公开(公告)号：US11245720B2

公开(公告)日：2022-02-08

申请号：US16433151

申请日：2019-06-06

Applicant: ENTIT Software LLC

Inventor： Pratyusa K. Manadhata ,  Martin Arlitt

IPC: H04L29/06

Abstract: For each of a number of naming deviation types, the number of deviations within a domain name of a domain is determined. Each naming deviation type is a different type of deviation from domain name naming rules. For each naming deviation type for which the number of deviations is non-zero, first benign and malicious probabilities that benign and malicious domains, respectively, have the naming deviation type are estimated. Second benign and malicious probabilities that any given domain is respectively benign and malicious are estimated. Probabilities that the domain is benign and malicious are estimated based on the number of deviations for each naming deviation type and based on the estimated first and second benign and malicious probabilities. Whether the domain is benign or malicious is determined based on the estimated probabilities that the domain is benign and malicious.

公开(公告)号：US10432539B2

公开(公告)日：2019-10-01

申请号：US15841137

申请日：2017-12-13

Applicant: EntIT Software LLC

Inventor： Abdul Wasay ,  Alkiviadis Simitsis ,  Martin Arlitt

IPC: H04L12/815 ,  H04L12/26 ,  H04L12/825

Abstract: According to examples, an apparatus may include a processor and a memory on which is stored machine readable instructions executable by the processor to: access network traffic data pertaining to data flows among nodes in a network; partition the network traffic data into a plurality of windows; for each of the plurality of windows, aggregate data flows between pairs of nodes; compute a data distribution of each of the aggregated data flows; select a summary structure for each of the aggregated data flows based on the computed data distributions of the aggregated data flows; generate a summary of each of the aggregated data flows using the selected summary structures for the aggregated data flows; and store the generated summaries.

公开(公告)号：US20190132342A1

公开(公告)日：2019-05-02

申请号：US15796986

申请日：2017-10-30

Applicant: ENTIT Software LLC

Inventor： Martin Arlitt ,  Alkiviadis Simitsis

IPC: H04L29/06 ,  G06N99/00

Abstract: A technique includes dynamically assigning, by a server, network addresses selected from a plurality of network addresses to network devices of a network based on a schedule. The schedule represents a time during which a given network address is to remain unassigned. The technique includes, based on the schedule, detecting anomalous behavior associated with the network.

公开(公告)号：US11271963B2

公开(公告)日：2022-03-08

申请号：US16227750

申请日：2018-12-20

Applicant: ENTIT SOFTWARE LLC

Inventor： Pratyusa K. Manadhata ,  Martin Arlitt

IPC: G06F11/00 ,  H04L29/06 ,  H04L61/4511 ,  G06F12/14

Abstract: In some examples, a Domain Name System (DNS) server receives, over a network, DNS queries containing domain names, extracts a common domain name shared by the domain names, determines whether a measure of an amount of data relating to the DNS queries containing the common domain name exceeds a threshold, and in response to determining that the measure of the amount of data relating to the DNS queries containing the common domain name exceeds the threshold, trigger a countermeasure action to address a threat associated with the DNS queries.

公开(公告)号：US20190238562A1

公开(公告)日：2019-08-01

申请号：US15884988

申请日：2018-01-31

Applicant: EntIT Software LLC

Inventor： Pratyusa K. Manadhata ,  Kyle Williams ,  Barak Raz ,  Martin Arlitt

IPC: H04L29/06 ,  G06F21/56 ,  H04L29/12 ,  G06F17/21

CPC classification number: H04L63/145 ,  G06F17/21 ,  G06F21/56 ,  H04L61/1511 ,  H04L63/101 ,  H04L63/1425

Abstract: In some examples, for a device that transmitted domain names, a system determines a dissimilarity between the domain names, compares a value derived from the determined dissimilarity to a threshold, and identifies the device as malware infected in response to the comparing.

公开(公告)号：US10965697B2

公开(公告)日：2021-03-30

申请号：US15884983

申请日：2018-01-31

Applicant: EntIT Software LLC

Inventor： Pratyusa K. Manadhata ,  Kyle Williams ,  Barak Raz ,  Martin Arlitt

IPC: H04L29/06 ,  H04L29/12 ,  G06F40/10 ,  G06F40/284

Abstract: In some examples, a system counts a number of digits in a domain name. The system compares a value based on the number of digits to a threshold, and indicates that the domain name is potentially generated by malware in response to the value having a specified relationship with respect to the threshold.

公开(公告)号：US10756992B2

公开(公告)日：2020-08-25

申请号：US15841124

申请日：2017-12-13

Applicant: EntIT Software LLC

Inventor： Alkiviadis Simitsis ,  Martin Arlitt

IPC: G06F15/173 ,  H04L12/26 ,  H04L12/24 ,  G06T15/00 ,  H04L29/12

Abstract: According to examples, an apparatus may include a processor and a memory on which is stored machine readable instructions executable by the processor to access network activity data collected over a time period associated with a plurality of network entities, in which each of the network entities is assigned a distinct internet protocol (IP) address including a network prefix set of bits and a network entity identifier set of bits. The instructions may also cause the processor to generate representations of the network activity data corresponding to the respective network entities and display the generated representations of the network activity data corresponding to the respective network entities on an IP address block map according to the network entity identifier set of bits of the respective network entities.

公开(公告)号：US20190334931A1

公开(公告)日：2019-10-31

申请号：US15963336

申请日：2018-04-26

Applicant: ENTIT SOFTWARE LLC

Inventor： Martin Arlitt ,  Pratyusa K. Manadhata

IPC: H04L29/06 ,  H04L29/12

Abstract: In some examples, a Domain Name System (DNS) server is to receive, over a network, a DNS query containing a domain name, the DNS query sent by a device. The DNS server is to determine whether the domain name is potentially generated by malware. In response to determining that the domain name is potentially generated by malware, the DNS server is to generate a DNS response containing information indicating that the domain name is potentially generated by malware, and send the DNS response to the network.

公开(公告)号：US20190303716A1

公开(公告)日：2019-10-03

申请号：US15938624

申请日：2018-03-28

Applicant: ENTIT Software LLC

Inventor： Manish Marwah ,  Xiao Zhang ,  Martin Arlitt

IPC: G06K9/62 ,  G06F17/18 ,  G06F17/17 ,  G06F15/18

Abstract: Points around a point of interest are sampled. The points and the point of interest each have a value for each of a number of input features. The points and the point of interest each have a corresponding output score for a machine learning model. A feature contribution vector for the input features is determined by locally approximating the machine learning model at the points and the point of interest using a model, such as a ridge regression model. The ridge regression model can have a loss function, which can include a Kullback-Leibler (KL) divergence term. The feature contribution vector approximates for any point a contribution of each input feature to the output score of this point by the machine learning model. The input features most responsible for the machine learning model having provided the corresponding output score for the point of interest, based on the feature contribution vector, are provided.

公开(公告)号：US11563754B2

公开(公告)日：2023-01-24

申请号：US16284884

申请日：2019-02-25

Applicant: ENTIT Software LLC

Inventor： Pratyusa K. Manadhata ,  Martin Arlitt

IPC: H04L9/40

Abstract: A service receives, from client computing devices of client networks, information regarding incoming network traffic addressed to dark Internet Protocol (IP) address spaces the of client networks. The service can predict a cyber attack based on the information received from the client computing devices of the client networks. The server computing device notifies the client computing device of each client network affected by the predicted cyber attack.