-
公开(公告)号:US20170317819A1
公开(公告)日:2017-11-02
申请号:US15141049
申请日:2016-04-28
发明人: Xin HU , Wentao Huang , Jiyong Jang , Theodoros Salonidis , Marc Ph. Stoecklin , Ting Wang
IPC分类号: H04L9/06 , H04L12/931 , H04L9/08
CPC分类号: H04L9/0643 , H04L9/088 , H04L63/0428 , H04L63/123
摘要: An encoder including a computer readable storage medium storing program instructions, and a processor executing the program instructions, the processor configured to generating a message by aggregating a plurality of incoming packets, constructing an encoded message using the message and a random matrix, constructing of a hash using a shared secret, and transmitting the encoded message and the hash to a destination, through a network that performs network coding operations.
-
公开(公告)号:US20160134651A1
公开(公告)日:2016-05-12
申请号:US14750737
申请日:2015-06-25
发明人: Xin HU , Jiyong JANG , Douglas SCHALES , Marc STOECKLIN , Ting WANG
IPC分类号: H04L29/06
CPC分类号: H04L63/1416 , H04L63/101 , H04L63/1425
摘要: A method for detecting beaconing behavior includes preprocessing network records to identify candidate source and destination pairs for detecting beaconing behavior, where each source and destination pair is associated with a specific time interval in a plurality of time intervals forming a time range, the time interval and time range having been predefined. The activity time interval information is converted from the time domain into the frequency domain. Candidate frequencies are determined from the source and destination pairs, as likely candidate frequencies/periodicities of beaconing activities.
摘要翻译: 用于检测信标行为的方法包括预处理网络记录以识别用于检测信标行为的候选源和目的地对,其中每个源和目的地对在形成时间范围的多个时间间隔中与特定时间间隔相关联,所述时间间隔和 时间范围已经预定义。 活动时间间隔信息从时域转换为频域。 从源和目的地对确定候选频率,作为信标活动的可能的候选频率/周期性。
-
公开(公告)号:US20160134641A1
公开(公告)日:2016-05-12
申请号:US14668595
申请日:2015-03-25
发明人: Xin HU , Jiyong Jang , Douglas Schales , Marc Stoecklin , Ting Wang
IPC分类号: H04L29/06 , G06F3/0484
CPC分类号: H04L63/1416 , H04L63/101 , H04L63/1425
摘要: A method for detecting beaconing behavior includes preprocessing network records to identify candidate source and destination pairs for detecting beaconing behavior, where each source and destination pair is associated with a specific time interval in a plurality of time intervals forming a time range, the time interval and time range having been predefined. The activity time interval information is converted from the time domain into the frequency domain. Candidate frequencies are determined from the source and destination pairs, as likely candidate frequencies/periodicities of beaconing activities.
-
公开(公告)号:US20210160260A1
公开(公告)日:2021-05-27
申请号:US17167330
申请日:2021-02-04
发明人: Xin HU , Jiyong JANG , Douglas Lee SCHALES , Marc Philippe STOECKLIN , Ting WANG
IPC分类号: H04L29/06 , G06N20/00 , G06F16/28 , G06F16/901
摘要: Unknown and reference signatures are accessed. The unknown and reference signatures indicate patterns that correspond to known threats to resources (such as computer systems and/or computer networks) in a computer environment and comprise a multitude of descriptive elements having information describing different aspects of a corresponding signature. A set of similarity measures is created of the unknown and reference signatures from different perspectives, each perspective corresponding to a descriptive element. The set of similarity measures are integrated to generate an overall similarity metric. The overall similarity metric is used to find appropriate categories in the reference signatures into which the unknown signatures should be placed. The unknown signatures are placed into the appropriate categories to create a mapping from the unknown signatures to the reference signatures. The mapping is output for use by an IDPS for determining whether a threat has occurred to the resources in the computer environment.
-
公开(公告)号:US20200028669A1
公开(公告)日:2020-01-23
申请号:US16585835
申请日:2019-09-27
发明人: Xin HU , Wentao Huang , Jiyong Jang , Theodoras Salonidis , Marc Ph Stoecklin , Ting Wang
摘要: An encoder including a computer readable storage medium storing program instructions, and a processor executing the program instructions, the processor configured to construct an encoded message using a message and a random element, construct a hash using a shared secret, and transmit the encoded message and the hash to a destination, through a network.
-
公开(公告)号:US20170244731A1
公开(公告)日:2017-08-24
申请号:US15166468
申请日:2016-05-27
发明人: Xin HU , Jiyong JANG , Douglas SCHALES , Marc STOECKLIN , Ting WANG
IPC分类号: H04L29/06
CPC分类号: H04L63/1425 , G06F21/00 , G06F21/552 , H04L63/101
摘要: A method (and structure) includes receiving, as input data into a computer-implemented processing procedure, at least one listing of at least one of time series data and potential candidate periods of potential beaconing activity. The input data is processed, using a processor on a computer, to evaluate the input data as if the input data represents data points of an input analog signal subject to principles of communication theory and having determinable statistical characteristics.
-
公开(公告)号:US20200067950A1
公开(公告)日:2020-02-27
申请号:US16671267
申请日:2019-11-01
发明人: Xin HU , Jiyong JANG , Douglas Lee SCHALES , Marc Philippe STOECKLIN , Ting WANG
IPC分类号: H04L29/06 , G06F16/901 , G06F16/28 , G06N20/00
摘要: Unknown and reference signatures are accessed. The unknown and reference signatures indicate patterns that correspond to known threats to resources (such as computer systems and/or computer networks) in a computer environment and comprise a multitude of descriptive elements having information describing different aspects of a corresponding signature. A set of similarity measures is created of the unknown and reference signatures from different perspectives, each perspective corresponding to a descriptive element. The set of similarity measures are integrated to generate an overall similarity metric. The overall similarity metric is used to find appropriate categories in the reference signatures into which the unknown signatures should be placed. The unknown signatures are placed into the appropriate categories to create a mapping from the unknown signatures to the reference signatures. The mapping is output for use by an IDPS for determining whether a threat has occurred to the resources in the computer environment.
-
公开(公告)号:US20200028670A1
公开(公告)日:2020-01-23
申请号:US16585971
申请日:2019-09-27
发明人: Xin HU , Wentao Huang , Jiyong Jang , Theodoros Salonidis , Marc Ph Stoecklin , Ting Wang
摘要: An encoder includes a computer readable storage medium storing program instructions, and a processor executing the program instructions, the processor configured to generate a key, estimate a network capacity, and encode each bit of the key using a random matrix of a selected rank and the estimated network capacity for secure transmission of the key through a network.
-
9.发明申请公开(公告)号:US20170317986A1
公开(公告)日:2017-11-02
申请号:US15141082
申请日:2016-04-28
发明人: Xin HU , Wentao Huang , Jiyong Jang , Theodoros Salonidis , Marc Ph Stoecklin , Ting Wang
IPC分类号: H04L29/06 , H04L1/00 , H04L12/741 , H04L12/931
CPC分类号: H04L63/0428 , H04L1/0045 , H04L1/0076 , H04L9/3239 , H04L45/74 , H04L49/201 , H04L63/061 , H04L2209/34
摘要: A decoder deployed in one or more terminals, includes a computer readable storage medium storing program instructions, and a processor executing the program instructions, the processor configured to receiving a noisy message and a noisy hash from the network, searching for a pair of matching candidates for the hash and message from two row spaces of noisy message vectors using a shared secret with an encoder, and outputting, by the decoder, a decoded message if the searching is successful.
-
公开(公告)号:US20180060745A1
公开(公告)日:2018-03-01
申请号:US15790966
申请日:2017-10-23
发明人: Mihai CHRISTODORESCU , Xin HU , Douglas L. SCHALES , Reiner SAILER , Marc PH. STOECKLIN , Ting WANG , Andrew M. WHITE
CPC分类号: G06N5/04 , G06N5/003 , G06N5/022 , G06N20/00 , H04L41/142 , H04L41/147 , H04L41/16 , H04L43/04 , H04L43/0876 , H04L63/029 , H04L63/1408 , H04L67/02
摘要: The present principles are directed to identifying and classifying web traffic inside encrypted network tunnels. A method includes analyzing network traffic of unencrypted data packets to detect packet traffic, timing, and size patterns. The detected packet, timing, and size traffic patterns are correlated to at least a packet destination and a packet source of the unencrypted data packets to create at least one of a training corpus and a model built from the training corpus. The at least one of the corpus and model is stored in a memory device. Packet traffic, timing, and size patterns of encrypted data packets are observed. The observed packet traffic, timing, and size patterns of the encrypted data packets are compared to at least one of the training corpus and the model to classify the encrypted data packets with respect to at least one of a predicted network host and predicted path information.
-
-
-
-
-
-
-
-
-
搜索结果
13 条记录 (耗时 0.018 秒)
