公开(公告)号：US20190166144A1

公开(公告)日：2019-05-30

申请号：US16203681

申请日：2018-11-29

申请人： NEC Corporation Of America ,  B.G. Negev Technologies & Applications Ltd., at Ben-Gurion University

发明人： Yisroel Avraham Mirsky ,  Oleg Brodt ,  Asaf Shabtai ,  Yuval Elovici ,  Masayuki Nakae

IPC分类号： H04L29/06 ,  G06N20/00

摘要： A method of monitoring network traffic in a communication network with a sentinel module to detect malicious activity is described. A gateway sentinel module receives network traffic directed through a gateway installed for a local distribution of the network, the gateway connecting the local distribution of the network to a core of the network. Malicious activity in the local distribution is detected based on a combination of: a local machine-learning model for identifying malicious activity in the local distribution, the local machine-learning model modelling network traffic from the local distribution; and a global machine-learning model. The global machine-learning model models network traffic from a plurality of local distributions of the network based training data from a plurality of local sentinel modules executed on a respective plurality of computing nodes. The computing nodes respectively receive network traffic from the plurality of location distributions. A corresponding device and system are also described.

公开(公告)号：US11201882B2

公开(公告)日：2021-12-14

申请号：US16203681

申请日：2018-11-29

申请人： NEC Corporation Of America ,  B.G. Negev Technologies & Applications Ltd., at Ben-Gurion University

发明人： Yisroel Avraham Mirsky ,  Oleg Brodt ,  Asaf Shabtai ,  Yuval Elovici ,  Masayuki Nakae

IPC分类号： H04L29/06 ,  G06N20/00 ,  H04L29/08 ,  H04W4/70 ,  H04W12/122

摘要： A method of monitoring network traffic in a communication network with a sentinel module to detect malicious activity is described. A gateway sentinel module receives network traffic directed through a gateway installed for a local distribution of the network, the gateway connecting the local distribution of the network to a core of the network. Malicious activity in the local distribution is detected based on a combination of: a local machine-learning model for identifying malicious activity in the local distribution, the local machine-learning model modelling network traffic from the local distribution; and a global machine-learning model. The global machine-learning model models network traffic from a plurality of local distributions of the network based training data from a plurality of local sentinel modules executed on a respective plurality of computing nodes. The computing nodes respectively receive network traffic from the plurality of location distributions. A corresponding device and system are also described.