公开(公告)号：US11012330B2

公开(公告)日：2021-05-18

申请号：US15461816

申请日：2017-03-17

Applicant: ForeScout Technologies, Inc.

Inventor： Emmanuele Zambon

IPC: H04L12/26 ,  G06N20/00 ,  H04L29/06 ,  G06F21/50 ,  H04L29/08

Abstract: An intrusion detection method for detecting an intrusion in data traffic on a data communication network parses the data traffic to extract at least one protocol field of a protocol message of the data traffic, and associates the extracted protocol field with a model for that protocol field. The model is selected from a set of models. An assessment is made to determine if a contents of the extracted protocol field is in a safe region as defined by the model, and an intrusion detection signal is generated in case it is established that the contents of the extracted protocol field is outside the safe region. The set of models may comprise a corresponding model for each protocol field of a set of protocol fields.

公开(公告)号：US11902126B2

公开(公告)日：2024-02-13

申请号：US17236305

申请日：2021-04-21

Applicant: FORESCOUT TECHNOLOGIES, INC.

Inventor： Emmanuele Zambon

IPC: H04L43/08 ,  G06N20/00 ,  H04L9/40 ,  G06F21/50 ,  H04L43/18 ,  H04L67/02

CPC classification number: H04L43/08 ,  G06F21/50 ,  G06N20/00 ,  H04L43/18 ,  H04L63/0245 ,  H04L63/14 ,  H04L63/1416 ,  H04L63/1425 ,  H04L67/02

Abstract: An intrusion detection method for detecting an intrusion in data traffic on a data communication network parses the data traffic to extract at least one protocol field of a protocol message of the data traffic, and associates the extracted protocol field with a model for that protocol field. The model is selected from a set of models. An assessment is made to determine if a contents of the extracted protocol field is in a safe region as defined by the model, and an intrusion detection signal is generated in case it is established that the contents of the extracted protocol field is outside the safe region. The set of models may comprise a corresponding model for each protocol field of a set of protocol fields.

公开(公告)号：US20210344578A1

公开(公告)日：2021-11-04

申请号：US17236305

申请日：2021-04-21

Applicant: FORESCOUT TECHNOLOGIES, INC.

Inventor： Emmanuele Zambon

IPC: H04L12/26 ,  G06N20/00 ,  H04L29/06 ,  G06F21/50 ,  H04L29/08

Abstract: An intrusion detection method for detecting an intrusion in data traffic on a data communication network parses the data traffic to extract at least one protocol field of a protocol message of the data traffic, and associates the extracted protocol field with a model for that protocol field. The model is selected from a set of models. An assessment is made to determine if a contents of the extracted protocol field is in a safe region as defined by the model, and an intrusion detection signal is generated in case it is established that the contents of the extracted protocol field is outside the safe region. The set of models may comprise a corresponding model for each protocol field of a set of protocol fields.