公开(公告)号：US11902305B2

公开(公告)日：2024-02-13

申请号：US18111580

申请日：2023-02-19

Applicant: Charter Communications Operating, LLC

Inventor： Pratik Lotia ,  Charles Manser

IPC: H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/1425 ,  H04L63/1458 ,  H04L63/1483

Abstract: Method and systems for detecting and mitigating a malicious bot. Threat information is obtained, the threat information identifying one or more indicators of compromise (IOC) corresponding to suspected or known malicious network traffic. A control list (CL) corresponding to the threat information is generated, the CL describing rules for identifying network flows to be logged in a network log. The network log identifying the network flows is obtained and a suspect network flow identified by both the threat information and the network log is identified. An address corresponding to the suspect network flow is identified and the address is correlated with a user identifier. A notification is issued to a user associated with the user identifier, the notification indicating a suspected existence of a malicious bot.

公开(公告)号：US20230199009A1

公开(公告)日：2023-06-22

申请号：US18111580

申请日：2023-02-19

Applicant: Charter Communications Operating, LLC

Inventor： Pratik Lotia ,  Charles Manser

IPC: H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/1458 ,  H04L63/1425 ,  H04L63/1483

Abstract: Method and systems for detecting and mitigating a malicious bot. Threat information is obtained, the threat information identifying one or more indicators of compromise (IOC) corresponding to suspected or known malicious network traffic. A control list (CL) corresponding to the threat information is generated, the CL describing rules for identifying network flows to be logged in a network log. The network log identifying the network flows is obtained and a suspect network flow identified by both the threat information and the network log is identified. An address corresponding to the suspect network flow is identified and the address is correlated with a user identifier. A notification is issued to a user associated with the user identifier, the notification indicating a suspected existence of a malicious bot.

公开(公告)号：US20220103576A1

公开(公告)日：2022-03-31

申请号：US17035656

申请日：2020-09-28

Applicant: Charter Communications Operating, LLC

Inventor： Richard A. Compton ,  Pratik Lotia ,  Kevin Brady

IPC: H04L29/06 ,  H04L12/24

Abstract: One or more network tests for a network are selected, wherein the selected one or more network tests simulate an attempt to establish an anomalous network configuration. A network configuration update is generated based on the selected one or more network tests and the network configuration update is issued to a network-based device. A performance of the network is monitored for establishment of the anomalous network configuration in response to the network configuration update and a configuration of the network is revised based on the monitored performance of the network, to mitigate the establishment of the anomalous network configuration.

公开(公告)号：US11627147B2

公开(公告)日：2023-04-11

申请号：US16416000

申请日：2019-05-17

Applicant: Charter Communications Operating, LLC

Inventor： Pratik Lotia ,  Charles Manser

IPC: H04L9/40

Abstract: Method and systems for detecting and mitigating a malicious bot. Threat information is obtained, the threat information identifying one or more indicators of compromise (IOC) corresponding to suspected or known malicious network traffic. A control list (CL) corresponding to the threat information is generated, the CL describing rules for identifying network flows to be logged in a network log. The network log identifying the network flows is obtained and a suspect network flow identified by both the threat information and the network log is identified. An address corresponding to the suspect network flow is identified and the address is correlated with a user identifier. A notification is issued to a user associated with the user identifier, the notification indicating a suspected existence of a malicious bot.

公开(公告)号：US11588842B2

公开(公告)日：2023-02-21

申请号：US17035656

申请日：2020-09-28

Applicant: Charter Communications Operating, LLC

Inventor： Richard A. Compton ,  Pratik Lotia ,  Kevin Brady

IPC: H04L29/06 ,  H04L12/24 ,  H04L9/40 ,  H04L41/0631 ,  H04L41/0816 ,  H04L41/08 ,  H04L41/0869

Abstract: One or more network tests for a network are selected, wherein the selected one or more network tests simulate an attempt to establish an anomalous network configuration. A network configuration update is generated based on the selected one or more network tests and the network configuration update is issued to a network-based device. A performance of the network is monitored for establishment of the anomalous network configuration in response to the network configuration update and a configuration of the network is revised based on the monitored performance of the network, to mitigate the establishment of the anomalous network configuration.

公开(公告)号：US20200067945A1

公开(公告)日：2020-02-27

申请号：US16113873

申请日：2018-08-27

Applicant: Charter Communications Operating, LLC

Inventor： Richard Compton ,  Pratik Lotia

IPC: H04L29/06

Abstract: Systems, methods, and devices of the various embodiments may enable the mitigation of malicious botnets. Various embodiments may block communication of malicious botnets from customer computing devices to malicious command and control (C2) servers. Various embodiments may include mitigating botnets in a network by diverting Internet traffic bound for a malicious C2 server to a botnet mitigation controller of the network. In various embodiments, diverting Internet traffic may include programmatically injecting Border Gateway Protocol (BGP) routes in a network to route Internet traffic bound for a malicious C2 server to a botnet mitigation controller of the network. In various embodiments, a botnet mitigation controller may determine whether diverted Internet traffic is malicious and may handle malicious diverted Internet traffic according to one or more security settings.