky Lab
发明人: Andrey B. Lavrentyev , Dmitry A. Ivanov , Vyacheslav I. Shkulev , Nikolay N. Demidov , Maxim A. Mamaev , Alexander V. Travov
摘要: Disclosed herein are systems for identifying the structure of patterns and anomalies in flow of events from the cyber-physical system or information system. In one aspect, an exemplary method comprises, using at least one connector, getting event data, generating at least one episode consisting of a sequence of events, and transferring the generated episodes to an event processor; and using the event processor, process episodes using a neurosemantic network, wherein the processing includes recognizing events and patterns previously learned by the neurosemantic network, training the neurosemantic network, identifying a structure of patterns by mapping to the patterns of neurons on a hierarchy of layers of the neurosemantic network, attributing events and patterns corresponding to neurons of the neurosemantic network to an anomaly depending on a number of activations of the corresponding neuron, and storing the state of the neurosemantic network.
-
公开(公告)号:US11916959B2
公开(公告)日:2024-02-27
申请号:US17645530
申请日:2021-12-22
申请人: AO Kaspersky Lab
IPC分类号: H04L9/40
CPC分类号: H04L63/1491
摘要: Systems and methods for building systems of honeypot resources for the detection of malicious objects in network traffic. A system includes at least two gathering tools for gathering data about the computer system on which it is installed, a building tool configured for building at least two virtual environments, each including an emulation tool configured for emulating the operation of the computer system in the virtual environment, and a distribution tool configured for selecting at least one virtual environment for each computer system and for establishing connection between the computer system and the virtual environment.
-
7.发明公开公开(公告)号:US20230409717A1
公开(公告)日:2023-12-21
申请号:US18157861
申请日:2023-01-23
申请人: AO Kaspersky Lab
CPC分类号: G06F21/577 , G06F2221/034 , G06F21/51
摘要: A method for detecting a vulnerability in an operating system based on process and thread data, includes the steps of: detecting one or more launches of one or more threads associated with one or more processes in an operating system (OS); generating a set of privileges based on the detected one or more launches; analyzing the generated set of privileges to identify illegitimate changes in privileges; detecting a vulnerability in the OS using one or more rules for detecting a vulnerability based on the analyzed set of privileges; and isolating a file that exploited the detected vulnerability, in response to detecting the vulnerability.
-
公开(公告)号:US11803393B2
公开(公告)日:2023-10-31
申请号:US16668144
申请日:2019-10-30
申请人: AO Kaspersky Lab
发明人: Ivan I. Tatarinov
IPC分类号: G06F11/34 , G06F3/01 , H04L67/50 , G06F16/338 , G06F9/445 , H04L67/51 , G06F3/0484
CPC分类号: G06F9/445 , G06F3/011 , G06F3/013 , G06F3/0484 , G06F11/3438 , G06F16/338 , H04L67/51 , H04L67/535
摘要: Disclosed herein are systems and method for automatic activation of a service on a computing device. In an exemplary aspect, a service activation module may link, using an activation model, user behavioral data to an automated activation of the service based on the detecting a prior activation of the service subsequent to receiving the user behavioral data. The service activation module may receive, at a later time, additional sensor data from a plurality of sensors of a computing device. The service activation module may parse the additional sensor data to generate additional user behavioral data. The service activation module may compute, using the activation model, a degree of similarity between the user behavioral data and the additional user behavioral data, and in response to determining that the degree of similarity is greater than a predetermined threshold value, may automatically activating the service on the computing device.
-
公开(公告)号:US20230342482A9
公开(公告)日:2023-10-26
申请号:US16673049
申请日:2019-11-04
申请人: AO Kaspersky Lab
CPC分类号: H04L51/12 , G06K9/6215 , G06F21/6209 , G06F21/53 , G06N20/00
摘要: Disclosed herein are systems and method for spam identification. A spam filter module may receive an email at a client device and may determine a signature of the email. The spam filter module may compare the determined signature with a plurality of spam signatures stored in a database. In response to determining that no match exists between the determined signature and the plurality of spam signatures, the spam filter module may placing the email in quarantine. A spam classifier module may extract header information of the email and determine a degree of similarity between known spam emails and the email. In response to determining that the degree of similarity exceeds a threshold, the spam filter module may transfer the email from the quarantine to a spam repository.
-
公开(公告)号:US20230297703A1
公开(公告)日:2023-09-21
申请号:US17939071
申请日:2022-09-07
申请人: AO Kaspersky Lab
发明人: Andrei I Kalegin , Vitaly V. Butuzov , Dmitry N. Glavatskikh , Denis I. Parinov , Alexey M. Romanenko
CPC分类号: G06F21/6209 , G06F21/566 , G06F2221/034
摘要: Disclosed herein are systems and methods for detecting harmful scripts. In one aspect, an exemplary method comprises, identifying a file containing a script, wherein the identification of the file is performed by analyzing each file of a plurality of files for a presence of a harmful script, generating a summary of the script based on the identified file, calculating static and dynamic parameters of the generated summary of the script, recognizing a script programming language based on the calculated static parameters and dynamic parameters of the generated summary of the script using at least one language recognition rule, processing the identified file based on the data about the recognized script programming language, generating a set of hash codes based on a processed file using rules for generating hash codes, and detecting the harmful script when the generated set of hash codes is similar to known harmful sets of hash codes.
-
-
-
-
-
-
-
-
-
搜索结果
401 条记录 (耗时 0.03 秒)
