公开(公告)号：US20190251260A1

公开(公告)日：2019-08-15

申请号：US16390801

申请日：2019-04-22

申请人： Darktrace Limited

发明人： Jack Stockdale ,  Alex Markham

IPC分类号： G06F21/56 ,  H04L12/24 ,  H04L29/06 ,  G06F21/55 ,  G06F21/57

CPC分类号： G06F21/566 ,  G06F21/552 ,  G06F21/577 ,  H04L41/069 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1433

摘要： Disclosed herein is a method for detection of a cyber-threat to a computer system. The method is arranged to be performed by a processing apparatus. The method comprises receiving input data associated with a first entity associated with the computer system, deriving metrics from the input data, the metrics representative of characteristics of the received input data, analysing the metrics using one or more models, and determining, in accordance with the analysed metrics and a model of normal behavior of the first entity, a cyber-threat risk parameter indicative of a likelihood of a cyber-threat. A computer readable medium, a computer program and a threat detection system are also disclosed.

公开(公告)号：US20190251258A1

公开(公告)日：2019-08-15

申请号：US15754966

申请日：2016-08-18

申请人： Volexity, LLC

发明人： Aaron Walters ,  Michael Ligh ,  Steven Adair

IPC分类号： G06F21/56 ,  G06F21/54 ,  G06F21/57 ,  H04L29/06 ,  G06F21/53

CPC分类号： G06F21/566 ,  G06F21/52 ,  G06F21/53 ,  G06F21/54 ,  G06F21/577 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/145

摘要： Systems, methods, and processing devices for aiding with cyber intrusion investigations that includes capabilities for extracting data from a specified range of a volatile memory of a target processing device, reconstructing data structures and artifacts from the extracted data; and generating and presenting a visualization of the reconstructed data structures and the reconstructed artifacts.

公开(公告)号：US20190220623A1

公开(公告)日：2019-07-18

申请号：US16363454

申请日：2019-03-25

申请人： OneTrust, LLC

发明人： Kabir A. Barday ,  Jonathan Blake Brannon

IPC分类号： G06F21/62 ,  G06F21/54 ,  H04L29/06 ,  G06F21/57

CPC分类号： G06F21/6245 ,  G06F3/04842 ,  G06F21/54 ,  G06F21/577 ,  G06F2221/2101 ,  G06Q50/01 ,  H04L63/04 ,  H04L63/20 ,  H04W12/02

摘要： A privacy compliance measurement system, according to particular embodiments, is configured to determine compliance with one or more privacy compliance requirements by an organization or sub-group of the organization. In various embodiments, the system is configured to determine a privacy maturity rating for each of a plurality of sub-groups within an organization. In some embodiments, the privacy maturity rating is based at least in part on: (1) a frequency of risks or issues identified with Privacy Impact Assessments (PIAs) performed or completed by the one or sub-groups; (2) a relative training level of members of the sub-groups with regard to privacy related matters; (3) a breadth and amount of personal data collected by the sub-groups; and/or (4) etc. In various embodiments, the system is configured to automatically modify one or more privacy campaigns based on the determined privacy maturity ratings.

公开(公告)号：US20190207981A1

公开(公告)日：2019-07-04

申请号：US16240470

申请日：2019-01-04

申请人： OPAQ Networks, Inc.

发明人： Matthew Stephen Sweeney ,  Casey CORCORAN ,  John CAMP ,  Chris WACKER ,  Brit WANICK ,  Derek Gabbard

IPC分类号： H04L29/06 ,  H04L12/24 ,  H04L12/26

CPC分类号： H04L63/20 ,  G06F21/577 ,  G06F2221/034 ,  G06Q10/0635 ,  H04L41/0686 ,  H04L41/069 ,  H04L41/0816 ,  H04L41/0883 ,  H04L41/142 ,  H04L41/145 ,  H04L43/045 ,  H04L43/06 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441

摘要： Method and system embodiments for assessing control maturity in security operations environments are described. According to some embodiments, the method facilitates a nonintrusive, automated means to configure and detect security controls installed in an Information Technology (IT) environment. The system verifies that these controls function as expected over a specified period of time and then maps each security control to a cell in a matrix of operational functions crossed with asset classes. The system captures metrics for security control activity that are displayed in the matrix to facilitate an assessment of security control architectural maturity. The system automatically generates visual and textual reports that provide recommendations to improve cybersecurity by enhancing existing and adding new controls, specify a suggested timeline for introducing those controls, and document gaps in compliance. The reports include automated remediation recommendations per compliance framework, including the ability to apply custom frameworks.

公开(公告)号：US20190205534A1

公开(公告)日：2019-07-04

申请号：US15860278

申请日：2018-01-02

申请人： International Business Machines Corporation

发明人： Janusz Marecki ,  Fei Fang ,  Dharmashankar Subramanian

IPC分类号： G06F21/55 ,  G06F9/50 ,  G06F21/57

CPC分类号： G06F21/554 ,  G06F9/5016 ,  G06F21/552 ,  G06F21/577 ,  G06F2221/034

摘要： Methods and systems for determining a reallocation of resources are described. A device may determine initial allocation data that indicates a first amount of resources allocated to a plurality of areas. The device may determine a set of attacker expected rewards based on the initial allocation data. The device may determine a set of defender expected rewards based on the attacker expected rewards. The device may determine moving rewards indicating defensive scores in response to movement of the resources among the plurality of areas. The device may determine defender response rewards indicating defensive scores resulting from an optimal attack on the plurality of areas. The device may generate reallocation data indicating an allocation of a second amount of resources to the plurality of areas. The second amount of resources may maximize the moving rewards and the defender response rewards.

公开(公告)号：US20190188405A1

公开(公告)日：2019-06-20

申请号：US16277445

申请日：2019-02-15

申请人： JPS Engineering Corp.

发明人： Jorge Sanchez

IPC分类号： G06F21/62 ,  H04L29/06 ,  H04W12/08 ,  G06F21/45 ,  H04W4/70 ,  H04W12/12 ,  G06F21/53 ,  H04W12/06 ,  G06F21/72 ,  G06F21/60 ,  G06F21/57 ,  G06F21/56

CPC分类号： G06F21/6218 ,  G06F21/45 ,  G06F21/53 ,  G06F21/566 ,  G06F21/577 ,  G06F21/602 ,  G06F21/72 ,  H04L63/0272 ,  H04L63/0428 ,  H04L63/083 ,  H04L63/101 ,  H04L63/145 ,  H04W4/70 ,  H04W12/06 ,  H04W12/08 ,  H04W12/12 ,  H04W12/1208

摘要： The disclosed embodiments provide a method and apparatus for protecting a critical computer system from malware intrusions. An isolator containing access approval features is disclosed. The isolator requires the approval of a Supervisor which can be a person with authority or an intelligent computer before a user can have access to the critical computer system. The isolator contains features used to facilitate cascaded encryption and decryption of messages which further enhances the security of the critical computer system. The isolator can greatly improve security of infrastructure such as industrial control systems, servers and workstations. The disclosed embodiments also provide a set of software and hardware features used to provide detection, prevention and recovery from a Cyber-attack in an Internet of Things installation.

公开(公告)号：US20190108330A1

公开(公告)日：2019-04-11

申请号：US15729092

申请日：2017-10-10

申请人： Amit Kumar Sikder ,  Hidayet Aksu ,  A. Selcuk Uluagac

发明人： Amit Kumar Sikder ,  Hidayet Aksu ,  A. Selcuk Uluagac

IPC分类号： G06F21/52 ,  G06F21/55 ,  G06F21/56 ,  G06F21/44

CPC分类号： G06F21/52 ,  G06F21/44 ,  G06F21/554 ,  G06F21/566 ,  G06F21/577

摘要： A smart device can include a data oriented sensor providing a numerical value, a logic oriented sensor providing a state, a sensor value collector connected to the data oriented sensor, a sensor logic state detector connected to the logic oriented sensor, a data processor connected to the sensor value collector and the sensor logic state detector, and a data analyzer connected to the data processor. The data processor can take the numerical value received from the sensor value collector, calculate an average value from the numerical value, sample the state receiving from the sensor logic state detector, and create an input matrix by using the average value and the sampled state. The data analyzer can receive the input matrix, train an analytical model, and check a data to indicate whether a state of the smart device is malicious or not.

公开(公告)号：US20190104142A1

公开(公告)日：2019-04-04

申请号：US16206054

申请日：2018-11-30

申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION

发明人： Swaminathan Balasubramanian ,  Radha M. De ,  Ashley D. Delport ,  Indrajit Poddar ,  Cheranellore Vasudevan

IPC分类号： H04L29/06 ,  G06F21/62 ,  G06F21/57 ,  G06F21/10 ,  G06F21/55 ,  H04L9/32

CPC分类号： H04L63/1416 ,  G06F21/10 ,  G06F21/554 ,  G06F21/577 ,  G06F21/6218 ,  G06F2221/2113 ,  H04L9/32 ,  H04L9/3271 ,  H04L63/08 ,  H04L63/102 ,  H04L63/1433 ,  H04L63/1441

摘要： A computer-implemented method includes: detecting, by a user device, an event that indicates a potential security compromise of the user device; determining, by the user device, a service accessible on the user device; sending, by the user device, a breach notification to a service provider corresponding to the service accessible on the user device; receiving, by the user device, a security profile from the service provider; and restricting, by the user device, access to the service provider by a client of the service provider on the user device until the security profile is satisfied by a user completing a security challenge defined in the security profile.

公开(公告)号：US20190065755A1

公开(公告)日：2019-02-28

申请号：US15692429

申请日：2017-08-31

申请人： International Business Machines Corporation

发明人： Yoichi Hatsutori ,  Takuya Mishina ,  Naoto Sato ,  Fumiko Satoh

IPC分类号： G06F21/57 ,  G06F21/10

CPC分类号： G06F21/577 ,  G06F21/10 ,  G06F21/554 ,  H04L63/14 ,  H04L63/1416 ,  H04L63/1425

摘要： A computer-implemented method, a computer program product, and a computer system for transformation of security information and event management (SIEM) rules and deploying the SIEM rules in a network of event processors. A computer system or server converts the SIEM rules to formal representations. The computer system or server generates rule abstraction of the formal representations, by using an abstraction function. The computer system or server constructs a finite automaton based on the rule abstraction. The computer system or server eliminates irrelevant transitions in the finite automaton to generate an optimized finite automaton. The computer system or server generates optimized formal rules, based on the optimized finite automaton. The computer system or server converts the optimized formal rules to optimized SIEM rules. The computer or server deploys the optimized SIEM rules in the network of the event processors.

公开(公告)号：US20190052650A1

公开(公告)日：2019-02-14

申请号：US15671218

申请日：2017-08-08

申请人： International Business Machines Corporation

发明人： Xin Hu ,  Jiyong Jang ,  Douglas Lee Schales ,  Marc Philippe Stoecklin ,  Ting Wang

IPC分类号： H04L29/06 ,  G06F21/56 ,  G06F21/55

CPC分类号： H04L63/1408 ,  G06F21/55 ,  G06F21/552 ,  G06F21/566 ,  G06F21/577 ,  H04L61/1511 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/145

摘要： A command endpoint used by Domain Generation Algorithm (DGA) malware is identified using machine learning-based clustering. According to this technique, at least one attribute associated with a candidate resolved DNS name is identified. The candidate resolved DNS name has associated therewith a set of names that are failed DNS lookups but that cluster with the candidate resolved DNS name. A set of additional names that share the at least one attribute with the candidate resolved DNS name are then identified. For the set of additional names, an extent to which the set of additional names also clusters with the set of names that are failed DNS lookups is then determined. The candidate resolved DNS name is characterized as associated with the command endpoint when the set of additional names cluster with the set of names that are failed DNS lookups to a configurable degree.