公开(公告)号：US12132745B2

公开(公告)日：2024-10-29

申请号：US17825098

申请日：2022-05-26

申请人： Sophos Limited

发明人： Andrew J. Thomas ,  Mangal Rakesh Vankadaru ,  Prakash Kumar Talreja ,  Timothy Rayment ,  Biju Balakrishnan Nair

IPC分类号： H04L9/40 ,  G06F21/53 ,  G06F21/56

CPC分类号： H04L63/1408 ,  G06F21/53 ,  G06F21/567 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/20

摘要： A platform for threat investigation in an enterprise network receives threat data from managed endpoints, and is augmented with data from cloud computing platforms and other third-party resources. The resulting merged data set can be incrementally updated and used to automatically launch investigations at appropriate times.

公开(公告)号：US20240348645A1

公开(公告)日：2024-10-17

申请号：US18417256

申请日：2024-01-19

申请人： Cisco Technology, Inc.

发明人： Blake Harrell Anderson ,  David McGrew ,  Subharthi Paul ,  Ivan Nikolaev ,  Martin Grill

IPC分类号： H04L9/40 ,  G06N20/00

CPC分类号： H04L63/145 ,  H04L63/0428 ,  H04L63/1408 ,  G06N20/00

摘要： In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.

公开(公告)号：US20240340312A1

公开(公告)日：2024-10-10

申请号：US18295766

申请日：2023-04-04

申请人： Lookout, Inc.

发明人： Aungon Nag Radon ,  Brian James Buck ,  Fatin Ridwan Haque

IPC分类号： H04L9/40

CPC分类号： H04L63/1483 ,  H04L63/1408

摘要： A machine learning system for providing automated detection of suspicious digital identifiers is disclosed. The system receives a request to determine if an identifier associated with a resource attempting to be accessed by a device is suspicious. In response to the request, the system selects a machine learning model and loads or computes features associated with the address to facilitate determination regarding suspiciousness of the digital identifier. The system executes the machine learning model utilizing the features to determine whether the digital identifier is suspicious. The determination regarding suspiciousness of the digital identifier is provided to a phishing and content protection classifier to persist the response in a database. The determination may be verified by an expert and may be utilized to prevent access to the resource associated with the identifier and to train the machine learning model to enhance future determinations relating to suspiciousness of digital identifiers.

公开(公告)号：US12113807B2

公开(公告)日：2024-10-08

申请号：US18232488

申请日：2023-08-10

申请人： Uber Technologies, Inc.

发明人： Sheng Yang ,  Ze Huang ,  Qiao Wang ,  David Spenser DyTang ,  Kiarash Amiri ,  Tara Michelle Mitchell ,  Xiao Cai

IPC分类号： H04L9/40 ,  H04W12/12 ,  H04W12/63 ,  G01S19/21

CPC分类号： H04L63/1408 ,  H04L63/1466 ,  H04W12/12 ,  H04W12/63 ,  G01S19/215

摘要： A computing system can receive location data from a computing device of a driver. Based at least in part on the location data, execute a location-based feasibility model to determine that one or more anomalous locational attributes are present, where the location-based feasibility model outputs a probability that the computing device of the respective driver is performing location-spoofing. Based on the probability indicating that the computing device of the driver is performing location-spoofing, the system associates a data set with a driver profile of the respective driver.

公开(公告)号：US12107741B2

公开(公告)日：2024-10-01

申请号：US17453404

申请日：2021-11-03

申请人： AT&T Intellectual Property I, L.P.

发明人： Mehdi Malboubi ,  Baofeng Jiang ,  Yuhong Zheng

IPC分类号： H04L43/04 ,  G06N20/00 ,  H04L9/40 ,  H04L41/16 ,  H04L43/045 ,  G05B19/042 ,  G05B23/02

CPC分类号： H04L43/04 ,  G06N20/00 ,  H04L41/16 ,  H04L43/045 ,  H04L63/1408 ,  G05B19/0425 ,  G05B23/0289

摘要： Spatial-temporal informative patterns for users and devices associated with data networks can be predicted or determined. An information management component (IMC) can analyze respective groups of items of data stored in respective formats in respective databases. Some items of data can comprise respective signal measurement data representative of respective signal measurements associated with respective devices associated with a communication network. Based on the analysis results, IMC can determine a spatial-temporal pattern(s) associated with the respective groups of items of data, wherein the spatial-temporal pattern(s) can relate to a subject of interest. The IMC can utilize artificial intelligence and/or machine learning algorithms and models to facilitate determining the spatial-temporal pattern(s). In response to a query relating to the subject of interest, the IMC can provide information relating to the subject of interest and responsive to the query based on the spatial-temporal pattern(s).

公开(公告)号：US12101334B2

公开(公告)日：2024-09-24

申请号：US17825070

申请日：2022-05-26

申请人： Sophos Limited

发明人： Andrew J. Thomas ,  Mangal Rakesh Vankadaru ,  Prakash Kumar Talreja ,  Timothy Rayment

IPC分类号： H04L9/40 ,  G06F21/53 ,  G06F21/56

CPC分类号： H04L63/1408 ,  G06F21/53 ,  G06F21/567 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/20

摘要： A threat management system stores an attack matrix characterizing tactics and techniques, and provides threat detection based on patterns of traversal of the attack matrix. Where the threat management system provides a data lake of security events and a query interface for using the data lake to investigate security issues, useful inferences may also be drawn by comparing query activity in the query interface with the patterns of traversal of the attack matrix, such as by using a malicious pattern of traversal to identify a concurrent chain of queries indicative of a threat, or by presenting separate threat scores to an analyst based on query activity and patterns of traversal.

公开(公告)号：US12099603B2

公开(公告)日：2024-09-24

申请号：US16264667

申请日：2019-01-31

申请人： McAfee, LLC

发明人： Neeraj Thakar ,  Praveen Kumar Amritaluru ,  Vikas Taneja

IPC分类号： G06F21/56 ,  G06F21/55 ,  H04L9/40 ,  H04L61/4511

CPC分类号： G06F21/56 ,  G06F21/554 ,  H04L61/4511 ,  H04L63/1408 ,  H04L63/1425 ,  H04L2463/144

摘要： Systems and methods for detection of domain generated algorithms (DGA) and their command and control (C&C) servers are disclosed. In one embodiment, such an approach includes examining DNS queries for DNS resolution failures, and monitoring certain set of parameters such as number of levels, length of domain name, lexical complexity, and the like for each failed domain. These parameters may then be compared against certain thresholds to determine if the domain name is likely to be part of a DGA malware. Domain names identified as being part of a DGA malware may then be grouped together. Once a DGA domain name has been identified, activity from that domain name can be monitored to detect successful resolutions from the same source to see if any of the successful domain resolutions match these parameters. If they match specific thresholds, then the domain is determined to be a C&C server of the DGA malware and may be identified as such.

公开(公告)号：US12093406B2

公开(公告)日：2024-09-17

申请号：US17669344

申请日：2022-02-10

申请人： Nicira, Inc.

发明人： Kiran Kumar Thota ,  Azeem Feroz ,  James C. Wiese

IPC分类号： G06F21/60 ,  G06F9/455 ,  G06F9/54 ,  G06F21/56 ,  G06F21/62 ,  G09C1/00 ,  H04L9/14 ,  H04L9/40

CPC分类号： G06F21/602 ,  G06F9/45558 ,  G06F9/542 ,  G06F21/56 ,  G06F21/568 ,  G06F21/6236 ,  G09C1/00 ,  H04L9/14 ,  H04L63/0428 ,  H04L63/123 ,  H04L63/1408 ,  H04L63/1441 ,  G06F2009/45587 ,  G06F2221/034 ,  H04L2209/24

摘要： For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host. When two different GVMs are part of two different logical overlay networks that are implemented on common network fabric, the method in some embodiments encrypts the data messages exchanged between the GVMs of one logical network differently than the data messages exchanged between the GVMs of another logical network. In some embodiments, the method can also encrypt different types of data messages from the same GVM differently. Also, in some embodiments, the method can dynamically enforce encryption rules in response to dynamically detected events, such as malware infections.

公开(公告)号：US12088632B2

公开(公告)日：2024-09-10

申请号：US18228143

申请日：2023-07-31

申请人： Snowflake Inc.

发明人： James Calvin Armstrong ,  Jonathan Claybaugh

IPC分类号： H04L9/40 ,  G06F21/56 ,  G06F21/57 ,  H04L41/0604 ,  H04L41/22 ,  H04L43/00 ,  H04L43/026 ,  H04L43/062 ,  H04L43/0811 ,  H04L47/10 ,  G06F21/62

CPC分类号： H04L63/20 ,  G06F21/566 ,  G06F21/57 ,  H04L41/0604 ,  H04L41/22 ,  H04L43/00 ,  H04L43/026 ,  H04L43/062 ,  H04L43/0811 ,  H04L47/10 ,  H04L63/0263 ,  H04L63/104 ,  H04L63/1408 ,  H04L63/1416 ,  G06F21/6218 ,  H04L63/102

摘要： The disclosure relates generally to methods, systems, and apparatuses for managing network connections. An example method includes receiving one or more messages from a plurality of computing devices connected through a network, the one or more messages indicating actual connections among the plurality of computing devices. The method also includes comparing the actual connections to a list of expected connections indicated by a connections master file that comprises connection information for the plurality of computing devices. The method also includes identifying an unexpected connection based on one of the actual connections having no matching entry in the list of expected connections and updating the connections master file by adding the unexpected connection to the list of expected connections indicated by the connections master file.

公开(公告)号：US12086276B2

公开(公告)日：2024-09-10

申请号：US18300262

申请日：2023-04-13

申请人： Dropbox, Inc.

发明人： Mindy Zhang ,  Pranav Piyush

IPC分类号： G06F21/00 ,  G06F16/955 ,  G06F21/60 ,  G06F21/62 ,  G06F40/295 ,  H04L9/40 ,  H04L51/04 ,  H04L51/08 ,  H04L51/52 ,  H04L65/403 ,  H04L67/06 ,  H04L67/1074 ,  H04L67/1095 ,  H04L67/1097 ,  H04L67/306

CPC分类号： G06F21/604 ,  G06F16/9566 ,  G06F21/62 ,  G06F21/6218 ,  G06F21/6245 ,  G06F40/295 ,  H04L51/04 ,  H04L51/08 ,  H04L51/52 ,  H04L63/0861 ,  H04L63/102 ,  H04L63/104 ,  H04L63/105 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L65/403 ,  H04L67/06 ,  H04L67/1078 ,  H04L67/1095 ,  H04L67/1097 ,  H04L67/306 ,  H04L63/101

摘要： A content management system for collecting files from one or more submitters in a collection folder. A collector, who generates the collection folder, can invite one or more submitters to submit one or more files to the collection folder in response to a public file request. The one or more submitters have limited rights to the collection folder. The limited rights can include uploading rights and prohibiting a submitter from viewing files that other submitters associated with the collection folder submitted. Thus, the collection folder is able to store files from the one or more submitters, but prevent them from viewing other's submissions.