专利检索 ap:("Sophos Limited") AND inv:"Tamás Vörös" 第 1 页

1.

发明授权
Methods and apparatus for using machine learning to classify malicious infrastructure 有权

公开(公告)号：US12010129B2

公开(公告)日：2024-06-11

申请号：US17239128

申请日：2021-04-23

申请人： Sophos Limited

发明人： Tamás Vörös , Richard Harang , Joshua Daniel Saxe

IPC分类号： H04L29/06 , G06N3/045 , H04L9/40

CPC分类号： H04L63/1425 , G06N3/045 , H04L63/0236 , H04L63/1416 , H04L63/20

摘要： Embodiments disclosed include methods and apparatus for detecting a reputation of infrastructure associated with potentially malicious content. In some embodiments, an apparatus includes a memory and a processor. The processor is configured to identify an Internet Protocol (IP) address associated with potentially malicious content and define each row of a matrix by applying a different subnet mask from a plurality of subnet masks to a binary representation of the IP address to define that row of the matrix. The processor is further configured to provide the matrix as an input to a machine learning model, and receive, from the machine learning model, a score associated with a maliciousness of the IP address.

2.

发明公开
SECURITY THREAT ALERT ANALYSIS AND PRIORITIZATION 审中-公开

公开(公告)号：US20230362184A1

公开(公告)日：2023-11-09

申请号：US17958147

申请日：2022-09-30

申请人： Sophos Limited

发明人： Ben Uri Gelman , Salma Taoufiq , Konstantin Berlin , Tamás Vörös

IPC分类号： H04L9/40

CPC分类号： H04L63/1433

摘要： A method for prioritizing security events comprises receiving a security event that includes security event data having been generated by an endpoint agent based on a detected activity, wherein the security event data includes one or more features; applying a first computing model to the security event data to automatically determine which of the one or more features are one or more input features to a machine learning system; applying a second computing model to historical data related to the security event data to determine time pattern information of the security event data as an input to the machine learning system; combining the one or more input features from the first computing model and the input from the second computing model to generate a computed feature result; and generating an updated security level value of the security event from the computed feature result.