-
公开(公告)号:US11736353B2
公开(公告)日:2023-08-22
申请号:US17843651
申请日:2022-06-17
IPC分类号: G06F15/173 , H04L41/08 , G06F18/22 , H04L41/0816 , H04L41/12
CPC分类号: H04L41/0886 , G06F18/22 , H04L41/0816 , H04L41/12
摘要: A method for identifying devices in a computer network includes collecting data points including device related parameters/information from a device accessing network resources, determining a string distance between the set of collected data points with the data sets collected from previously known network devices and selecting the smallest string distance value and/or highest similarity score. If the determined string distance to the data set of the closest device exceeds a threshold value, the device accessing the network resources is new and its entry can be created. If the determined string distance is under a predetermined threshold value, it is determined that the device accessing the network resources is the device having the closest string distance value to the collected set of data points, and the values in a database and/or the network element of the previously known device can be updated based on the collected set of data points.
-
公开(公告)号:US11606368B2
公开(公告)日:2023-03-14
申请号:US16679980
申请日:2019-11-11
申请人: F-Secure Corporation
发明人: Matti Aksela , Mika Stahlberg
摘要: A method including: establishing an internal swarm intelligence network including security agent modules of a plurality of interconnected network nodes of a local computer network, collecting data related to the respective network nodes, sharing information based on the collected data in the established internal swarm intelligence network, and using the collected data and information received from the internal swarm intelligence network for generating and adapting models related to the respective network node nodes. In case a new threat is identified, the threat is verified and contained, a new threat model is generated and the generated new threat model is shared. The security alert and/or the generated new threat model is transmitted to a security service network for enabling the security service network to share the received security alert and/or the new threat model.
-
公开(公告)号:US11451584B2
公开(公告)日:2022-09-20
申请号:US16427470
申请日:2019-05-31
申请人: F-Secure Corporation
发明人: Mikko Suominen
IPC分类号: H04L9/40
摘要: A method of protecting a computer system against remote exploitation attacks performed over a network to which the computer system is connected. The method includes: a) identifying a network connection that is not associated with a successful authentication and which carries a traffic level in excess of a predefined threshold; b) reporting the identified network connection as a real or potential remote exploitation attack; and c) taking an action or actions to mitigate against the real or potential remote exploitation attack.
-
公开(公告)号:US11449610B2
公开(公告)日:2022-09-20
申请号:US16356431
申请日:2019-03-18
申请人: F-Secure Corporation
摘要: There is provided a method of detecting a threat against a computer system. The method includes monitoring installation and operation of multiple different versions of the same application in a computer system; analysing evolutionary changes between the behaviours of the different versions of the same application; detecting and monitoring a new version of the same application in a computer system; monitoring the behavior of the computer system to detect one or more procedures of the monitored application that do not match expected behaviors of the monitored application on the basis of the analysis; and upon detection of one or more procedures not matching the expected behaviors of the monitored application, identifying the monitored application as malicious or suspicious.
-
公开(公告)号:US20220191224A1
公开(公告)日:2022-06-16
申请号:US17550094
申请日:2021-12-14
申请人: F-Secure Corporation
发明人: Mika STÅHLBERG , Matti AKSELA
IPC分类号: H04L9/40
摘要: A network node of a threat detection network, a backend server of a threat detection network, a threat detection network and a threat detection method in a threat detection network. The threat detection network comprises interconnected network nodes and a backend system, wherein at least part of the nodes comprise security agent modules which collect data related to the respective network node. The method comprises collecting and/or analyzing at the network node data related to a network node, generating at least one local behavior model at the network node related to the network node on the basis of the collected and/or analyzed data, sharing at least one generated local behavior model related to the network node with one or more other nodes and/or with the backend system, comparing user activity in a node to the generated local behavior model and/or a received behavior model, and alerting the backend and/or the other nodes, e.g. about anomalous behavior, if deviation from the generated local behavior model and/or the received behavior model is detected, and/or comparing at the backend system the anomalous data with other behavior models, e.g. with other behavior models in the same organization and/or behavior models of known malicious users, and sending from the backend system to the node results and/or data relating to the comparison.
-
公开(公告)号:US11265335B2
公开(公告)日:2022-03-01
申请号:US16452748
申请日:2019-06-26
申请人: F-Secure Corporation
发明人: Jarno Niemela
摘要: A method comprising: monitoring events collected from a plurality of network nodes; detecting a first suspicious event among the monitored events by a detection mechanism; monitoring the behaviour of the first suspicious event and any related events; in case the monitored first suspicious event and/or a related event is detected to perform an activity triggering an IOC (indicator of compromise, generating a new IOC; monitoring new events when the activity ends; comparing the behaviour of the new events with the behaviour of the generated IOC; in case a matching behaviour is found, merging the new event with the first suspicious event and/or related events related to the generated IOC; and generating a security related decision on the basis of the IOC.
-
公开(公告)号:US11245666B2
公开(公告)日:2022-02-08
申请号:US16452752
申请日:2019-06-26
申请人: F-Secure Corporation
摘要: A method including collecting and aligning raw data from a plurality of network nodes, wherein dissimilar data types are aligned as input events; filtering the input events by discarding events and/or parts of events that are detected to be equal or similar to previously observed events or events and/or parts of events found to be redundant by using predetermined criteria; separating processing of the input events into event aggregation and event enrichment processes, wherein the event aggregation process includes processing all the input events for generating aggregated events, and the event enrichment process includes processing only events passed by the filtering and the aggregated events from the event aggregation process; and analysing the data received from the event enrichment process for generating a security related decision.
-
公开(公告)号:US11188644B2
公开(公告)日:2021-11-30
申请号:US16356555
申请日:2019-03-18
申请人: F-Secure Corporation
发明人: Pavel Turbin , Dmitrii Tikhonov , Grigori Eskov , Janne Laaksonen
摘要: There is provided a method for application behaviour control on a computer system. The method includes grouping applications into a set of clusters, wherein each application is grouped to a specific cluster on the basis of predefined event profiles for applications in the specific cluster; monitoring procedures that a specific cluster performs on one or more computer devices; and generating a list of expected events and prohibited events of the specific cluster based on monitoring for enabling the one or more client computer devices and/or an administrator of the one or more client computer devices to take further action related to the applications installed on the one or more client computer devices.
-
公开(公告)号:US11080342B2
公开(公告)日:2021-08-03
申请号:US14412717
申请日:2013-06-25
申请人: F-Secure Corporation
IPC分类号: G06F16/951 , G06F16/9535 , G06F16/908 , G06F16/953 , G06F21/62
摘要: In accordance with an example embodiment of the present invention, there is provided an apparatus, including at least one processor; and at least one memory including computer program code the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following: detecting a listing of web content elements provided by a web search engine, the web content elements relating to web pages retrieved by the web search engine; analyzing one or more web content elements of the detected listing; and categorizing the content of one or more web pages on the basis of the analysis.
-
公开(公告)号:US11030309B2
公开(公告)日:2021-06-08
申请号:US16223525
申请日:2018-12-18
申请人: F-Secure Corporation
发明人: Jarno Niemelä
摘要: There is provided a method of detecting a threat against a computer system. The method comprises: creating a modular representation of behavior of known applications on the basis of sub-components of a set of known applications; entering the modular representation to an evolutionary analysis system for generating previously unknown combinations of the procedures; storing the generated previously unknown combinations as candidate descendants of known applications to a future threat candidate database; monitoring the behavior of the computer system to detect one or more procedures matching the behavior of a stored candidate descendant in the future threat candidate database; and upon detection of one or more procedures matching the behavior of the stored candidate descendant and if the stored candidate descendant is determined to be malicious or suspicious, identifying the running application as malicious or suspicious.
-
-
-
-
-
-
-
-
-
搜索结果
212 条记录 (耗时 0.04 秒)
