公开(公告)号：US11563754B2

公开(公告)日：2023-01-24

申请号：US16284884

申请日：2019-02-25

Applicant: ENTIT Software LLC

Inventor： Pratyusa K. Manadhata ,  Martin Arlitt

IPC: H04L9/40

Abstract: A service receives, from client computing devices of client networks, information regarding incoming network traffic addressed to dark Internet Protocol (IP) address spaces the of client networks. The service can predict a cyber attack based on the information received from the client computing devices of the client networks. The server computing device notifies the client computing device of each client network affected by the predicted cyber attack.

公开(公告)号：US11122064B2

公开(公告)日：2021-09-14

申请号：US15959461

申请日：2018-04-23

Applicant: ENTIT SOFTWARE LLC

Inventor： Pratyusa K. Manadhata ,  Mijung Kim

IPC: H04L29/06 ,  G06K9/62 ,  G06F21/31 ,  G06F21/55 ,  G06F21/45 ,  G06N20/00

Abstract: In some examples, a system identifies, for a given authentication event between a plurality of devices in a network, a context comprising a set of authentication events that are temporally related to the given authentication event. The set of authentication events occur at the devices. A classifier is applied on a collection of features associated with the set of authentication events, the collection of features comprising a number of machines or a number of users associated with the set of authentication events. The system determines, based on an output of the classifier, whether the given authentication event is an unauthorized authentication event.

公开(公告)号：US11271963B2

公开(公告)日：2022-03-08

申请号：US16227750

申请日：2018-12-20

Applicant: ENTIT SOFTWARE LLC

Inventor： Pratyusa K. Manadhata ,  Martin Arlitt

IPC: G06F11/00 ,  H04L29/06 ,  H04L61/4511 ,  G06F12/14

Abstract: In some examples, a Domain Name System (DNS) server receives, over a network, DNS queries containing domain names, extracts a common domain name shared by the domain names, determines whether a measure of an amount of data relating to the DNS queries containing the common domain name exceeds a threshold, and in response to determining that the measure of the amount of data relating to the DNS queries containing the common domain name exceeds the threshold, trigger a countermeasure action to address a threat associated with the DNS queries.

公开(公告)号：US10599857B2

公开(公告)日：2020-03-24

申请号：US15689045

申请日：2017-08-29

Applicant: EntIT Software LLC

Inventor： Mijung Kim ,  Pratyusa K. Manadhata ,  Manish Marwah

IPC: G06F21/60 ,  G06F21/31 ,  G06F21/35 ,  G06F16/00 ,  G06F16/35 ,  H04L29/06 ,  G06F16/2458 ,  G06F16/9535 ,  G06F21/56 ,  G06F21/55 ,  G06Q10/10 ,  G06F13/00

Abstract: In some examples, for a given authentication event between a plurality of devices in a network, a system identifies a set of events, at the devices, that are temporally related to the given authentication event. The system extracts features from the set of events by aggregating event data of the set of events. The system provides the extracted features to a classifier that detects unauthorized authentication events.

公开(公告)号：US20190238562A1

公开(公告)日：2019-08-01

申请号：US15884988

申请日：2018-01-31

Applicant: EntIT Software LLC

Inventor： Pratyusa K. Manadhata ,  Kyle Williams ,  Barak Raz ,  Martin Arlitt

IPC: H04L29/06 ,  G06F21/56 ,  H04L29/12 ,  G06F17/21

CPC classification number: H04L63/145 ,  G06F17/21 ,  G06F21/56 ,  H04L61/1511 ,  H04L63/101 ,  H04L63/1425

Abstract: In some examples, for a device that transmitted domain names, a system determines a dissimilarity between the domain names, compares a value derived from the determined dissimilarity to a threshold, and identifies the device as malware infected in response to the comparing.

公开(公告)号：US20180336353A1

公开(公告)日：2018-11-22

申请号：US15596041

申请日：2017-05-16

Applicant: EntIT Software LLC

Inventor： Pratyusa K. Manadhata ,  Manish Marwah ,  Alexander Ulanov

IPC: G06F21/57 ,  G06F17/30 ,  H04L29/06 ,  G06Q10/06

Abstract: In some examples, a system receives anomaly scores regarding an entity from a plurality of detectors, produces a weighted anomaly score for the entity based on the anomaly scores and respective weights assigned to the plurality of detectors, the weights based on historical performance of the plurality of detectors, determines an impact based on a context of the entity, wherein the impact is indicative of an effect that the entity would have on a computing environment if the entity were to exhibit anomalous behavior, and computes a risk score for the entity based on the weighted anomaly score and the determined impact.

公开(公告)号：US11108794B2

公开(公告)日：2021-08-31

申请号：US15884978

申请日：2018-01-31

Applicant: EntIT Software LLC

Inventor： Pratyusa K. Manadhata ,  Kyle Williams ,  Barak Raz ,  Martin Arlitt

IPC: H04L29/06 ,  H04L29/12 ,  G06F40/263 ,  G06F40/284

Abstract: Systems and methods for identifying, in a domain name, n-grams that do not appear in words of a given language, where n is greater than two are disclosed. The disclosed systems and methods may include comparing a value based on a number of the identified n-grams to a threshold and indicating that the domain name is potentially generated by malware in response to the value having a specified relationship with respect to the threshold.

公开(公告)号：US10911481B2

公开(公告)日：2021-02-02

申请号：US15884988

申请日：2018-01-31

Applicant: EntIT Software LLC

Inventor： Pratyusa K. Manadhata ,  Kyle Williams ,  Barak Raz ,  Martin Arlitt

IPC: G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00 ,  H04L29/06 ,  G06F21/56 ,  H04L29/12 ,  G06F40/10

Abstract: In some examples, for a device that transmitted domain names, a system determines a dissimilarity between the domain names, compares a value derived from the determined dissimilarity to a threshold, and identifies the device as malware infected in response to the comparing.

公开(公告)号：US20200274886A1

公开(公告)日：2020-08-27

申请号：US16284884

申请日：2019-02-25

Applicant: ENTIT Software LLC

Inventor： Pratyusa K. Manadhata ,  Martin Arlitt

IPC: H04L29/06

Abstract: A service receives, from client computing devices of client networks, information regarding incoming network traffic addressed to dark Internet Protocol (IP) address spaces the of client networks. The service can predict a cyber attack based on the information received from the client computing devices of the client networks. The server computing device notifies the client computing device of each client network affected by the predicted cyber attack.

公开(公告)号：US20190238573A1

公开(公告)日：2019-08-01

申请号：US15884983

申请日：2018-01-31

Applicant: EntIT Software LLC

Inventor： Pratyusa K. Manadhata ,  Kyle Williams ,  Barak Raz ,  Martin Arlitt

IPC: H04L29/06 ,  H04L29/12 ,  G06F17/21

CPC classification number: H04L63/1425 ,  G06F17/21 ,  H04L61/1511 ,  H04L63/101 ,  H04L63/145

Abstract: In some examples, a system counts a number of digits in a domain name. The system compares a value based on the number of digits to a threshold, and indicates that the domain name is potentially generated by malware in response to the value having a specified relationship with respect to the threshold.