公开(公告)号：US20250112945A1

公开(公告)日：2025-04-03

申请号：US18978288

申请日：2024-12-12

Applicant: KOUNT INC.

Inventor： Matthew Lewis JONES

IPC: H04L9/40

Abstract: A method described herein involves various operations directed toward network security. The operations include accessing a traffic attribute describing a feature of network traffic. The operations further include determining a baseline distribution for the traffic attribute of a baseline set of transactions involving an online system over a baseline period and, additionally, determining an observed distribution for the traffic attribute of an observed set of transactions involving the online system over an observed period. Using the observed distribution and the baseline distribution, an attribute risk value for the traffic attribute is computed. The operations further include detecting that an anomaly exists in the traffic attribute of the observed set of transactions, based on the attribute risk value. Responsive to detecting the anomaly, an access control is implemented for access to the online system by additional transactions having a particular value in the traffic attribute meeting a pattern of the anomaly.

公开(公告)号：US20240022587A1

公开(公告)日：2024-01-18

申请号：US18475821

申请日：2023-09-27

Applicant: KOUNT INC.

Inventor： Matthew Lewis JONES

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/10

Abstract: A method described herein involves various operations directed toward network security. The operations include accessing a traffic attribute describing a feature of network traffic. The operations further include determining a baseline distribution for the traffic attribute of a baseline set of transactions involving an online system over a baseline period and, additionally, determining an observed distribution for the traffic attribute of an observed set of transactions involving the online system over an observed period. Using the observed distribution and the baseline distribution, an attribute risk value for the traffic attribute is computed. The operations further include detecting that an anomaly exists in the traffic attribute of the observed set of transactions, based on the attribute risk value. Responsive to detecting the anomaly, an access control is implemented for access to the online system by additional transactions having a particular value in the traffic attribute meeting a pattern of the anomaly.

公开(公告)号：US20230254333A1

公开(公告)日：2023-08-10

申请号：US18301862

申请日：2023-04-17

Applicant: KOUNT INC.

Inventor： Joshua Michael JOHNSTON ,  Matthew Lewis JONES ,  Nathan Daniel MONNIG ,  Divyanshu Rohit MURLI

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/1433 ,  H04L63/1458

Abstract: A method described herein involves various operations directed toward network security. The operations include accessing transaction data describing network traffic associated with a web server during an interval. Based on a count of new transactions involving an online entity during the interval according to the transaction data, a short-term trend is determined for the online entity. The operations further include applying exponential smoothing to a history of transactions of the online entity to compute a long-term trend for the online entity. Based on a comparison between the short-term trend and the long-term trend for the online entity, an anomaly is detected with respect to the online entity in the network traffic associated with the web server. Responsive to detecting the anomaly, an access control is implemented between the online entity and the web server.

公开(公告)号：US20220038481A1

公开(公告)日：2022-02-03

申请号：US17389159

申请日：2021-07-29

Applicant: KOUNT INC.

Inventor： Matthew Lewis JONES

IPC: H04L29/06

Abstract: A method described herein involves various operations directed toward network security. The operations include accessing a traffic attribute describing a feature of network traffic. The operations further include determining a baseline distribution for the traffic attribute of a baseline set of transactions involving an online system over a baseline period and, additionally, determining an observed distribution for the traffic attribute of an observed set of transactions involving the online system over an observed period. Using the observed distribution and the baseline distribution, an attribute risk value for the traffic attribute is computed. The operations further include detecting that an anomaly exists in the traffic attribute of the observed set of transactions, based on the attribute risk value. Responsive to detecting the anomaly, an access control is implemented for access to the online system by additional transactions having a particular value in the traffic attribute meeting a pattern of the anomaly.

公开(公告)号：US20240250981A1

公开(公告)日：2024-07-25

申请号：US18597551

申请日：2024-03-06

Applicant: KOUNT, INC.

Inventor： Matthew Lewis JONES

IPC: H04L9/40

CPC classification number: H04L63/1433 ,  H04L63/126

Abstract: Various aspects involve determining legitimacy of an email address for risk assessment or other purposes. For instance, a risk assessment computing system receives a risk assessment query that identifies an email address. The risk assessment computing system determines a set of features for the email address. For each feature, the risk assessment computing system calculates an illegitimacy score by calculating a deviation of the feature from an expected safe value for the feature that is determined from historical email addresses. The risk assessment computing system aggregates the illegitimacy scores of the plurality of features into an aggregated illegitimacy score and further transmits a legitimacy risk value to a remote computing system. The legitimacy risk value indicates the aggregated illegitimacy score and can be used in controlling access of a computing device associated with the email address to one or more interactive computing environments.

公开(公告)号：US20220417275A1

公开(公告)日：2022-12-29

申请号：US17357866

申请日：2021-06-24

Applicant: KOUNT, INC.

Inventor： Matthew Lewis JONES

IPC: H04L29/06

Abstract: Various aspects involve determining legitimacy of an email address for risk assessment or other purposes. For instance, a risk assessment computing system receives a risk assessment query that identifies an email address. The risk assessment computing system determines a set of features for the email address. For each feature, the risk assessment computing system calculates an illegitimacy score by calculating a deviation of the feature from an expected safe value for the feature that is determined from historical email addresses. The risk assessment computing system aggregates the illegitimacy scores of the plurality of features into an aggregated illegitimacy score and further transmits a legitimacy risk value to a remote computing system. The legitimacy risk value indicates the aggregated illegitimacy score and can be used in controlling access of a computing device associated with the email address to one or more interactive computing environments.

公开(公告)号：US20220377096A1

公开(公告)日：2022-11-24

申请号：US17754854

申请日：2021-07-14

Applicant: KOUNT INC.

Inventor： Joshua Michael JOHNSTON ,  Matthew Lewis JONES ,  Nathan Daniel MONNIG ,  Divyanshu Rohit MURLI

IPC: H04L9/40

Abstract: A method described herein involves various operations directed toward network security. The operations include accessing transaction data describing network traffic associated with a web server during an interval. Based on a count of new transactions involving an online entity during the interval according to the transaction data, a short-term trend is determined for the online entity. The operations further include applying exponential smoothing to a history of transactions of the online entity to compute a long-term trend for the online entity. Based on a comparison between the short-term trend and the long-term trend for the online entity, an anomaly is detected with respect to the online entity in the network traffic associated with the web server. Responsive to detecting the anomaly, an access control is implemented between the online entity and the web server.