公开(公告)号：US12113812B2

公开(公告)日：2024-10-08

申请号：US17842714

申请日：2022-06-16

Applicant: BULL SAS

Inventor： Ravi Raman ,  Vinod Vasudevan ,  Harshvardhan Parmar

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/1425 ,  H04L63/145 ,  H04L63/20

Abstract: A method for detecting malware penetrating a network by identifying anomalous communication between at least two systems of the network, carried out by a computer. For each unique combination of Source IP address and destination IP address, the method includes considering a past period, considering the network flow logs stored during said past period, calculating values of a metric based on data of the network flow logs within the past period and at a given frequency, calculating a baseline which consists in calculating an IQR of all metric values calculated during the past period, determining an outlier threshold from the baseline, considering a current period, calculating a new IQR of all metric values calculated during the current period, and classifying the communication between the two systems of the unique combination as an anomalous communication if the IQR of the current period is greater than the outlier threshold.

公开(公告)号：US12199845B2

公开(公告)日：2025-01-14

申请号：US18356447

申请日：2023-07-21

Applicant: BULL SAS

Inventor： Vinod Vasudevan ,  Ravi Raman

IPC: H04L29/08 ,  H04L29/06 ,  H04L43/04 ,  H04L61/5007 ,  H04L9/08

Abstract: The invention relates to an edge-based log collecting device for collecting logs from several log sources located in a remote network, called edge-network, and sending the logs to a cloud-based system distant from the edge-network. The device is located in the edge-network, and the device includes several processing nodes for processing logs received from the log sources and sending them to said the system. The device is configured to elect, according to a predetermined election algorithm, one of the processing nodes as a master node configured for receiving the logs from all log sources of the local network, and sharing the logs with the other processing nodes. The invention further relates to a computer program and a device configured to carry out such a method.

公开(公告)号：US12184673B2

公开(公告)日：2024-12-31

申请号：US17851183

申请日：2022-06-28

Applicant: BULL SAS

Inventor： Ravi Raman ,  Vinod Vasudevan

IPC: H04L9/40 ,  G06F17/18

Abstract: A method for detecting malicious connections from remote users into a computer network through Remote Desktop protocol via a computer having access to login logs of users. The method includes defining aspects, each divided into bins comprising a day of week aspect comprising n1 bins, a time of day aspect comprising n2 bins, a number of logins in a day aspect comprising n3 bins. The method includes defining a model based on the aspects and providing a score of log for each user; defining a baseline of log; applying the model on each user log to determine a production score of log and comparing the production score of log with respect to the baseline. The model includes calculating a probability density for each bin for each user, determining a weight for each aspect and calculating the score of log from the probability density weighted by the weight for each user.