公开(公告)号：US20240414196A1

公开(公告)日：2024-12-12

申请号：US18809079

申请日：2024-08-19

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Srivathsan Srinivasagopalan ,  Ganesh Subramaniam

IPC: H04L9/40

Abstract: A method includes acquiring a plurality of hypertext transfer protocol (HTTP) session packets associated with activities of a plurality of known Trojans, wherein all of the Trojans are identified by a common signature identifier, extracting a plurality of request packets from the session packets, identifying a plurality of suspicious request packets within the plurality of request packets, grouping the plurality of suspicious request packets into a plurality of subsets, computing a centroid of one subset of the plurality of subsets, identifying a representative packet for the subset, wherein the representative packet is identified based on the centroid, and generating a signature for the one subset, based on the representative packet, wherein the signature is deployable by an intrusion detection system to detect an instance of a Trojan of the plurality of known Trojans.

公开(公告)号：US20230412622A1

公开(公告)日：2023-12-21

申请号：US17842940

申请日：2022-06-17

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Srivathsan Srinivasagopalan ,  Ganesh Subramaniam ,  Robert Archibald

IPC: H04L9/40 ,  G06N20/20

CPC classification number: H04L63/1425 ,  G06N20/20

Abstract: Aspects of the subject disclosure may include, for example, obtaining a first group of Internet Protocol (IP) addresses from a group of network devices, and determining a second group of IP addresses from the first group of IP addresses includes possible malicious IP addresses utilizing a machine learning application. Further embodiments can include obtaining a first group of attributes of malicious IP addresses from a first repository, and determining a third group of IP addresses from the second group of IP addresses includes possible malicious IP addresses based on the first group of attributes. Additional embodiments can include receiving user-generated input indicating a fourth group of IP addresses from the third group of IP addresses includes possible malicious IP addresses, and transmitting a notification to a group of communication devices indicating that the fourth group of IP address includes possible malicious IP addresses. Other embodiments are disclosed.

公开(公告)号：US20230396645A1

公开(公告)日：2023-12-07

申请号：US17805025

申请日：2022-06-01

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Srivathsan Srinivasagopalan ,  Ganesh Subramaniam

IPC: H04L9/40

CPC classification number: H04L63/145 ,  H04L63/1416

Abstract: A method includes acquiring a plurality of hypertext transfer protocol (HTTP) session packets associated with activities of a plurality of known Trojans, wherein all of the Trojans are identified by a common signature identifier, extracting a plurality of request packets from the session packets, identifying a plurality of suspicious request packets within the plurality of request packets, grouping the plurality of suspicious request packets into a plurality of subsets, computing a centroid of one subset of the plurality of subsets, identifying a representative packet for the subset, wherein the representative packet is identified based on the centroid, and generating a signature for the one subset, based on the representative packet, wherein the signature is deployable by an intrusion detection system to detect an instance of a Trojan of the plurality of known Trojans.

公开(公告)号：US12261865B2

公开(公告)日：2025-03-25

申请号：US17842940

申请日：2022-06-17

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Srivathsan Srinivasagopalan ,  Ganesh Subramaniam ,  Robert Archibald

IPC: H04L9/40 ,  G06N20/20

Abstract: Aspects of the subject disclosure may include, for example, obtaining a first group of Internet Protocol (IP) addresses from a group of network devices, and determining a second group of IP addresses from the first group of IP addresses includes possible malicious IP addresses utilizing a machine learning application. Further embodiments can include obtaining a first group of attributes of malicious IP addresses from a first repository, and determining a third group of IP addresses from the second group of IP addresses includes possible malicious IP addresses based on the first group of attributes. Additional embodiments can include receiving user-generated input indicating a fourth group of IP addresses from the third group of IP addresses includes possible malicious IP addresses, and transmitting a notification to a group of communication devices indicating that the fourth group of IP address includes possible malicious IP addresses. Other embodiments are disclosed.

公开(公告)号：US12069085B2

公开(公告)日：2024-08-20

申请号：US17805025

申请日：2022-06-01

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Srivathsan Srinivasagopalan ,  Ganesh Subramaniam

IPC: H04L9/40

CPC classification number: H04L63/145 ,  H04L63/1416

Abstract: A method includes acquiring a plurality of hypertext transfer protocol (HTTP) session packets associated with activities of a plurality of known Trojans, wherein all of the Trojans are identified by a common signature identifier, extracting a plurality of request packets from the session packets, identifying a plurality of suspicious request packets within the plurality of request packets, grouping the plurality of suspicious request packets into a plurality of subsets, computing a centroid of one subset of the plurality of subsets, identifying a representative packet for the subset, wherein the representative packet is identified based on the centroid, and generating a signature for the one subset, based on the representative packet, wherein the signature is deployable by an intrusion detection system to detect an instance of a Trojan of the plurality of known Trojans.