利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

13 条记录 (耗时 0.012 秒)

    Method for automatic aggregating and enriching data from honeypots
    2.
    发明授权
    Method for automatic aggregating and enriching data from honeypots 有权

    公开(公告)号:US11671449B2

    公开(公告)日:2023-06-06

    申请号:US17493903

    申请日:2021-10-05

    申请人: Nozomi Networks Sagl

    发明人: Alexey Kleymenov Alessandro Di Pinto Moreno Carullo Andrea Carcano

    IPC分类号: H04L9/40

    CPC分类号: H04L63/1491

    摘要: The present invention relates to a method for automatic aggregating and enriching data from honeypots comprising defining a plurality of identified honeypots of a different type to be monitored in a network; collecting metadata and samples from said honeypots of a different type in said network, which in turn comprises defining a predefined collection model for the honeypots such as to collect homogeneous metadata and samples among the honeypots of a different type, extracting the metadata according to the collection model defining a model metadata, and extracting the samples according to the collection model defining model samples; enriching said metadata and sample collected, which in turn comprises scanning the model metadata to extract IoCs, scanning the model samples to extract IoCs, recursively scanning the model samples to generate secondary model metadata and scanning the secondary model metadata to extract IoCs, until no further IoCs can be generated, recursively obtaining secondary samples from the extracted IoCs and scanning the secondary model samples to extract IoCs, until no further secondary samples are obtained; and aggregating said metadata and samples collected and/or enriched, which in turn comprises aggregating metadata by a predefined metadata model aggregation and aggregating samples by a predefined samples model aggregation.

    Method and apparatus for detecting anomalies of a DNS traffic
    4.
    发明授权
    Method and apparatus for detecting anomalies of a DNS traffic 有权

    公开(公告)号:US11722504B2

    公开(公告)日:2023-08-08

    申请号:US17134336

    申请日:2020-12-26

    申请人: Nozomi Networks Sagl

    发明人: Alessandro Di Pinto Moreno Carullo Andrea Carcano Mario Marchese Fabio Patrone Alessandro Fausto Giovanni Battista Gaggero

    IPC分类号: H04L61/4511 H04L9/40

    CPC分类号: H04L63/1425 H04L61/4511 H04L63/1416 H04L63/1441

    摘要: The present invention relates to a method and an apparatus for detecting anomalies of a DNS traffic in a network comprising analysing, through a network analyser connected to said network, each data packets exchanged in the network, isolating, through the network analyser, from each of the analysed data packets the related DNS packet, evaluating, through a computerized data processing unit, each of the DNS packets generating a DNS packet status, signaling, through the computerized data processing unit, an anomaly of the DNS traffic when the DNS packet status defines a critical state, wherein the evaluating further comprises assessing, through the computerized data processing unit, each of the DNS packet by a plurality of evaluating algorithms generating a DNS packet classification for each of the evaluating algorithms, aggregating, through the computerized data processing unit, the DNS packet classifications generating the DNS packet status, and wherein the critical state is identified when the DNS packet status is comprised in a critical state database stored in a storage medium.

    Method for automatic derivation of attack paths in a network
    5.
    发明授权
    Method for automatic derivation of attack paths in a network 有权

    公开(公告)号:US11831671B2

    公开(公告)日:2023-11-28

    申请号:US17225392

    申请日:2021-04-08

    申请人: Nozomi Networks Sagl

    发明人: Roberto Bruttomesso Alessandro Cavallaro Corti Moreno Carullo Andrea Carcano

    IPC分类号: H04L29/00 H04L9/40

    CPC分类号: H04L63/1433

    摘要: The present invention relates to a method for automatic derivation of attack paths in a network comprising defining the topology of the network as an enriched network topology, identifying the vulnerabilities of the topology as vulnerabilities information artifacts, building the atomic attack database of the network based on the topology and the vulnerabilities, translating the enriched network topology, the vulnerabilities information artifacts and the atomic attack database into a predefined formal model, executing a predefined SMT-based model checker for the predefined formal model to seek counterexamples and deriving the attack paths from the counterexamples, wherein the defining the topology comprises running, by a computerized data processing unit operatively connected to the network, a module of deep packet inspection of the network to build a network topology based on the information derived from the deep packet inspection module, running, by the computerized data processing unit, a module of active queries of the network to add further information to the network topology based on the information derived from the active queries to build the enriched network topology, wherein the identifying the vulnerabilities comprises running, by the computerized data processing unit, a vulnerability assessment module to identify the vulnerabilities information artifacts of each node of the network based on the matching between nodes information of the enriched network topology and known vulnerabilities of a predefined vulnerabilities database and wherein the building the atomic attack database comprises finding, by the computerized data processing unit, one or more atomic attacks for the network as preconditions and actions to capture the state of the system at a given moment in time, wherein the actions are expressed in terms of a set of features of said nodes.

    Method for forecasting health status of distributed networks by artificial neural networks
    6.
    发明授权
    Method for forecasting health status of distributed networks by artificial neural networks 有权

    公开(公告)号:US11586921B2

    公开(公告)日:2023-02-21

    申请号:US16915326

    申请日:2020-06-29

    申请人: Nozomi Networks Sagl

    发明人: Andrea Carcano Moreno Carullo

    IPC分类号: G06N3/08 G06N3/04 H04L9/40

    摘要: The present invention relates to a method for forecasting health status of a distributed network by an artificial neural network comprising the phase of identifying one or more sites, one or more assets of the sides and the links between the identified assets in said distributed network, comprising the phase of evaluating the actual health status of each of the identified assets, the phase of evaluating the actual health status of each of said identified sites and the phase of forecasting, by the artificial neural network, the subsequent health status of each of the identified sites according to a forecasting function based on a set of values comprising the actual asset health status rank, the actual asset infection risk, the actual asset infection factor, the actual site health status rank and the actual site infection risk.

    Method for representing objects of a network in a GUI with a graph clustering
    7.
    发明授权
    Method for representing objects of a network in a GUI with a graph clustering 有权

    公开(公告)号:US11983803B2

    公开(公告)日:2024-05-14

    申请号:US17591504

    申请日:2022-02-02

    申请人: Nozomi Networks Sagl

    发明人: Paolo Di Francescantonio Alessandro Cavallaro Corti Moreno Carullo Andrea Carcano

    IPC分类号: G06T11/20 H04L41/22

    CPC分类号: G06T11/206 H04L41/22 G06T2200/24

    摘要: The present invention relates to a method for representing objects of a network in a GUI with a graph clustering comprising retrieving a base graph comprising all of the objects of the network as respective nodes and links between said nodes, grouping two or more of the nodes in one or more clusters, initializing the clusters by calculating the cluster mass and the cluster radius of each of the clusters, assessing the clusters defining a visualization graph which represents the base graph as seen from a predefined distance value and positioning the visualization graph in the GUI, wherein the assessing comprises creating an empty visualization graph, calculating for each of the clusters the distance ratio as ratio between the cluster radius and the predefined distance value, evaluating the distance ratio with regard to a predefined distance ratio threshold, compressing the cluster when the distance ratio is higher than the predefined distance ratio threshold, adding in the visualization graph a single compressed cluster node for all child nodes and all child clusters arranged inside the cluster to be compressed, expanding the cluster when the distance ratio is lower than the predefined distance ratio threshold, adding in the visualization graph a plurality of nodes for all child nodes and all child clusters arranged inside the cluster to be expanded and adding in the visualization graph a link between the cluster and the node outside the cluster if the link was present between a node inside the cluster and the node outside the cluster in the base graph and a link between two of the clusters if the link was present between a node inside one of the clusters and a node inside the other of the clusters in the base graph, wherein every time a link needs to be added between the same of the cluster and of the node outside the cluster a count of a link strength is increased of an integer unit and wherein every time a link needs to be added between the same of two of the clusters a count of a link strength is increased of an integer unit.

    Method for representing objects of a network in a GUIs
    8.
    发明授权
    Method for representing objects of a network in a GUIs 有权

    公开(公告)号:US11388065B1

    公开(公告)日:2022-07-12

    申请号:US17187821

    申请日:2021-02-28

    申请人: Nozomi Networks Sagl

    发明人: Paolo Di Francescantonio Alessandro Cavallaro Corti Moreno Carullo Andrea Carcano

    IPC分类号: H04L41/22 H04L43/045 H04L41/14

    摘要: The present invention relates to a method for representing objects of a network in a GUI comprising allocating all of the objects of the network as respective nodes in a two-dimensional space, assessing the gravitational forces of the nodes, and positioning the objects as graph in the GUI based on the gravitational forces of the nodes, wherein the allocating comprises enclosing all of the nodes in a single base square, dividing the single base square in a plurality of 1st-level squares, each of the 1st-level squares in a plurality of 2nd-level squares, iterating the subdividing of each of the (n)th-level squares in a plurality of (n+1)th-level squares, wherein the subdividing is made for the (n)th-level squares provided with two or more of the nodes, wherein the assessing comprises selecting as source square one of the squares starting from the highest level, selecting and as receiver square one the squares starting from the highest level, evaluating if the source square and the receiver square are distant, computing the forces acting on the receiver square from the source square, if the source square and the receiver square are evaluated as distant or if the source square and the receiver square are evaluated as not distant and have respectively no lower level squares nested, sub-selecting as source square or as receiver square one of the squares of a lower level if the source square and the receiver square are evaluated as not distant, wherein the sub-selecting is iterated for all squares at same level, wherein the assessing is iterated for all the the possible combinations of source and receiver squares at 1st level, and wherein the assessing further comprises distributing, by the computerized data processing unit, the forces acting on each of the receiver square to all of the nodes in the corresponding receiver square defining the gravitational forces of all of the nodes.

    Method for evaluating quality of rule-based detections
    10.
    发明授权
    Method for evaluating quality of rule-based detections 有权

    公开(公告)号:US11930027B2

    公开(公告)日:2024-03-12

    申请号:US17563106

    申请日:2021-12-28

    申请人: Nozomi Networks Sagl

    发明人: Alexey Kleymenov Alessandro Di Pinto Moreno Carullo Andrea Carcano

    IPC分类号: G06F21/00 H04L9/40

    CPC分类号: H04L63/1425 H04L63/1416 H04L63/1466 H04L63/20

    摘要: The present invention relates to a method for evaluating quality of signature-based detections in an infrastructure provided with a plurality of sensors, comprising defining predefined rules for the rule-based detections, wherein the rules are of a silent type such that operate without generating alerts to the user of the infrastructure, collecting telemetry events at each of the sensors, storing the telemetry events of each of the sensors to respective local sensor databases operatively connected to the sensors, aggregate, at predetermined aggregating time intervals, the telemetry events from the local sensor databases to a central database, analyzing the telemetry events at the central database, by evaluating the telemetry events with respect to the rules and calculating the quality measurements of the rules, according to a plurality of predefined quality metrics in a predefined metrics time interval, wherein the quality metrics comprise precision metric, by counting the instances of false positives of the telemetry events with respect to the predefined rules, recall metric, by counting the instances of false negatives of the telemetry events with respect to the predefined rules and performance metric, by counting the instances of rules hits over predefined evaluation time interval and the ratio between the partial and full of the rules matching, wherein the method for evaluating quality of rule-based detections further comprises releasing verified rules for the rule-based detections as predefined rules having the quality measurements within a predetermined quality target range, and wherein the verified rules are of alerting type such that operate generating alerts to the user of the infrastructure.