-
公开(公告)号:US10044737B2
公开(公告)日:2018-08-07
申请号:US14750737
申请日:2015-06-25
发明人: Xin Hu , Jiyong Jang , Douglas Schales , Marc Stoecklin , Ting Wang
IPC分类号: H04L29/06
摘要: A method for detecting beaconing behavior includes preprocessing network records to identify candidate source and destination pairs for detecting beaconing behavior, where each source and destination pair is associated with a specific time interval in a plurality of time intervals forming a time range, the time interval and time range having been predefined. The activity time interval information is converted from the time domain into the frequency domain. Candidate frequencies are determined from the source and destination pairs, as likely candidate frequencies/periodicities of beaconing activities.
-
公开(公告)号:US09854057B2
公开(公告)日:2017-12-26
申请号:US14270937
申请日:2014-05-06
发明人: Suresh N. Chari , Pau-Chen Cheng , Xin Hu , Lawrence Koved , Josyula R. Rao , Reiner Sailer , Douglas L. Schales , Kapil K. Singh , Marc P. Stoecklin
CPC分类号: H04L67/303 , H04L63/1425 , H04L63/1466 , H04L67/22
摘要: Embodiments include a network data collection and response system for enhancing security in an enterprise network providing a user-supplied computing device with access to the network. A network data collection and response system tracks network activity of the device and maintains a device inventory recording the device type and configuration information for the device along with a resource utilization profile for the device. The network data collection and response system detects high-risk or unauthorized network activity involving the device through passive monitoring without utilization of a data monitoring agent installed on the device and implements a response action to mitigate the high-risk or unauthorized network.
-
公开(公告)号:US09578042B2
公开(公告)日:2017-02-21
申请号:US14742997
申请日:2015-06-18
发明人: Xin Hu , Jiyong Jang , Ting Wang , Jialong Zhang
CPC分类号: H04L63/126 , H04L63/10 , H04L63/101 , H04L63/1408 , H04L63/1416 , H04L63/1425 , H04L63/1441
摘要: Identifying malicious servers is provided. Malicious edges between server vertices corresponding to visible servers and invisible servers involved in network traffic redirection chains are determined based on determined graph-based features within a bipartite graph corresponding to invisible server vertices involved in the network traffic redirection chains and determined distance-based features corresponding to the invisible server vertices involved in the network traffic redirection chains. Malicious server vertices are identified in the bipartite graph based on the determined malicious edges between the server vertices corresponding to the visible servers and invisible servers involved in the network traffic redirection chains. Access by client devices is blocked to malicious servers corresponding to the identified malicious server vertices in the bipartite graph.
摘要翻译: 提供恶意服务器的识别。 基于对应于网络流量重定向链中涉及的不可见服务器顶点的二分图中基于确定的基于图的特征确定了与可见服务器相对应的服务器顶点和与网络流量重定向链中涉及的不可见服务器之间的恶意边缘以及所确定的基于距离的特征对应 到网络流量重定向链中涉及的隐形服务器顶点。 基于在可见服务器对应的服务器顶点和网络流量重定向链中涉及的不可见服务器之间确定的恶意边缘,在二分图中识别恶意服务器顶点。 客户端设备的访问被阻止到对应于二分图中识别的恶意服务器顶点的恶意服务器。
-
公开(公告)号:US09495420B2
公开(公告)日:2016-11-15
申请号:US13899784
申请日:2013-05-22
发明人: Mihai Christodorescu , Xin Hu , Douglas Lee Schales , Reiner Sailer , Marc P. Stoecklin , Ting Wang
CPC分类号: G06F17/30489 , G06F17/30477
摘要: A distributed feature collection and correlation engine is provided, Feature extraction comprises obtaining one or more data records; extracting information from the one or more data records based on domain knowledge; transforming the extracted information into a key/value pair comprised of a key K and a value V, wherein the key comprises a feature identifier; and storing the key/value pair in a feature store database if the key/value pair does not already exist in the feature store database using a de-duplication mechanism. Features extracted from data records can be queried by obtaining a feature store database comprised of the extracted features stored as a key/value pair comprised of a key K and a value V, wherein the key comprises a feature identifier; receiving a query comprised of at least one query key; retrieving values from the feature store database that match the query key; and returning one or more retrieved key/value pairs.
-
公开(公告)号:US09489426B2
公开(公告)日:2016-11-08
申请号:US13967730
申请日:2013-08-15
发明人: Mihai Christodorescu , Xin Hu , Douglas Lee Schales , Reiner Sailer , Marc P. Stoecklin , Ting Wang
IPC分类号: G06F17/30
CPC分类号: G06F17/30489 , G06F17/30477
摘要: A distributed feature collection and correlation engine is provided, Feature extraction comprises obtaining one or more data records; extracting information from the one or more data records based on domain knowledge; transforming the extracted information into a key/value pair comprised of a key K and a value V, wherein the key comprises a feature identifier; and storing the key/value pair in a feature store database if the key/value pair does not already exist in the feature store database using a de-duplication mechanism. Features extracted from data records can be queried by obtaining a feature store database comprised of the extracted features stored as a key/value pair comprised of a key K and a value V, wherein the key comprises a feature identifier; receiving a query comprised of at least one query key; retrieving values from the feature store database that match the query key; and returning one or more retrieved key/value pairs.
摘要翻译: 提供分布式特征收集和相关引擎,特征提取包括获得一个或多个数据记录; 基于域知识从一个或多个数据记录中提取信息; 将提取的信息变换成由密钥K和值V组成的密钥/值对,其中密钥包括特征标识符; 并且如果密钥/值对在使用重复数据删除机制的特征存储数据库中不存在,则将密钥/值对存储在特征库数据库中。 从数据记录提取的特征可以通过获得由存储为由密钥K和值V组成的密钥/值对的提取特征组成的特征存储数据库进行查询,其中密钥包括特征标识符; 接收包括至少一个查询密钥的查询; 从特征库数据库检索与查询关键字匹配的值; 并返回一个或多个检索的键/值对。
-
公开(公告)号:US09106536B2
公开(公告)日:2015-08-11
申请号:US13862601
申请日:2013-04-15
发明人: Mihai Christodorescu , Xin Hu , Douglas L. Schales , Reiner Sailer , Marc Ph. Stoecklin , Ting Wang , Andrew M. White
CPC分类号: G06N5/04 , G06N5/003 , G06N5/022 , G06N99/005 , H04L41/142 , H04L41/147 , H04L41/16 , H04L43/04 , H04L43/0876 , H04L63/029 , H04L63/1408 , H04L67/02
摘要: The present principles are directed to identifying and classifying web traffic inside encrypted network tunnels. A method includes analyzing network traffic of unencrypted data packets to detect packet traffic, timing, and size patterns. The detected packet, timing, and size traffic patterns are correlated to at least a packet destination and a packet source of the unencrypted data packets to create at least one of a training corpus and a model built from the training corpus. The at least one of the corpus and model is stored in a memory device. Packet traffic, timing, and size patterns of encrypted data packets are observed. The observed packet traffic, timing, and size patterns of the encrypted data packets are compared to at least one of the training corpus and the model to classify the encrypted data packets with respect to at least one of a predicted network host and predicted path information.
-
公开(公告)号:US20140351227A1
公开(公告)日:2014-11-27
申请号:US13967730
申请日:2013-08-15
发明人: Mihai Christodorescu , Xin Hu , Douglas Lee Schales , Reiner Sailer , Marc P. Stoecklin , Ting Wang
IPC分类号: G06F17/30
CPC分类号: G06F17/30489 , G06F17/30477
摘要: A distributed feature collection and correlation engine is provided, Feature extraction comprises obtaining one or more data records; extracting information from the one or more data records based on domain knowledge; transforming the extracted information into a key/value pair comprised of a key K and a value V, wherein the key comprises a feature identifier; and storing the key/value pair in a feature store database if the key/value pair does not already exist in the feature store database using a de-duplication mechanism. Features extracted from data records can be queried by obtaining a feature store database comprised of the extracted features stored as a key/value pair comprised of a key K and a value V, wherein the key comprises a feature identifier; receiving a query comprised of at least one query key; retrieving values from the feature store database that match the query key; and returning one or more retrieved key/value pairs.
-
公开(公告)号:US11728977B2
公开(公告)日:2023-08-15
申请号:US16585971
申请日:2019-09-27
发明人: Xin Hu , Wentao Huang , Jiyong Jang , Theodoros Salonidis , Marc Ph Stoecklin , Ting Wang
CPC分类号: H04L9/083 , H04L9/0861 , H04L9/304 , H04L63/062
摘要: An encoder includes a computer readable storage medium storing program instructions, and a processor executing the program instructions, the processor configured to generate a key, estimate a network capacity, and encode each bit of the key using a random matrix of a selected rank and the estimated network capacity for secure transmission of the key through a network.
-
公开(公告)号:US09491078B2
公开(公告)日:2016-11-08
申请号:US14752139
申请日:2015-06-26
发明人: Mihai Christodorescu , Xin Hu , Douglas L. Schales , Reiner Sailer , Marc Ph. Stoecklin , Ting Wang , Andrew M. White
CPC分类号: G06N5/04 , G06N5/003 , G06N5/022 , G06N99/005 , H04L41/142 , H04L41/147 , H04L41/16 , H04L43/04 , H04L43/0876 , H04L63/029 , H04L63/1408 , H04L67/02
摘要: The present principles are directed to identifying and classifying web traffic inside encrypted network tunnels. A method includes analyzing network traffic of unencrypted data packets to detect packet traffic, timing, and size patterns. The detected packet, timing, and size traffic patterns are correlated to at least a packet destination and a packet source of the unencrypted data packets to create at least one of a training corpus and a model built from the training corpus. The at least one of the corpus and model is stored in a memory device. Packet traffic, timing, and size patterns of encrypted data packets are observed. The observed packet traffic, timing, and size patterns of the encrypted data packets are compared to at least one of the training corpus and the model to classify the encrypted data packets with respect to at least one of a predicted network host and predicted path information.
-
公开(公告)号:US20140351226A1
公开(公告)日:2014-11-27
申请号:US13899784
申请日:2013-05-22
发明人: Mihai Christodorescu , Xin Hu , Douglas Lee Schales , Reiner Sailer , Marc P. Stoecklin , Ting Wang
IPC分类号: G06F17/30
CPC分类号: G06F17/30489 , G06F17/30477
摘要: A distributed feature collection and correlation engine is provided, Feature extraction comprises obtaining one or more data records; extracting information from the one or more data records based on domain knowledge; transforming the extracted information into a key/value pair comprised of a key K and a value V, wherein the key comprises a feature identifier; and storing the key/value pair in a feature store database if the key/value pair does not already exist in the feature store database using a de-duplication mechanism. Features extracted from data records can be queried by obtaining a feature store database comprised of the extracted features stored as a key/value pair comprised of a key K and a value V, wherein the key comprises a feature identifier; receiving a query comprised of at least one query key; retrieving values from the feature store database that match the query key; and returning one or more retrieved key/value pairs.
摘要翻译: 提供分布式特征收集和相关引擎,特征提取包括获得一个或多个数据记录; 基于域知识从一个或多个数据记录中提取信息; 将提取的信息变换成由密钥K和值V组成的密钥/值对,其中密钥包括特征标识符; 并且如果密钥/值对在使用重复数据删除机制的特征存储数据库中不存在,则将密钥/值对存储在特征库数据库中。 从数据记录提取的特征可以通过获得由存储为由密钥K和值V组成的密钥/值对的提取特征组成的特征存储数据库进行查询,其中密钥包括特征标识符; 接收包括至少一个查询密钥的查询; 从特征库数据库检索与查询关键字匹配的值; 并返回一个或多个检索的键/值对。
-
-
-
-
-
-
-
-
-
搜索结果
37 条记录 (耗时 0.024 秒)
