公开(公告)号：US09773068B2

公开(公告)日：2017-09-26

申请号：US15269096

申请日：2016-09-19

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Andrea G. Forte ,  Baris Coskun ,  Qi Shen ,  Ilona Murynets ,  Jeffrey Bickford ,  Mikhail Istomin ,  Paul Giura ,  Roger Piqueras Jover ,  Ramesh Subbaraman ,  Suhas Mathur ,  Wei Wang

IPC: G06F7/00 ,  G06F17/30 ,  G06Q10/00

CPC classification number: G06F17/30867 ,  G06F17/30554 ,  G06Q10/00

Abstract: A method, non-transitory computer readable medium and apparatus for deriving trustful metadata for an application are disclosed. For example, the method crawls online for the application, analyzes the application to determine a function of the application, and generates trustful meta-data for the application based upon the function of the application.

公开(公告)号：US09641545B2

公开(公告)日：2017-05-02

申请号：US14922744

申请日：2015-10-26

Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.

Inventor： Nathaniel Boggs ,  Wei Wang ,  Baris Coskun ,  Suhas Mathur

IPC: G06F15/173 ,  H04L29/06 ,  H04L12/24 ,  H04W12/12

CPC classification number: H04L63/1425 ,  H04L41/14 ,  H04L63/1416 ,  H04W12/12

Abstract: Anomalies are detected in a network by detecting communication between a plurality of entities and a set of users in the network, determining an overlap between subsets of the set of users that the entities comprising the plurality of entities communicated with, respectively, and determining whether the communication between the plurality of entities and the set of users is anomalous based on the overlap.

公开(公告)号：US09083730B2

公开(公告)日：2015-07-14

申请号：US14099600

申请日：2013-12-06

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Baris Coskun ,  Suhrid Balakrishnan ,  Suhas Mathur

IPC: G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00 ,  H04L29/06

CPC classification number: H04L63/1416 ,  H04L63/14 ,  H04L63/1408 ,  H04L63/1425 ,  H04L2463/146

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to identify an Internet protocol address blacklist boundary. An example method includes identifying a netblock associated with a malicious Internet protocol address, the netblock having a lower boundary and an upper boundary, collecting netflow data associated with a plurality of Internet protocol addresses in the netblock, establishing a first window associated with a lower portion of Internet protocol addresses numerically lower than a candidate Internet protocol address, establishing a second window associated with an upper portion of Internet protocol addresses numerically higher than a candidate Internet protocol address, calculating a breakpoint score based on a comparison between a behavioral profile of the first window and a behavioral profile of the second window, and identifying a first sub-netblock when the breakpoint score exceeds a threshold value.

Abstract translation: 公开了方法，装置，系统和制品以识别因特网协议地址黑名单边界。 示例性方法包括识别与恶意因特网协议地址相关联的网络块，网络块具有下边界和上边界，收集与网络块中的多个因特网协议地址相关联的网络流数据，建立与下部相关联的第一窗口 互联网协议地址数字地低于候选互联网协议地址，建立与互联网协议地址的上部相关联的第二窗口，数字地高于候选互联网协议地址，计算断点得分，基于第一 窗口和第二窗口的行为简档，以及当断点得分超过阈值时识别第一子网块。

公开(公告)号：US20160308837A1

公开(公告)日：2016-10-20

申请号：US15194037

申请日：2016-06-27

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Arati Baliga ,  Xu Chen ,  Baris Coskun ,  Gustavo de los Reyes ,  Seungjoon Lee ,  Suhas Mathur ,  Jacobus Van der Merwe ,  Gang Xu

IPC: H04L29/06 ,  H04W12/08

CPC classification number: H04L63/0272 ,  H04L63/1416 ,  H04L63/145 ,  H04L63/1458 ,  H04W12/08

Abstract: Methods and apparatus to configure virtual private mobile networks are disclosed. Example methods include provisioning a virtual private mobile network within a wireless network, and, after provisioning the virtual private mobile network, determining whether a first communication from a user equipment matches a security event profile. When the first communication matches the profile, the example methods include transmitting, from the wireless network via a first base transceiver station, an instruction to cause the user equipment to be communicatively coupled to the virtual private mobile network. The example methods further include instructing the user equipment to transmit a second communication through a second base transceiver station that is physically separate from the first base transceiver station and through the virtual private mobile network. In the example methods, the virtual private mobile network is isolated in a wireless spectrum from other portions of the network.

Abstract translation: 公开了配置虚拟专用移动网络的方法和装置。 示例性方法包括在无线网络内配置虚拟专用移动网络，并且在配置虚拟专用移动网络之后，确定来自用户设备的第一通信是否匹配安全事件简档。 当第一通信与简档匹配时，示例性方法包括经由第一基站收发器从无线网络发送使得用户设备通信地耦合到虚拟专用移动网络的指令。 示例性方法还包括指示用户设备通过与第一基站收发器物理分离并通过虚拟专用移动网络的第二基站收发器发送第二通信。 在示例性方法中，虚拟专用移动网络在来自网络的其他部分的无线频谱中被隔离。

公开(公告)号：US10193900B2

公开(公告)日：2019-01-29

申请号：US14792938

申请日：2015-07-07

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Baris Coskun ,  Suhrid Balakrishnan ,  Suhas Mathur

IPC: H04L29/06 ,  G06F12/14

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to identify candidate boundaries of Internet protocol addresses associated with a malicious Internet protocol address. An example method includes collecting, with a processor, netflow data associated with the Internet protocol addresses within a netblock having a lower boundary Internet protocol address and an upper boundary Internet protocol address, generating, with the processor, a first window of Internet protocol addresses numerically lower than the malicious Internet protocol address, generating, with the processor, a second window of Internet protocol addresses numerically higher than the malicious Internet protocol address, for respective Internet protocol addresses in the first and second windows, calculating, with the processor, occurrence counts associated with behavior features, and identifying candidate boundaries within the netblock based on divergence values caused by the behavior features.

公开(公告)号：US09203856B2

公开(公告)日：2015-12-01

申请号：US13784410

申请日：2013-03-04

Applicant: AT&T Intellectual Property, I, L.P.

Inventor： Nathaniel Boggs ,  Wei Wang ,  Baris Coskun ,  Suhas Mathur

IPC: G06F15/173 ,  H04L29/06 ,  H04L12/24 ,  H04W12/12

CPC classification number: H04L63/1425 ,  H04L41/14 ,  H04L63/1416 ,  H04W12/12

Abstract: Anomalies are detected in a network by detecting communication between a plurality of entities and a set of users in the network, determining an overlap between subsets of the set of users that the entities comprising the plurality of entities communicated with, respectively, and determining whether the communication between the plurality of entities and the set of users is anomalous based on the overlap.

Abstract translation: 通过检测多个实体和网络中的一组用户之间的通信来检测网络中的异常，确定包括与所通信的多个实体的实体分别相关联的用户组的子集之间的重叠， 基于重叠，多个实体和用户组之间的通信是异常的。

公开(公告)号：US20140250221A1

公开(公告)日：2014-09-04

申请号：US13784410

申请日：2013-03-04

Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.

Inventor： Nathaniel Boggs ,  Wei Wang ,  Baris Coskun ,  Suhas Mathur

IPC: H04L12/26

CPC classification number: H04L63/1425 ,  H04L41/14 ,  H04L63/1416 ,  H04W12/12

Abstract: Anomalies are detected in a network by detecting communication between a plurality of entities and a set of users in the network, determining an overlap between subsets of the set of users that the entities comprising the plurality of entities communicated with, respectively, and determining whether the communication between the plurality of entities and the set of users is anomalous based on the overlap.

Abstract translation: 通过检测多个实体和网络中的一组用户之间的通信来检测网络中的异常，确定组合用户组的子集与包含多个实体的实体分别进行交换，并确定是否 基于重叠，多个实体和用户组之间的通信是异常的。

公开(公告)号：US20170004217A1

公开(公告)日：2017-01-05

申请号：US15269096

申请日：2016-09-19

Applicant: AT&T Intellectual Property I, L.P.

Inventor： ANDREA G. FORTE ,  Baris Coskun ,  Qi Shen ,  Ilona Murynets ,  Jeffrey Bickford ,  Mikhail lstomin ,  Paul Giura ,  Roger Piqueras Jover ,  Ramesh Subbaraman ,  Suhas Mathur ,  Wei Wang

IPC: G06F17/30

CPC classification number: G06F17/30867 ,  G06F17/30554 ,  G06Q10/00

Abstract: A method, non-transitory computer readable medium and apparatus for deriving trustful metadata for an application are disclosed. For example, the method crawls online for the application, analyzes the application to determine a function of the application, and generates trustful meta-data for the application based upon the function of the application.

Abstract translation: 公开了一种用于为应用导出可信赖元数据的方法，非暂时计算机可读介质和装置。 例如，该方法在线应用程序进行爬网，分析应用程序以确定应用程序的功能，并根据应用程序的功能为应用程序生成可信赖的元数据。

公开(公告)号：US20150163235A1

公开(公告)日：2015-06-11

申请号：US14099600

申请日：2013-12-06

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Baris Coskun ,  Suhrid Balakrishnan ,  Suhas Mathur

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L63/14 ,  H04L63/1408 ,  H04L63/1425 ,  H04L2463/146

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to identify an Internet protocol address blacklist boundary. An example method includes identifying a netblock associated with a malicious Internet protocol address, the netblock having a lower boundary and an upper boundary, collecting netflow data associated with a plurality of Internet protocol addresses in the netblock, establishing a first window associated with a lower portion of Internet protocol addresses numerically lower than a candidate Internet protocol address, establishing a second window associated with an upper portion of Internet protocol addresses numerically higher than a candidate Internet protocol address, calculating a breakpoint score based on a comparison between a behavioral profile of the first window and a behavioral profile of the second window, and identifying a first sub-netblock when the breakpoint score exceeds a threshold value.

Abstract translation: 公开了方法，装置，系统和制品以识别因特网协议地址黑名单边界。 示例性方法包括识别与恶意因特网协议地址相关联的网络块，网络块具有下边界和上边界，收集与网络块中的多个因特网协议地址相关联的网络流数据，建立与下部相关联的第一窗口 互联网协议地址数字地低于候选互联网协议地址，建立与互联网协议地址的上部相关联的第二窗口，数字地高于候选互联网协议地址，计算断点得分，基于第一 窗口和第二窗口的行为简档，以及当断点得分超过阈值时识别第一子网块。

公开(公告)号：US10419992B2

公开(公告)日：2019-09-17

申请号：US15231406

申请日：2016-08-08

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Jacobus Van der Merwe ,  Xu Chen ,  Baris Coskun ,  Gustavo de los Reyes ,  Seungjoon Lee ,  Suhas Mathur ,  Arati Baliga ,  Gang Xu

IPC: G06F15/177 ,  H04W36/14 ,  H04L12/24 ,  H04L12/46 ,  H04L12/26 ,  H04L12/801 ,  H04L29/08 ,  H04L12/927 ,  H04L29/06 ,  H04W36/30 ,  H04W88/02

Abstract: Methods and apparatus to migrate a mobile device from a first virtual private mobile network to a second virtual private mobile network are disclosed. An example apparatus includes a processor and a memory including instructions that cause the processor to perform operations including determining, based on a set of latency routing rules, that a communication transmitted via the first virtual private mobile network is a latency sensitive communication. In response to determining the communication is a latency sensitive communication, the mobile device that originated the latency sensitive communication is identified. The mobile device is communicating via the first virtual private mobile network. Example operations also include migrating the mobile device from the first virtual private mobile network to the second virtual private mobile network wherein the second virtual private mobile network is configured to reduce the latency of the latency sensitive communication.