公开(公告)号：US12132748B2

公开(公告)日：2024-10-29

申请号：US17571342

申请日：2022-01-07

申请人： Ciena Corporation

发明人： Zhiyan Chen ,  Murat Simsek ,  Burak Kantarci ,  Petar Djukic ,  James P'ford't Carnes, III ,  Mehran Bagheri ,  Jinxin Liu ,  Yu Shen

IPC分类号： H04L9/40 ,  G06N3/08 ,  H04L41/0631 ,  H04L43/04 ,  H04L61/5061

CPC分类号： H04L63/1416 ,  G06N3/08 ,  H04L41/0631 ,  H04L43/04 ,  H04L61/5061 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/1425 ,  H04L63/20

摘要： Systems and methods for detecting intrusions, attacks, and sub-attacks launched against a network under observations are provided. A method, according to one implementation, includes obtaining network traffic information regarding data traffic in a network under observation and obtaining system log information regarding operations of the network under observation. The method further includes the step of inserting the network traffic information and system log information into one or more analysis procedures, where each analysis procedure is configured to detect a respective sub-attack of a multi-stage attack to which the network under observation is susceptible. Also, the method includes the step of combining the outputs of the one or more analysis procedures to detect whether one or more sub-attacks have been launched against the network under observation. In response to detecting that one or more sub-attacks have been launched, the methods include the step of determining the type of the one or more sub-attacks.

公开(公告)号：US12132655B2

公开(公告)日：2024-10-29

申请号：US17555209

申请日：2021-12-17

申请人： NTT Communications Corporation

发明人： Takayuki Kamei

IPC分类号： H04L45/00 ,  H04L43/04 ,  H04L47/20 ,  H04L67/63

CPC分类号： H04L45/70 ,  H04L43/04 ,  H04L47/20 ,  H04L67/63

摘要： A policy determination apparatus includes an acquisition unit, a metrics generation unit, an evaluation unit, and a policy determination unit. The acquisition unit acquires monitoring data relating to states of facilities on a network. The metrics generation unit generates, based on the monitoring data, time-series data of types of metrics associated with candidates of routing destinations to which a routing control apparatus routes requests. The evaluation unit evaluates the candidates based on the time-series data to generate routing destination evaluation data. The policy determination unit determines, based on the routing destination evaluation data, a policy that the routing control apparatus uses for control of the routing destinations.

公开(公告)号：US12120002B2

公开(公告)日：2024-10-15

申请号：US17830983

申请日：2022-06-02

申请人： Tsinghua University

发明人： Jiahai Yang ,  Chenxin Duan ,  Zhiliang Wang ,  Hui Zhang

IPC分类号： H04L43/02 ,  H04L43/04 ,  H04L45/02 ,  H04L45/48

CPC分类号： H04L43/02 ,  H04L43/04 ,  H04L45/02 ,  H04L45/48

摘要： A method for detecting a traffic anomaly of Internet of Things (IoT) device based on automata. The method includes: collecting normal traffic of an IoT device to be monitored in each working state, and deriving normal traffic traces; generating flow trees by assembling each flow in the normal traffic traces, and generating joint flow trees by merging the flow trees; and converting a data structure representing the flow in the joint flow trees into automata models after performing reduction processing on the flow in the joint flow trees.

公开(公告)号：US12113816B2

公开(公告)日：2024-10-08

申请号：US17626817

申请日：2019-07-23

申请人： NIPPON TELEGRAPH AND TELEPHONE CORPORATION

发明人： Naoto Fujiki ,  Takuya Minami ,  Masanori Shinohara

IPC分类号： H04L9/40 ,  H04L43/04 ,  H04L43/16

CPC分类号： H04L63/1425 ,  H04L43/04 ,  H04L43/16

摘要： An acquisition unit acquires a communication feature for normal communication of communication equipment. If a data count or a data acquisition period for the acquired communication feature exceeds a predetermined value, an amplification unit amplifies the data count for the communication feature by a plurality of predetermined schemes in accordance with data counts for respective groups, each group sharing a same 5-tuple. A creation unit creates, for each of the predetermined schemes, reference value information for normal communication of the communication equipment through learning using the amplified communication feature. A determination unit determines accuracy of abnormality detection for each of the predetermined schemes using an anomaly score representing a deviation of test data representing a communication feature for abnormal communication from the reference value information. A selection unit selects the reference value information created by one of the schemes, the determined accuracy for which is highest.

公开(公告)号：US12113684B2

公开(公告)日：2024-10-08

申请号：US17578375

申请日：2022-01-18

申请人： Cisco Technology, Inc.

发明人： Shashidhar Gandham ,  Rohit Chandra Prasad ,  Abhishek Ranjan Singh ,  Navindra Yadav ,  Khawar Deen ,  Varun Sagar Malhotra

IPC分类号： H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/455 ,  G06F16/11 ,  G06F16/13 ,  G06F16/16 ,  G06F16/17 ,  G06F16/174 ,  G06F16/23 ,  G06F16/2457 ,  G06F16/248 ,  G06F16/28 ,  G06F16/29 ,  G06F16/9535 ,  G06F21/53 ,  G06F21/55 ,  G06F21/56 ,  G06N20/00 ,  G06N99/00 ,  G06T11/20 ,  H04J3/06 ,  H04J3/14 ,  H04L1/24 ,  H04L7/10 ,  H04L9/08 ,  H04L9/32 ,  H04L9/40 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/026 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0852 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/00 ,  H04L45/302 ,  H04L45/50 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/5007 ,  H04L67/01 ,  H04L67/10 ,  H04L67/1001 ,  H04L67/12 ,  H04L67/51 ,  H04L67/75 ,  H04L69/16 ,  H04L69/22 ,  H04W72/54 ,  H04W84/18 ,  H04L67/50

CPC分类号： H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/45558 ,  G06F16/122 ,  G06F16/137 ,  G06F16/162 ,  G06F16/17 ,  G06F16/173 ,  G06F16/174 ,  G06F16/1744 ,  G06F16/1748 ,  G06F16/2322 ,  G06F16/235 ,  G06F16/2365 ,  G06F16/24578 ,  G06F16/248 ,  G06F16/285 ,  G06F16/288 ,  G06F16/29 ,  G06F16/9535 ,  G06F21/53 ,  G06F21/552 ,  G06F21/556 ,  G06F21/566 ,  G06N20/00 ,  G06N99/00 ,  G06T11/206 ,  H04J3/0661 ,  H04J3/14 ,  H04L1/242 ,  H04L7/10 ,  H04L9/0866 ,  H04L9/3239 ,  H04L9/3242 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/026 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0841 ,  H04L43/0858 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/306 ,  H04L45/38 ,  H04L45/46 ,  H04L45/507 ,  H04L45/66 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/5007 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/06 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/16 ,  H04L63/20 ,  H04L67/01 ,  H04L67/10 ,  H04L67/1001 ,  H04L67/12 ,  H04L67/51 ,  H04L67/75 ,  H04L69/16 ,  H04L69/22 ,  H04W72/54 ,  H04W84/18 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2115 ,  G06F2221/2145 ,  H04L67/535

摘要： Systems, methods, and computer-readable media for identifying bogon addresses. A system can obtain an indication of address spaces in a network. The indication can be based on route advertisements transmitted by routers associated with the network. The system can receive a report generated by a capturing agent deployed on a host. The report can identify a flow captured by the capturing agent at the host. The system can identify a network address associated with the flow and, based on the indication of address spaces, the system can determine whether the network address is within the address spaces in the network. When the network address is not within the address spaces in the network, the system can determine that the network address is a bogon address. When the network address is within the address spaces in the network, the system can determine that the network address is not a bogon address.

公开(公告)号：US12113683B2

公开(公告)日：2024-10-08

申请号：US18053268

申请日：2022-11-07

申请人： T-MOBILE INNOVATIONS LLC

发明人： Lyle Walter Paczkowski ,  Marouane Balmakhtar ,  Galip Murat Karabulut

IPC分类号： H04L43/04 ,  H04L67/125

CPC分类号： H04L43/04 ,  H04L67/125

摘要： Immutable archiving of remote controlled user equipment telemetry-command (TC) data for wireless communications networks systems and applications is provided. In some embodiments, one or more applications executing on the UE report selected TC data to a TC data archiving function. TC data is both captured and preserved by the TC data archiving function in a manner that establishes sufficient integrity for the data for the purpose of establishing an immutable record comprising at least the operating state of a remote operated UE, and commands that a controller UE was sending to the remote operated UE. Determining the TC data selected for archiving may be based on an inflection criteria. In some embodiments, a session block sequence is generated using a distributed application (DApp), and TC data is reported to the TC data archiving function using the session block sequence.

公开(公告)号：US20240333619A1

公开(公告)日：2024-10-03

申请号：US18740939

申请日：2024-06-12

申请人： HUAWEI TECHNOLOGIES CO., LTD.

发明人： Xietian HUANG ,  Yaoguang WANG ,  Longyu CAO ,  Fangyu YE

IPC分类号： H04L43/0817 ,  H04L41/50 ,  H04L43/04

CPC分类号： H04L43/0817 ,  H04L41/5077 ,  H04L43/04

摘要： A communication method and a communication apparatus, and the communication method may include: a first communication apparatus obtains first data, where the first data may be network measurement data; the first communication apparatus obtains second data in a first processing manner based on the first data, where the second data is partial data of the first data, the second data is used to obtain third data, and an error between the third data and the first data is less than or equal to a target threshold; and the first communication apparatus sends the second data to a second communication apparatus. Accordingly, overheads for reporting the network measurement data can be reduced and utilization of network resources can be improved.

公开(公告)号：US12106229B2

公开(公告)日：2024-10-01

申请号：US17664804

申请日：2022-05-24

申请人： LogRhythm Inc.

发明人： Chris Petersen ,  Phillip Villella ,  Brad Aisa

IPC分类号： G06N5/025 ,  G06F16/2457 ,  H04L9/40 ,  H04L41/069 ,  G06F21/55 ,  H04L43/04 ,  H04L43/16

CPC分类号： G06N5/025 ,  G06F16/24575 ,  H04L41/069 ,  H04L63/1425 ,  G06F21/552 ,  H04L43/04 ,  H04L43/16 ,  H04L63/1416

摘要： An advanced intelligence engine (AIE) for use in identifying what may be complex events or developments on one or more data platforms or networks from various types of structured or normalized data generated by one or more disparate data sources. The AIE may conduct one or more types of quantitative, correlative, behavioral and corroborative analyses to detect events from what may otherwise be considered unimportant or non-relevant information spanning one or more time periods. Events generated by the AIE may be passed to an event manager to determine whether further action is required such as reporting, remediation, and the like.

公开(公告)号：US20240323109A1

公开(公告)日：2024-09-26

申请号：US18735468

申请日：2024-06-06

申请人： HUAWEI TECHNOLOGIES CO., LTD.

发明人： Hao WANG ,  Qian HUANG ,  XueFeng GUAN ,  LongGang XIANG ,  ZhaoXing PANG ,  PengHui YE ,  Jun ZHANG ,  Zhao YUAN

IPC分类号： H04L43/067 ,  H04L43/04 ,  H04L67/568

CPC分类号： H04L43/067 ,  H04L43/04 ,  H04L67/568

摘要： A cluster system management method is disclosed. The management method is used on a management node, the cluster system includes the management node and a plurality of compute nodes, the cluster system is responsible for processing service data in a preset area. According to the cluster system management method, the spatial-temporal distribution of the historical service data is analyzed, to obtain the spatial-temporal distribution characteristic of the historical service data, and based on the spatial-temporal distribution characteristic, the preset area is divided into the M sub-areas to achieve balanced data distribution. The compute nodes in the plurality of compute nodes are respectively responsible for processing the service data of the corresponding sub-areas, thereby implementing management based on spatial routing of the cluster system and improving reliability and a scale expansion capability of the cluster system.

公开(公告)号：US20240320243A1

公开(公告)日：2024-09-26

申请号：US18731116

申请日：2024-05-31

申请人： Imperva, Inc.

发明人： Shiri MARGEL ,  Yury GEILER

IPC分类号： G06F16/28 ,  H04L9/40 ,  H04L43/04

CPC分类号： G06F16/285 ,  H04L43/04 ,  H04L63/1416 ,  H04L63/1425

摘要： Disclosed herein is a method by a computing system to classify network entities. The method includes receiving, by a first stage classifier, database logs and enterprise directory information, attempting to classify, by the first stage classifier during a first stage, a plurality of network entities appearing in the database logs into network entity types based on analyzing the database logs and the enterprise directory information, clustering, by a clustering component, the plurality of network entities into groups based on host name, classifying, by a second stage classifier during a second stage, one or more network entities of the plurality of network entities that were not able to be classified during the first stage into network entity types based on group types of the groups that the one or more network entities were clustered into, and outputting a network entity type of each of the plurality of network entities.