公开(公告)号：US12126642B2

公开(公告)日：2024-10-22

申请号：US18150860

申请日：2023-01-06

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Ramsundar Janakiraman

IPC: H04L29/00 ,  H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/20

Abstract: Systems and methods for providing remote network security using a network embeddings model are provided. A method consistent with the present disclosure includes retrieving a corpus of network activity data associated with a first network. The network activity data may be generated from users within the first network submitting network requests for network assets to service the network requests. The method also includes creating a crafted encoded corpus by selecting a subset of the corpus of network activity data and creating a network embeddings model based on the crafted encoded corpus. Lastly, the method includes generating an alert in an event that the network security system identifies an anomaly associated with the crafted encoded corpus of network activity data.

公开(公告)号：US11258814B2

公开(公告)日：2022-02-22

申请号：US16513522

申请日：2019-07-16

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Ramsundar Janakiraman

IPC: G06F11/00 ,  H04L29/06 ,  H04L43/062 ,  H04L43/045 ,  G06F40/30 ,  G06F40/279 ,  G06N20/00

Abstract: Systems and methods are provided for utilizing natural language process (NLP), namely semantic learning approaches, in the realm of network security. Techniques include analyzing network transaction records to form a crafted corpus related to a semantics of network activity. The crafted corpus can be adapted to include sequences of network entities that are deemed most appropriate for analyzing a particular category related to network activity. For example, crafted corpuses can include sequences of servers accessed by each user, in order to identify activity trends in a user's normal activity. A network embeddings model can be trained on the crafted corpus. The network embeddings model includes an embedding space of text that represents interactions between network entities and captures contextual similarities of text, which further measures similarities between the network entities in the embedding space. Using network embeddings model, network activity is monitored and modeled over time, and anomalies efficiently detected.

公开(公告)号：US11201881B2

公开(公告)日：2021-12-14

申请号：US16177327

申请日：2018-10-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Ramsundar Janakiraman

IPC: H04L29/06 ,  H04L29/08 ,  G06N20/00 ,  H04L29/12

Abstract: A method including correlating a network address of a user to a domain name in a domain name system of a computing network, based on a service log, is provided. The method includes identifying a user group, generating a watch list of servers that control access to a new resource, and establishing a baseline behaviour for a client device based on a first access and a last access to one server in the watch list of servers during a time to live period. The method also includes adding the true network address and a correlated domain name to the baseline behaviour, retrieving a timestamp of an access by the client device to the network address, and flagging, as a violation, the access by the client device to the network address when the access is outside of a legitimate window around the baseline behaviour.

公开(公告)号：US11601453B2

公开(公告)日：2023-03-07

申请号：US16670536

申请日：2019-10-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Ramsundar Janakiraman

IPC: G06F40/30 ,  G06F40/205 ,  H04L9/40

Abstract: Systems and methods are provided for utilizing natural language process (NLP), namely semantic learning approaches in network security. Techniques include analyzing network transaction records to form a corpus related to a semantics of network activity. The corpus includes formulated network sentences, representing sequences of network entities that are accessed in the network. A corpus of network sentences can include sequences of servers accessed by each user. A network sentence embeddings model can be trained on the corpus. The network sentence embeddings model includes an embedding space of text that captures the semantic meanings of the network sentences. In sentence embeddings, network sentences with equivalent semantic meanings are co-located in the embeddings space. Further, proximity measures in the embedding space can be used to identify whether network sentences (e.g., access sequences), are semantically equivalent. Using network sentence embeddings model, equivalent semantics of access can be established to efficiently detect anomalies.

公开(公告)号：US12113768B2

公开(公告)日：2024-10-08

申请号：US16177295

申请日：2018-10-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Ramsundar Janakiraman

IPC: H04L61/4511 ,  H04L9/40 ,  H04L41/12 ,  H04L61/5014 ,  H04L67/51

CPC classification number: H04L61/4511 ,  H04L41/12 ,  H04L61/5014 ,  H04L63/0236 ,  H04L63/0281 ,  H04L63/08 ,  H04L67/51

Abstract: A system may identify a resource deployed in a computer, where discovery protocol data traffic is unencrypted. The system may receive metadata associated with the discovery protocol data traffic, update the computer network based at least in part on the information included in the metadata, and provide a response to the client. The system may authenticate a request from the client to access the resource using an encrypted protocol, and provide, to the client, access to the resource upon authentication, according to a resource attribute.

公开(公告)号：US11563760B2

公开(公告)日：2023-01-24

申请号：US16429935

申请日：2019-06-03

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Ramsundar Janakiraman

IPC: H04L29/00 ,  H04L9/40

Abstract: Systems and methods for providing remote network security using a network embeddings model are provided. A method consistent with the present disclosure includes retrieving a corpus of network activity data associated with a first network. The network activity data may be generated from users within the first network submitting network requests for network assets to service the network requests. The method also includes creating a crafted encoded corpus by selecting a subset of the corpus of network activity data and creating a network embeddings model based on the crafted encoded corpus. Lastly, the method includes generating an alert in an event that the network security system identifies an anomaly associated with the crafted encoded corpus of network activity data.

公开(公告)号：US20200382539A1

公开(公告)日：2020-12-03

申请号：US16429935

申请日：2019-06-03

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Ramsundar Janakiraman

IPC: H04L29/06

Abstract: Systems and methods for providing remote network security using a network embeddings model are provided. A method consistent with the present disclosure includes retrieving a corpus of network activity data associated with a first network. The network activity data may be generated from users within the first network submitting network requests for network assets to service the network requests. The method also includes creating a crafted encoded corpus by selecting a subset of the corpus of network activity data and creating a network embeddings model based on the crafted encoded corpus. Lastly, the method includes generating an alert in an event that the network security system identifies an anomaly associated with the crafted encoded corpus of network activity data.

公开(公告)号：US10805173B1

公开(公告)日：2020-10-13

申请号：US16374728

申请日：2019-04-03

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Ramsundar Janakiraman

IPC: G06F15/16 ,  H04L12/24 ,  H04L12/26 ,  H04L29/08 ,  H04L29/12

Abstract: Systems and methods are provided for interactively clustering a plurality of devices within a communication network. Techniques can include collecting intent to access messages and service advertisement messages that are communicated to a plurality of devices within the communication network. The intent to access messages and service advertisement messages can be formatted in accordance with a discovery protocol. The collected messages are analyzed to identify services, attributes, and attribute values associated with the plurality of devices using text-based analysis. Distances separating each the plurality of devices according to an associated distance value, can be determined. Distance values relate to a degree of similarity between each of the plurality devices based on the identify services, attributes, and attribute values. Clusters of devices can be generated based on the determined distances. A visualization of the communication network including graphical representations of the generated clusters of devices can be provided.

公开(公告)号：US20230146382A1

公开(公告)日：2023-05-11

申请号：US18150860

申请日：2023-01-06

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Ramsundar Janakiraman

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/20

Abstract: Systems and methods for providing remote network security using a network embeddings model are provided. A method consistent with the present disclosure includes retrieving a corpus of network activity data associated with a first network. The network activity data may be generated from users within the first network submitting network requests for network assets to service the network requests. The method also includes creating a crafted encoded corpus by selecting a subset of the corpus of network activity data and creating a network embeddings model based on the crafted encoded corpus. Lastly, the method includes generating an alert in an event that the network security system identifies an anomaly associated with the crafted encoded corpus of network activity data.

公开(公告)号：US11601339B2

公开(公告)日：2023-03-07

申请号：US16563669

申请日：2019-09-06

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Ramsundar Janakiraman

IPC: H04L41/147 ,  G06F40/279 ,  G06F40/205 ,  H04L9/40

Abstract: Systems and methods are provided for utilizing natural language process (NLP), namely sequence prediction approaches, in the realm of network security. Techniques include analyzing network transaction records to form network sentences representative of network activity. The network sentences are formulated by regularizing transactions records using words, allowing the network sentences to represent the network activity using natural language terminology. In some cases, multiple variations of the network sentences having different sequences of words are generated to form a corpus of network sentences related to a semantics of network activity. Accordingly, an NLP-based network prediction model can be created and trained using the corpus of network sentences. The network prediction model can be trained over to identify dimensions corresponding to particular sequences of words in the network sentences, and predict an expected dimension. Using the network prediction model predictions of expected network are provided, and anomalies efficiently detected.