公开(公告)号：US11665195B2

公开(公告)日：2023-05-30

申请号：US16949864

申请日：2020-11-17

Applicant: Barracuda Networks, Inc.

Inventor： Mohamed Hosam Afifi Ibrahim ,  Marco Schweighauser ,  Asaf Cidon

IPC: H04L29/06 ,  H04L9/40 ,  G06F9/54 ,  G06N5/02 ,  H04L51/046 ,  H04L51/212

CPC classification number: H04L63/1466 ,  G06F9/546 ,  G06N5/02 ,  H04L51/046 ,  H04L51/212 ,  H04L63/1416

Abstract: A new approach is proposed to support account takeover (ATO) detection based on login attempts by users. The approach relies on assessing fraudulence confidence level of login IP addresses to classify the login attempts by the users. A plurality of attributes/features in one or more user login data logs are extracted and used to build a labeled dataset for training a machine learning (ML) model that relies on statistics of the login attempts to classify and detect fraudulent logins. These attributes make it possible to ascertain if a login attempt or instance by a user is suspicious based on the ML model. In some embodiments, the ML model is trained using anonymized user login data to preserve privacy of the users and a proper level of data anonymization is determined based on the ML model's accuracy in detecting the ATO attacks when trained with different versions of the anonymized data.

公开(公告)号：US20160246972A1

公开(公告)日：2016-08-25

申请号：US15147277

申请日：2016-05-05

Applicant: BARRACUDA NETWORKS, INC.

Inventor： Asaf Cidon ,  Israel Cidon ,  Lior Gavish ,  Prabandham Madan Gopal ,  Chandrashekhar Shetty

IPC: G06F21/60 ,  G06F21/62 ,  H04L29/06

CPC classification number: G06F21/602 ,  G06F17/30091 ,  G06F17/30194 ,  G06F21/62 ,  G06F21/6209 ,  G06F21/6218 ,  H04L63/0428

Abstract: An approach is proposed that contemplates systems, methods, and computer-readable storage mediums to support receiving, from a computerized system, a first encrypted file entity key and signed access metadata, wherein the first encrypted file entity key is created by encrypting a file entity key using a first encryption key, the signed access metadata is signed by the file entity key and the encrypted file entity is created by encrypting a file entity using the file entity key. The approach then determines whether to facilitate the decryption of the encrypted file entity by the computerized system and sends a second encrypted file entity key to the computerized system if it is determined to facilitate the decryption. The approach prevents the computerized system to decrypt the encrypted file entity if it is determined not to facilitate the decryption of the encrypted file entity by the computerized system.

Abstract translation: 提出了一种考虑系统，方法和计算机可读存储介质以支持从计算机系统接收第一加密文件实体密钥和签名的访问元数据的方法，其中通过加密文件实体来创建第一加密文件实体密钥 密钥使用第一加密密钥，签名的访问元数据由文件实体密钥签名，并且通过使用文件实体密钥加密文件实体来创建加密的文件实体。 该方法然后确定是否便利计算机化系统对加密文件实体进行解密，并且如果确定促进解密，则将第二加密文件实体密钥发送到计算机化系统。 如果确定不方便计算机化系统对加密文件实体的解密，则该方法防止计算机化系统解密加密文件实体。

公开(公告)号：US11563757B2

公开(公告)日：2023-01-24

申请号：US16949863

申请日：2020-11-17

Applicant: Barracuda Networks, Inc.

Inventor： Mohamed Hosam Afifi Ibrahim ,  Marco Schweighauser ,  Asaf Cidon

IPC: H04L29/06 ,  H04L9/40

Abstract: A new approach is proposed to support account takeover (ATO) detection based on login attempts by users. The approach relies on assessing fraudulence confidence level of login IP addresses to classify the login attempts by the users. A plurality of attributes/features in one or more user login data logs are extracted and used to build a labeled dataset for training a machine learning (ML) model that relies on statistics of the login attempts to classify and detect fraudulent logins. These attributes make it possible to ascertain if a login attempt or instance by a user is suspicious based on the ML model. In some embodiments, the ML model is trained using anonymized user login data to preserve privacy of the users and a proper level of data anonymization is determined based on the ML model's accuracy in detecting the ATO attacks when trained with different versions of the anonymized data.

公开(公告)号：US11159565B2

公开(公告)日：2021-10-26

申请号：US16947074

申请日：2020-07-16

Applicant: Barracuda Networks, Inc.

Inventor： Marco Schweighauser ,  Lior Gavish ,  Itay Bleier ,  Asaf Cidon

IPC: H04L29/06 ,  G06F9/54 ,  G06N5/02 ,  H04L12/58

Abstract: A new approach is proposed that contemplates systems and methods to support email account takeover detection and remediation by utilizing an artificial intelligence (AI) engine/classifier that detects and remediates such attacks in real time. The AI engine is configured to continuously monitor and identify communication patterns of a user on an electronic messaging system of an entity via application programming interface (API) calls. The AI engine is then configured to collect and utilize a variety of features and/or signals from an email sent from an internal email account of the entity. The AI engine combines these signals to automatically detect whether the email account has been compromised by an external attacker and alert the individual user of the account and/or a system administrator accordingly in real time. The AI engine further enables the parties to remediate the effects of the compromised email account by performing one or more remediating actions.

公开(公告)号：US09373001B2

公开(公告)日：2016-06-21

申请号：US14203683

申请日：2014-03-11

Applicant: Barracuda Networks, Inc.

Inventor： Asaf Cidon ,  Israel Cidon ,  Lior Gavish ,  Prabandham Madan Gopal ,  Chandrashekhar Shetty

IPC: G06F7/00 ,  G06F17/30 ,  G06F21/62

CPC classification number: G06F21/602 ,  G06F17/30091 ,  G06F17/30194 ,  G06F21/62 ,  G06F21/6209 ,  G06F21/6218 ,  H04L63/0428

Abstract: System, computer readable medium and method for decryption. The method may include receiving, by a third computerized system and from a fourth computerized system, a first encrypted file entity key and signed access metadata. The first encrypted file entity key is created by encrypting a file entity key by a first computerized system using an encryption key of a second computerized system. The signed access metadata is signed by the file entity key. The encrypted file entity is created by encrypting a file entity by the first computerized system using the file entity key. Sending, by the third computerized system, the signed access metadata and the first encrypted file entity key to the second computerized system. Receiving a response from the second computerized system. Determining, based on the response from the second computerized system, whether to facilitate a decryption of the encrypted file entity by the fourth computerized entity.

Abstract translation: 系统，计算机可读介质和解密方法。 该方法可以包括由第三计算机系统和第四计算机化系统接收第一加密文件实体密钥和签名的访问元数据。 通过使用第二计算机化系统的加密密钥由第一计算机化系统加密文件实体密钥来创建第一加密文件实体密钥。 签名的访问元数据由文件实体密钥签名。 通过使用文件实体密钥通过第一计算机化系统加密文件实体来创建加密的文件实体。 由第三计算机化系统将签名的访问元数据和第一加密文件实体密钥发送到第二计算机化系统。 接收第二台计算机化系统的响应。 基于来自第二计算机化系统的响应确定是否便利第四计算机化实体对加密文件实体的解密。

公开(公告)号：US20210075824A1

公开(公告)日：2021-03-11

申请号：US16949864

申请日：2020-11-17

Applicant: Barracuda Networks, Inc.

Inventor： Mohamed Hosam Afifi Ibrahim ,  Marco Schweighauser ,  Asaf Cidon

IPC: H04L29/06 ,  G06F9/54 ,  H04L12/58 ,  G06N5/02

Abstract: A new approach is proposed to support account takeover (ATO) detection based on login attempts by users. The approach relies on assessing fraudulence confidence level of login IP addresses to classify the login attempts by the users. A plurality of attributes/features in one or more user login data logs are extracted and used to build a labeled dataset for training a machine learning (ML) model that relies on statistics of the login attempts to classify and detect fraudulent logins. These attributes make it possible to ascertain if a login attempt or instance by a user is suspicious based on the ML model. In some embodiments, the ML model is trained using anonymized user login data to preserve privacy of the users and a proper level of data anonymization is determined based on the ML model's accuracy in detecting the ATO attacks when trained with different versions of the anonymized data.

公开(公告)号：US20190028509A1

公开(公告)日：2019-01-24

申请号：US15693318

申请日：2017-08-31

Applicant: BARRACUDA NETWORKS, INC.

Inventor： Asaf Cidon ,  Lior Gavish ,  Michael Perone

IPC: H04L29/06 ,  H04W12/12 ,  G06N5/04 ,  H04L12/58

Abstract: A new approach is proposed to support communication fraud detection and prevention by utilizing an artificial intelligence (AI) engine that detects and blocks impersonation attacks in real time. The AI engine automatically collects all historical electronic messages of each individual user in the entity on an electronic messaging system via an application programming interface (API) call to the electronic messaging system. The AI engine then analyzes the collected electronic messages for a plurality of features to identify unique communication patterns of users in the entity via AI-based classification. When one or more related incoming messages are retrieved in real time, the identified communication patterns are utilized to detect anomalous signals in metadata and/or content of the incoming messages. The AI engine then identifies with a high degree of accuracy whether the incoming messages are part of an impersonation attack based on the detected anomalous signals.

公开(公告)号：US20210090816A1

公开(公告)日：2021-03-25

申请号：US16949863

申请日：2020-11-17

Applicant: Barracuda Networks, Inc.

Inventor： Mohamed Hosam Afifi Ibrahim ,  Marco Schweighauser ,  Asaf Cidon

IPC: H01G9/20 ,  H01L51/42 ,  H01L51/44 ,  H01L51/00

Abstract: A new approach is proposed to support account takeover (ATO) detection based on login attempts by users. The approach relies on assessing fraudulence confidence level of login IP addresses to classify the login attempts by the users. A plurality of attributes/features in one or more user login data logs are extracted and used to build a labeled dataset for training a machine learning (ML) model that relies on statistics of the login attempts to classify and detect fraudulent logins. These attributes make it possible to ascertain if a login attempt or instance by a user is suspicious based on the ML model. In some embodiments, the ML model is trained using anonymized user login data to preserve privacy of the users and a proper level of data anonymization is determined based on the ML model's accuracy in detecting the ATO attacks when trained with different versions of the anonymized data.

公开(公告)号：US10778717B2

公开(公告)日：2020-09-15

申请号：US16363596

申请日：2019-03-25

Applicant: Barracuda Networks, Inc.

Inventor： Marco Schweighauser ,  Lior Gavish ,  Itay Bleier ,  Asaf Cidon

IPC: H04L29/06 ,  G06F9/54 ,  H04L12/58 ,  G06N5/02

Abstract: A new approach is proposed that contemplates systems and methods to support email account takeover detection and remediation by utilizing an artificial intelligence (AI) engine/classifier that detects and remediates such attacks in real time. The AI engine is configured to continuously monitor and identify communication patterns of a user on an electronic messaging system of an entity via application programming interface (API) calls. The AI engine is then configured to collect and utilize a variety of features and/or signals from an email sent from an internal email account of the entity. The AI engine combines these signals to automatically detect whether the email account has been compromised by an external attacker and alert the individual user of the account and/or a system administrator accordingly in real time. The AI engine further enables the parties to remediate the effects of the compromised email account by performing one or more remediating actions.

公开(公告)号：US20190028499A1

公开(公告)日：2019-01-24

申请号：US15693353

申请日：2017-08-31

Applicant: BARRACUDA NETWORKS, INC.

Inventor： Asaf Cidon ,  Lior Gavish ,  Michael Perone

IPC: H04L29/06 ,  G06F9/54 ,  G06F21/53 ,  G06N5/04 ,  G06N99/00

Abstract: A new approach is proposed to support anti-fraud user training and protection by identifying and training individuals within an entity who are at high risk of being targeted in an impersonating attack. An AI engine automatically collects historical electronic messages of each individual in the entity on an electronic messaging system via an application programming interface (API) call. The AI engine then analyzes contents the collected historical electronic messages and calculates a security score for each individual via AI-based classification. The AI engine identifies high-risk individuals within the entity based on their security scores and launches simulated impersonating attacks against these individuals to test their security awareness. The AI engine then collects and analyzes responses to the simulated attacks by those high-risk individuals in real time to identify issues in the responses and to take corresponding actions to prevent the high-risk individuals from suffering damages in case of real attacks.