公开(公告)号：US10432647B2

公开(公告)日：2019-10-01

申请号：US15634820

申请日：2017-06-27

Applicant: Honeywell International Inc.

Inventor： Chandirasekaran Dhakshinamoorthy ,  Lekshmi Premkumar ,  Rod Stein ,  Satheesh Kumar Bhuvaneswaran ,  Prosanta Mondal

IPC: H04L29/06 ,  H04W4/70

Abstract: A method and apparatus for identifying malicious activity. At least one memory is configured to store historical communication data. At least one processor is configured to retrieve the historical communication data related to communications between a server and a plurality of clients in a system. The processor is further configured to cluster the historical communication data to group communications of the historical communication data. The processor is further configured to identify a plurality of patterns that indicate malicious activity based on the grouped communications. The processor is further configured to receive current communication data. The processor is further configured to determine whether the current communication data matches the one of the plurality of patterns. The processor is further configured to, responsive to a grouped element of the grouped communications matching the pattern, identifying a group of communications between the server and the plurality of clients as the malicious activity.

公开(公告)号：US20180375880A1

公开(公告)日：2018-12-27

申请号：US15634820

申请日：2017-06-27

Applicant: Honeywell International Inc.

Inventor： Chandirasekaran Dakshinamoorthy ,  Lekshmi Premkumar ,  Rod Stein ,  Satheesh Kumar Bhuvaneswaran ,  Prosanta Mondal

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L63/1425 ,  H04W4/70

Abstract: A method and apparatus for identifying malicious activity. At least one memory is configured to store historical communication data. At least one processor is configured to retrieve the historical communication data related to communications between a server and a plurality of clients in a system. The processor is further configured to cluster the historical communication data to group communications of the historical communication data. The processor is further configured to identify a plurality of patterns that indicate malicious activity based on the grouped communications. The processor is further configured to receive current communication data. The processor is further configured to determine whether the current communication data matches the one of the plurality of patterns. The processor is further configured to, responsive to a grouped element of the grouped communications matching the pattern, identifying a group of communications between the server and the plurality of clients as the malicious activity.