公开(公告)号：US20240396905A1

公开(公告)日：2024-11-28

申请号：US18763984

申请日：2024-07-03

Applicant: SAP SE

Inventor： Laurent Y. Gomez ,  Cedric R.J. Hebert ,  Slim Trabelsi

IPC: H04L9/40 ,  G06N20/20

Abstract: In an example embodiment, a combination of machine learning and rule-based techniques are used to automatically detect social engineering attacks in a computer system. More particularly, three phases of detection are utilized on communications in a thread or stream of communications: attack contextualization, intention classification, and security policy violation detection. Each phase of detection causes a score to be generated that is reflective of the degree of danger in the thread or stream of communications, and these scores may then be combined into a single global social engineering attack score, which then may be used to determined appropriate actions to deal with the attack if it transgresses a threshold.

公开(公告)号：US20230068346A1

公开(公告)日：2023-03-02

申请号：US17405267

申请日：2021-08-18

Applicant: SAP SE

Inventor： Cedric R.J. Hebert ,  Merve Sahin

IPC: H04L29/06 ,  G06F9/54

Abstract: In an example embodiment, rather than merely identifying and patching vulnerabilities, a defender in a computer system is able to utilize deception to set traps for attackers who might attack an application. In this manner, rather than the attacker simply merely needing one entry point to succeed, the attacker would then need to avoid all traps, and the defender only needs one trap to be alerted of the attacker. More particularly, in an example embodiment, traps are set in a way that fools attackers, by blending deceptive but believable network traffic into real traffic to and from the application.

公开(公告)号：US20230046392A1

公开(公告)日：2023-02-16

申请号：US17401873

申请日：2021-08-13

Applicant: SAP SE

Inventor： Laurent Y. Gomez ,  Cedric R.J. Hebert ,  Slim Trabelsi

IPC: H04L29/06 ,  G06N20/20

Abstract: In an example embodiment, a combination of machine learning and rule-based techniques are used to automatically detect social engineering attacks in a computer system. More particularly, three phases of detection are utilized on communications in a thread or stream of communications: attack contextualization, intention classification, and security policy violation detection. Each phase of detection causes a score to be generated that is reflective of the degree of danger in the thread or stream of communications, and these scores may then be combined into a single global social engineering attack score, which then may be used to determined appropriate actions to deal with the attack if it transgresses a threshold.