公开(公告)号：US20210320946A1

公开(公告)日：2021-10-14

申请号：US17229386

申请日：2021-04-13

Applicant: Qatar Foundation for Education, Science and Community Development

Inventor： Yazan Boshmaf ,  Mashael Al Sabah ,  Mohamed Nabeel

IPC: H04L29/06 ,  H04L29/12

Abstract: The main objective of Certificate Transparency (CT) is to detect mis-issued certificates or rouge certificate authorities. It has been observed that phishing sites have been increasingly acquiring certificates to look more legitimate and reach more victims, thus providing an opportunity to predict phishing domains early. The present disclosure provides systems and methods for early detection of phishing and benign domain traces in CT logs. The provided system may predict phishing domains early even before content is available via time-, issuer-, and certificate-based characteristics that are used to identify sets of CT-based inexpensive and novel features. The CT-features are augmented with other features including passive DNS (pDNS) and domain-based lexical features.

公开(公告)号：US20240154997A1

公开(公告)日：2024-05-09

申请号：US18387937

申请日：2023-11-08

Applicant: Qatar Foundation for Education, Science and Community Development

Inventor： Priyanka Dodia ,  Mashael Al Sabah

IPC: H04L9/40 ,  G06N20/00

CPC classification number: H04L63/145 ,  G06N20/00 ,  H04L63/1425

Abstract: A machine learning model for classifying encrypted traffic as benign or malicious without having to decrypt the traffic is provided that used traffic patterns from network logs to classify the traffic based on learned patterns for malware, and is capable of identifying zero-day malware is provided via: extracting encrypted traffic from communication logs for a network; identifying, from the encrypted traffic, while still encrypted, traffic patterns for users of the network; and classifying, via a machine learning model, the encrypted traffic as benign traffic or malicious traffic without decrypting the encrypted traffic according to the traffic patterns identified.

公开(公告)号：US20200372014A1

公开(公告)日：2020-11-26

申请号：US16880575

申请日：2020-05-21

Applicant: Qatar University ,  Qatar Foundation for Education, Science and Community Development

Inventor： Yazan Boshmaf ,  Husam Al Jawaheri ,  Mashael Al Sabah

IPC: G06F16/23 ,  G06F16/245

Abstract: A system and method for performing full-stack blockchain analytics is disclosed. For example, blockchain analysis system comprises a blockchain operation module which integrates with the blockchain network and contains the data source that contains a plurality of blockchain data. The analysis system further comprises a blockchain analysis module that parses and analyzes the blockchain data. Additionally, the system comprises a blockchain tag module that determines a plurality of customizable tags based on the blockchain data and external data sources, and defines a low-level query interface that integrates customizable tags as objects into the blockchain data. The analysis system also comprises a blockchain search module that receives a blockchain search request, maintains a plurality of search indexes and a plurality of user-specific data, and determines a blockchain search result based on the blockchain search request and a plurality of tagged and untagged blockchain data.

公开(公告)号：US20220116782A1

公开(公告)日：2022-04-14

申请号：US17495391

申请日：2021-10-06

Applicant: Qatar Foundation for Education, Science and Community Development

Inventor： Mashael Al Sabah ,  Mohamed Nabeel ,  Euijin Choo ,  Issa M Khalil ,  Ting Yu ,  Wei Wang

IPC: H04W12/121 ,  G06F16/901 ,  H04W12/30

Abstract: A system is provided for identifying compromised mobile devices from a network administrator's point of view. The provided system utilizes a graph-based inference approach that leverages an assumed correlation that devices sharing a similar set of installed applications will have a similar probability of being compromised. Stated differently, the provided system determines whether a given unknown device is compromised or not by analyzing its connections to known devices. Such connections are generated from a small set of known compromised mobile devices and the network traffic data of mobile devices collected by a service provider or network administrator. The proposed system is accordingly able to reliably detect unknown compromised devices without relying on device-specific features.

公开(公告)号：US11546377B2

公开(公告)日：2023-01-03

申请号：US17229386

申请日：2021-04-13

Applicant: Qatar Foundation for Education, Science and Community Development

Inventor： Yazan Boshmaf ,  Mashael Al Sabah ,  Mohamed Nabeel

IPC: H04L29/06 ,  H04L29/12 ,  H04L9/40 ,  G06F21/50 ,  H04L61/4511

Abstract: The main objective of Certificate Transparency (CT) is to detect mis-issued certificates or rouge certificate authorities. It has been observed that phishing sites have been increasingly acquiring certificates to look more legitimate and reach more victims, thus providing an opportunity to predict phishing domains early. The present disclosure provides systems and methods for early detection of phishing and benign domain traces in CT logs. The provided system may predict phishing domains early even before content is available via time-, issuer-, and certificate-based characteristics that are used to identify sets of CT-based inexpensive and novel features. The CT-features are augmented with other features including passive DNS (pDNS) and domain-based lexical features.