-
公开(公告)号:US11562076B2
公开(公告)日:2023-01-24
申请号:US16323084
申请日:2017-07-25
发明人: Fadi El-Moussa , Ian Herwono
摘要: A computer implemented method to mitigate a security attack against a target virtual machine (VM) in a virtualized computing environment, the target VM having a target VM configuration including configuration parameters, and the security attack exhibiting a particular attack characteristic, is disclosed.
-
公开(公告)号:US11423144B2
公开(公告)日:2022-08-23
申请号:US16319391
申请日:2017-07-31
发明人: Fadi El-Moussa , Ian Herwono
IPC分类号: G06F21/55 , G06F16/22 , G06F9/455 , G06F21/56 , G06F21/57 , G06N3/08 , G06F16/901 , G06N3/04
摘要: A computer implemented method to mitigate a security attack against a target virtual machine (VM) in a virtualized computing environment, the target VM having a target VM configuration including configuration parameters, and the security attack exhibiting a particular attack characteristic, is disclosed.
-
公开(公告)号:US11449604B2
公开(公告)日:2022-09-20
申请号:US17593805
申请日:2020-03-18
发明人: Ian Herwono , Fadi El-Moussa
摘要: A method of computer security for a host computer system in communication with remote computer systems, including generating an attack map as a directed graph data structure modelling individual events leading to an exploitation of the host computer system and collecting a log of each of a plurality of attack events occurring at the host including network packets involved in each attack event, the attack map being generated in a training phase of the host computer system in which the host is subjected to attacks by one or more attacking remote computer systems, using stacked autoencoders to extract features from the log event in each attack; generating a directed graph representation based on each of the extracted features, using the attack map to identify a sequence of events indicative of an attack, and responsive to the identification, deploying one or more security facilities to mitigate the attack.
-
公开(公告)号:US11436320B2
公开(公告)日:2022-09-06
申请号:US17593800
申请日:2020-03-18
发明人: Ian Herwono , Fadi El-Moussa
摘要: A method of computer security for a host computer system in communication with remote computer systems, including generating an attack map as a directed graph data structure modelling individual events leading to an exploitation of the host computer system and collecting a log of each of a plurality of attack events occurring at the host including network packets involved in each attack event, the attack map being generated in a training phase of the host computer system in which the host is subjected to attacks by one or more attacking remote computer systems; using stacked autoencoders to extract features from the log event in each attack; generating a directed graph representation based on each of the extracted features; and responsive to an occurrence of a new attack in the host computer system, triggering the regeneration of the attack map including additional events generated in respect of the new attack.
-
公开(公告)号:US11159549B2
公开(公告)日:2021-10-26
申请号:US16086230
申请日:2017-03-03
发明人: Fadi El-Moussa , Ian Herwono
IPC分类号: H04L29/06
摘要: A computer implemented method to identify a computer security threat based on communication via a computer network including receiving a definition of acceptable network communication characteristics for each of a plurality of communication protocols; receiving a set of security events for the communication, each security event including network communication characteristics for the communication; for each security event in the set of security events: a) identifying a communication protocol associated with the event; b) detecting deviations of network communication characteristics of the event from the acceptable network communication characteristics for the identified communication protocol; and c) generating a record of each deviation identifying a communication characteristic for which the deviation is detected, and identifying a computer security threat for the communication based on the records generated for the set of security events.
-
公开(公告)号:US09870470B2
公开(公告)日:2018-01-16
申请号:US14781185
申请日:2014-03-31
发明人: Ian Herwono , Zhan Cui , Ben Azvine , Martin Brown , Karl Smith
CPC分类号: G06F21/554 , G06F2221/034 , H04L63/1408 , H04L63/1416 , H04L63/1458
摘要: A multi-stage event detector for monitoring a system to detect the occurrence of multistage events in the monitored system, the multi-stage event detector includes: one or more event detecting detector units (142, 144) for detecting observable events occurring on the monitored system; one or more parameter generating detector units (152, 154) for generating parameter values which vary over time dependent on the behavior of the monitored system; a hidden state determiner (120) for determining a likely sequence of states of interest of the system based on the outputs of the one or more event detecting detector units; and a transition determiner (130) for determining a likely transition occurrence based on a comparison of a set of values of a parameter or set of parameters generated by one or more of the one or more parameter generating detector units with a plurality of pre-specified functions or sets of values of a corresponding parameter or set of parameters associated with different transition occurrences.
-
公开(公告)号:US11533333B2
公开(公告)日:2022-12-20
申请号:US15733663
申请日:2019-03-19
发明人: Xiao-Si Wang , Zhan Cui , Ian Herwono
IPC分类号: H04L9/40
摘要: A computer implemented method of protecting a target subnet, including a set of network connected devices in a hierarchy of subnets of a computer network, from malware attack. The method includes generating a dynamical system for each subnet in the network, each dynamical system modelling a rate of change of a number of network connected devices in the subnet that are: susceptible to infection by the malware; infected by the malware; protected against infection by the malware; and remediated of infection by the malware. The dynamical systems are based on rates of transmission of the malware between pairs of subnets; evaluating a measure of risk of infection of the target subnet at a predetermined point in time based on the dynamical system for the target subnet; and responsive to the measure of risk meeting a predetermined threshold, deploying malware protection measures to devices in the target subnet.
-
公开(公告)号:US11470109B2
公开(公告)日:2022-10-11
申请号:US15733664
申请日:2019-03-19
发明人: Xiao-Si Wang , Zhan Cui , Ian Herwono
摘要: A computer implemented method of protecting a portion of a computer network from malware attack, the computer network including a network connected devices organized into hierarchical subnets modelled by a tree data structure in which each subnet is represented as a node in the tree, each node having a connection to parent node save for a root node, the method including performing protective actions on devices in subnets associated with a first subset of nodes to provide protection against the malware, prioritizing devices in the subnets associated with a second subset of nodes so as to provide a barrier of subnets protected against the malware to impede the propagation of the malware to devices in subnets associated with each of the first subset of nodes.
-
公开(公告)号:US10482245B2
公开(公告)日:2019-11-19
申请号:US15677363
申请日:2017-08-15
发明人: Fadi El-Moussa , Ian Herwono
摘要: A computer implemented method to determine a configuration of a target virtual machine (VM) in a virtualized computing environment to protect against a security attack exhibiting a particular attack characteristic.
-
公开(公告)号:US11477225B2
公开(公告)日:2022-10-18
申请号:US17593802
申请日:2020-03-18
发明人: Ian Herwono , Fadi El-Moussa
摘要: A method of computer security for a host computer system in communication with remote computer systems includes generating an attack map modelling individual events leading to an exploitation of the host computer system by collecting a log of each of a plurality of attack events occurring at the host, using stacked autoencoders to extract features from the log event in each attack, and generating a directed graph representation based on each of the extracted features. The method further includes determining a subset of nodes in the attack map corresponding to events in one or more attacks, determining a component of the host computer system involved in each attack event represented by each of the nodes in the subset, and deploying one or more security facilities at each of the determined components of the host computer system so as to mitigate attacks according to each of the attack patterns.
-
-
-
-
-
-
-
-
-
搜索结果
15 条记录 (耗时 0.016 秒)
