公开(公告)号：US20220201036A1

公开(公告)日：2022-06-23

申请号：US17558986

申请日：2021-12-22

Applicant: Qatar Foundation for Education, Science and Community Development

Inventor： Mohamed Nabeel ,  Issa M. Khalil ,  Ting Yu

IPC: H04L9/40 ,  H04L61/4511 ,  G06K9/62

Abstract: The present application provides a system for detecting brand squatting domains with a three-stage detection pipeline having three different classifiers. The provided system helps predict whether an unknown domain will be malicious. The first classifier detects abusive brand squatting domains, such as those that impersonate exact popular brand names, as soon as the domains are registered. The second classifier detects abusive brand squatting domains when hosting information becomes available, in combination with the information available for the first classifier. The third classifier detects abusive brand squatting domains when certificate information associated with domains is available, in combination with the information available for the first and second classifiers. The performance of each classifier improves from the first to the second to the third with the first classifier making determinations with the least information and the third classifier making determinations with the most information.

公开(公告)号：US20220103498A1

公开(公告)日：2022-03-31

申请号：US17490252

申请日：2021-09-30

Applicant: Qatar Foundation for Education, Science and Community Development ,  Stevens Institute of Technology

Inventor： Mohamed Nabeel ,  Issa Khalil ,  Ting Yu ,  Haipei Sun ,  Hui Wang

IPC: H04L12/58 ,  G06K9/62 ,  G06N20/00

Abstract: The present disclosure provides new and innovative systems and methods for filtering encrypted messages. In an example, a computer-implemented method includes obtaining a message, determining sender profiling features of the message, determining enterprise graph features of the message, determining header features of the message, determining a message flag based on the sender profiling features, the enterprise graph features, and the header features, and processing the message based on the message flag.

公开(公告)号：US20220116782A1

公开(公告)日：2022-04-14

申请号：US17495391

申请日：2021-10-06

Applicant: Qatar Foundation for Education, Science and Community Development

Inventor： Mashael Al Sabah ,  Mohamed Nabeel ,  Euijin Choo ,  Issa M Khalil ,  Ting Yu ,  Wei Wang

IPC: H04W12/121 ,  G06F16/901 ,  H04W12/30

Abstract: A system is provided for identifying compromised mobile devices from a network administrator's point of view. The provided system utilizes a graph-based inference approach that leverages an assumed correlation that devices sharing a similar set of installed applications will have a similar probability of being compromised. Stated differently, the provided system determines whether a given unknown device is compromised or not by analyzing its connections to known devices. Such connections are generated from a small set of known compromised mobile devices and the network traffic data of mobile devices collected by a service provider or network administrator. The proposed system is accordingly able to reliably detect unknown compromised devices without relying on device-specific features.

公开(公告)号：US11570132B2

公开(公告)日：2023-01-31

申请号：US17490252

申请日：2021-09-30

Applicant: Qatar Foundation for Education, Science and Community Development ,  Stevens Institute of Technology

Inventor： Mohamed Nabeel ,  Issa Khalil ,  Ting Yu ,  Haipei Sun ,  Hui Wang

IPC: H04L51/212 ,  H04L51/23 ,  G06N20/00 ,  G06K9/62

Abstract: The present disclosure provides new and innovative systems and methods for filtering encrypted messages. In an example, a computer-implemented method includes obtaining a message, determining sender profiling features of the message, determining enterprise graph features of the message, determining header features of the message, determining a message flag based on the sender profiling features, the enterprise graph features, and the header features, and processing the message based on the message flag.

公开(公告)号：US20210320946A1

公开(公告)日：2021-10-14

申请号：US17229386

申请日：2021-04-13

Applicant: Qatar Foundation for Education, Science and Community Development

Inventor： Yazan Boshmaf ,  Mashael Al Sabah ,  Mohamed Nabeel

IPC: H04L29/06 ,  H04L29/12

Abstract: The main objective of Certificate Transparency (CT) is to detect mis-issued certificates or rouge certificate authorities. It has been observed that phishing sites have been increasingly acquiring certificates to look more legitimate and reach more victims, thus providing an opportunity to predict phishing domains early. The present disclosure provides systems and methods for early detection of phishing and benign domain traces in CT logs. The provided system may predict phishing domains early even before content is available via time-, issuer-, and certificate-based characteristics that are used to identify sets of CT-based inexpensive and novel features. The CT-features are augmented with other features including passive DNS (pDNS) and domain-based lexical features.

公开(公告)号：US20240333749A1

公开(公告)日：2024-10-03

申请号：US18617133

申请日：2024-03-26

Applicant: Qatar Foundation for Education, Science and Community Development

Inventor： Mohamed Nabeel ,  Issa Khalil ,  Ting Yu ,  Fatih Deniz

IPC: H04L9/40 ,  H04L41/16

CPC classification number: H04L63/1433 ,  H04L41/16 ,  H04L63/145

Abstract: Proactively detecting malicious domains using graph representation learning may be provided by extracting seed domains from a uniform resource locator (URL) feed of observed requests for access to domains; expanding the seed domains to a via a passive domain name service (PDNS) crawl to include additional domains with the seed domains; collecting a ground truth, including labeling a first set of the seed domains as benign and a second set of the seed domains as malicious; constructing a graph neural network (GNN) of the additional domains and the seed domains, wherein each domain of the additional domains and the seed domains are represented as a node in the GNN that includes feature values associated that domain; training the GNN to classify unseen domains not associated with a node as either benign or malicious; and classifying, via the GNN, a queried domain as either benign or malicious.

公开(公告)号：US20230171214A1

公开(公告)日：2023-06-01

申请号：US18103046

申请日：2023-01-30

Applicant: Qatar Foundation for Education, Science and Community Development ,  Stevens Institute of Technology

Inventor： Mohamed Nabeel ,  Issa Khalil ,  Ting Yu ,  Haipei Sun ,  Hui Wang

IPC: H04L51/212 ,  G06N20/00 ,  H04L51/23 ,  G06F18/22

CPC classification number: H04L51/212 ,  G06N20/00 ,  H04L51/23 ,  G06F18/22

Abstract: The present disclosure provides new and innovative systems and methods for filtering encrypted messages. In an example, a computer-implemented method includes obtaining a message, determining sender profiling features of the message, determining enterprise graph features of the message, determining header features of the message, determining a message flag based on the sender profiling features, the enterprise graph features, and the header features, and processing the message based on the message flag.

公开(公告)号：US11546377B2

公开(公告)日：2023-01-03

申请号：US17229386

申请日：2021-04-13

Applicant: Qatar Foundation for Education, Science and Community Development

Inventor： Yazan Boshmaf ,  Mashael Al Sabah ,  Mohamed Nabeel

IPC: H04L29/06 ,  H04L29/12 ,  H04L9/40 ,  G06F21/50 ,  H04L61/4511

Abstract: The main objective of Certificate Transparency (CT) is to detect mis-issued certificates or rouge certificate authorities. It has been observed that phishing sites have been increasingly acquiring certificates to look more legitimate and reach more victims, thus providing an opportunity to predict phishing domains early. The present disclosure provides systems and methods for early detection of phishing and benign domain traces in CT logs. The provided system may predict phishing domains early even before content is available via time-, issuer-, and certificate-based characteristics that are used to identify sets of CT-based inexpensive and novel features. The CT-features are augmented with other features including passive DNS (pDNS) and domain-based lexical features.

公开(公告)号：US11206275B2

公开(公告)日：2021-12-21

申请号：US16426477

申请日：2019-05-30

Applicant: Qatar Foundation for Education, Science and Community Development

Inventor： Mohamed Nabeel ,  Issa M. Khalil ,  Ting Yu ,  Euijin Choo

IPC: H04L29/06 ,  G06N20/00 ,  H04L29/12 ,  H04L12/26 ,  G06N20/20 ,  G06N5/02 ,  H04L12/24 ,  G06N5/00 ,  G06N20/10

Abstract: The presently disclosed method and system exploits information and traces contained in DNS data to determine the maliciousness of a domain based on the relationship it has with other domains. A method may comprise providing data to a machine learning module that was previously trained on domain and IP address attributes or classifiers. The method then may comprise classifying apex domains and IP addresses based on the IP address and domain attributes or classifiers. Additionally, the method may comprise associated each of the domains and IP addresses based on the corresponding classification. The method may further comprise building a weighted domain graph at real-time utilizing the DNS data based on the aforementioned associations among domains. The method may then comprise assessing the maliciousness of a domain based on the weighted domain graph that was built.

公开(公告)号：US11784953B2

公开(公告)日：2023-10-10

申请号：US18103046

申请日：2023-01-30

Applicant: Qatar Foundation for Education, Science and Community Development ,  Stevens Institute of Technology

Inventor： Mohamed Nabeel ,  Issa Khalil ,  Ting Yu ,  Haipei Sun ,  Hui Wang

IPC: H04L51/212 ,  H04L51/23 ,  G06N20/00 ,  G06F18/22

CPC classification number: H04L51/212 ,  G06F18/22 ,  G06N20/00 ,  H04L51/23

Abstract: The present disclosure provides new and innovative systems and methods for filtering encrypted messages. In an example, a computer-implemented method includes obtaining a message, determining sender profiling features of the message, determining enterprise graph features of the message, determining header features of the message, determining a message flag based on the sender profiling features, the enterprise graph features, and the header features, and processing the message based on the message flag.