公开(公告)号：US12132705B2

公开(公告)日：2024-10-29

申请号：US17275921

申请日：2019-09-27

Applicant: New H3C Security Technologies Co., Ltd.

Inventor： Xiaohong Zhang

IPC: G06F21/00 ,  H04L9/40

CPC classification number: H04L63/0254 ,  H04L63/0236 ,  H04L63/0263 ,  H04L63/20

Abstract: Disclosed are a packet processing method and apparatus applicable to a network device. The method comprises: receiving a first packet; determining the number of second packets received within a preset duration after the first packet passes basic detection successfully, wherein packet information of the second packet is identical to first packet information of the first packet; determining whether the number of the second packets received is greater than a preset number threshold; if so, removing a first table entry from a fast forwarding table, wherein the first table entry contains second packet information of the first packet; and performing attack detection on the first packet. With the application of the technical solution provided by an example of the present disclosure, the security risk in a network device is efficiently reduced.

公开(公告)号：US20240356981A1

公开(公告)日：2024-10-24

申请号：US18620711

申请日：2024-03-28

Applicant: ColorTokens Inc.

Inventor： Harish Akali ,  Satyam Tyagi ,  Syn Owen ,  Surya Kollimarla ,  Rajesh Khazanchi

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/0263 ,  H04L63/1425

Abstract: Zero trust and micro-segmentation techniques may be collectively used to enhance network security. To establish, refine, and enforce a zero-trust least-privileged policy, the network may be segmented to put each device of the network into a respective network of one, which forces all network traffic to pass through a zero-trust gatekeeper. The gatekeeper may then monitor and analyze the traffic to establish, refine, and enforce the zero-trust least-privileged policy, which reduces network access to only a limited set of network actions and/or paths. Using the gatekeeper, network traffic may be monitored to progressively establish the policy as well as to continually refine the policy. Recommended actions may be determined based on the analysis of the monitored network traffic and provided to the user to allow user feedback on the communication rules of zero-trust policy.

公开(公告)号：US20240356954A1

公开(公告)日：2024-10-24

申请号：US18302423

申请日：2023-04-18

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Mahbod Tavallee ,  Rishabh Singh ,  Stepan Vovshchuk

IPC: H04L9/40 ,  G06F21/55

CPC classification number: H04L63/1433 ,  G06F21/552 ,  H04L63/0263 ,  G06F2201/81

Abstract: Described are techniques for characterizing performance of a cybersecurity detection tool. The techniques include generating a cybersecurity result set in response to applying synthetic test data to the cybersecurity detection tool. The techniques further include extracting respective rules from the cybersecurity detection tool. The techniques further include characterizing the performance of the cybersecurity detection tool based on the cybersecurity result set and the respective rules.

公开(公告)号：US12120134B2

公开(公告)日：2024-10-15

申请号：US17313479

申请日：2021-05-06

Applicant: Noetic Cyber Inc.

Inventor： Kenneth Allen Rogers ,  Allen D. Hadden ,  Craig Roberts ,  Hugh Pyle

IPC: H04L29/06 ,  G06F16/245 ,  G06F16/248 ,  G06F16/25 ,  G06F16/28 ,  G06F16/901 ,  G06F18/214 ,  G06K9/62 ,  G06N20/00 ,  H04L9/40

CPC classification number: H04L63/1425 ,  G06F16/245 ,  G06F16/248 ,  G06F16/252 ,  G06F16/288 ,  G06F16/9024 ,  G06F18/214 ,  G06N20/00 ,  H04L63/0263 ,  H04L63/1416 ,  H04L63/1433 ,  H04L63/20

Abstract: An entity tracking system and method for a computer network employs proactive data collection and enrichment driven by configurable rules and workflows responsive to the discovery of new entities, changes to existing entities, and specifics about the entities' attributes. The data collection is used in conjunction with graph technologies to map interactions and relationships between various entities interacting in the computer environment and deduce interactions and relationships between the entities. Machine learning techniques further identify, group or categorize entities and identify patterns which are indicative of anomalies that might be due to nefarious actions or compromised security.

公开(公告)号：US20240340268A1

公开(公告)日：2024-10-10

申请号：US18749056

申请日：2024-06-20

Applicant: Level 3 Communications, LLC

Inventor： Michael Benjamin

IPC: H04L9/40 ,  H04L41/0816 ,  H04L43/028 ,  H04L61/4511 ,  H04L61/5007 ,  H04L67/10

CPC classification number: H04L63/0263 ,  H04L41/0816 ,  H04L43/028 ,  H04L61/4511 ,  H04L61/5007 ,  H04L63/0236 ,  H04L67/10

Abstract: Systems and methods for implementing filters within computer networks include obtaining blocklist data that includes blocklist entries for a network. Each of the blocklist entries includes one or more network traffic attributes for identifying traffic to be blocked. In response to receiving the blocklist data, a filter based on a common network traffic attribute shared between at least two of the plurality of blocklist entries is generated. The filter is then deployed to a network device within the network such that the filter may be implemented at the network device to block corresponding traffic.

公开(公告)号：US12095733B2

公开(公告)日：2024-09-17

申请号：US16943264

申请日：2020-07-30

Applicant: Huawei Cloud Computing Technologies Co., Ltd.

Inventor： Botao Yan

IPC: H04L9/40 ,  G06F9/455

CPC classification number: H04L63/0263 ,  G06F9/45558 ,  H04L63/101 ,  G06F2009/45595

Abstract: A firewall configuration method, applied to a cloud computing management platform, includes determining, by a compute node, a subnet associated with firewall policy information, determining that a virtual machine that belongs to the subnet is deployed on the compute node, and delivering the firewall policy information to a network access control list corresponding to the subnet. The network access control list and a local list of a virtual machine bridge of the virtual machine are in a jump relationship.

公开(公告)号：US12081523B1

公开(公告)日：2024-09-03

申请号：US17592890

申请日：2022-02-04

Applicant: Palantir Technologies Inc.

Inventor： William Hickman ,  Charissa Plattner ,  Kevin Simons

IPC: H04L9/40

CPC classification number: H04L63/0263 ,  H04L63/20

Abstract: A system for managing firewall rules between different services. In certain instances, the method includes receiving a discovery graph comprising a plurality of services and at least one application programming interface (API) dependency, wherein the plurality of services comprises a first service and a second service. In some instances, the method further includes determining whether the second service is permitted to receive an initial communication from the first service based upon the at least one API dependency included in the discovery graph. And, in response to determining the second service is permitted to receive the initial communication from the first service, the method can include establishing a first rule for a firewall between the first service and the second service, the first rule allowing the second service to receive the initial communication from the first service.

公开(公告)号：US12075249B2

公开(公告)日：2024-08-27

申请号：US17013802

申请日：2020-09-07

Applicant: Fortinet, Inc.

Inventor： Ravikiran Mahamkali

IPC: H04W12/088 ,  H04L9/40 ,  H04W12/121 ,  H04W28/02 ,  H04W48/02

CPC classification number: H04W12/088 ,  H04L63/0263 ,  H04W12/121 ,  H04W28/0215 ,  H04W48/02

Abstract: Application data collected by an IDS (intrusion detection system) on the data communication network and concerning applications executing on stations coupled to the plurality of access points, is received. Additionally, firewall rules for applications from a firewall device coupled to the data communication network and providing firewall services to the plurality of access points, including outbound traffic from the plurality of access points, are received. The firewall rules can be parsed to expose configured actions for applications. A customized application control policy is prepared for each particular application for implementation on the network edge by at least one of the plurality of access points.

公开(公告)号：US12074873B2

公开(公告)日：2024-08-27

申请号：US17192541

申请日：2021-03-04

Applicant: YIKES SECURE, INC.

Inventor： Andrew Samuel Cohen ,  Daniel Curtis Weller ,  Thomas Wasyl Martz ,  Kevin Michael Yeich ,  Raemar Antwarn Horne ,  Tyler James Bryant

IPC: G06F21/62 ,  G06F21/53 ,  G06N20/00 ,  H04L9/40 ,  G06F21/60 ,  G06F21/71

CPC classification number: H04L63/101 ,  G06N20/00 ,  H04L63/0263 ,  H04L63/102

Abstract: In one embodiment, a method is provided. The method includes receiving a registration message from a network device. The registration request indicates that a first computing device has connected to the computing devices. The method also includes determining a category for the first computing device based on the registration message. The method further includes determining a set of rules for the computing device based on the category. The method further includes transmitting the set of rules to the network device. The set of rules indicates permissions for the first computing device. Each network of the set of networks is initially isolated from other networks of the set of networks when the network is created. Each network of the set of networks comprises a respective computing device of the set of computing devices.

公开(公告)号：US12069078B2

公开(公告)日：2024-08-20

申请号：US17960517

申请日：2022-10-05

Applicant: MALIKIE INNOVATIONS LIMITED

Inventor： Nicholas Patrick Alfano ,  Axel Ferrazzini ,  Dake He

IPC: H04L29/06 ,  H04L9/40 ,  H04L41/069 ,  H04L43/062 ,  H04L43/0876 ,  H04L43/16 ,  H04L67/50 ,  H04W12/033 ,  H04W12/12 ,  H04W12/60

CPC classification number: H04L63/1425 ,  H04L41/069 ,  H04L43/062 ,  H04L43/0876 ,  H04L43/16 ,  H04L63/1408 ,  H04L67/535 ,  H04W12/033 ,  H04W12/12 ,  H04W12/60 ,  H04L63/0263 ,  H04L63/20

Abstract: A method at a network element for monitoring user plane traffic for a user equipment, the method including configuring a set of characteristics and a range of values for each of the set of characteristics for user plane traffic between the user equipment and the network element; monitoring user plane traffic for the user equipment at the network element, the monitoring determining whether at least one characteristic of the user plane traffic falls outside of the configured range of a values, resulting in a characteristic violation; and if the at least one characteristic of the user plane traffic falls outside the configured range of a values, performing an action resulting from the characteristic violation.