-
公开(公告)号:US10148690B2
公开(公告)日:2018-12-04
申请号:US14977261
申请日:2015-12-21
申请人: Symantec Corporation
发明人: Yun Shen , Yufei Han , Pierre-Antoine Vervier
IPC分类号: H04L29/06
摘要: A system and method for detecting malicious hijack events in real-time is provided. The method may include receiving routing data associated with a Border Gateway Protocol (BGP) event from at least one BGP router. The method may further include generating a hijack detection model using a machine learning technique, such as Positive Unlabeled learning. The machine learning technique may include at least one data input and a probability output; wherein, the data input couples to receive a set of historically confirmed BGP hijacking data and the routing data, while the probability output transmits a probability value for the malicious event which may be calculated based upon the data input. Finally, the method may include classifying the BGP event as a malicious event or a benign event using the BGP hijack model and correcting routing tables that have been corrupted by a malicious event.
-
公开(公告)号:US11025666B1
公开(公告)日:2021-06-01
申请号:US16207431
申请日:2018-12-03
申请人: Symantec Corporation
发明人: Yufei Han , Yuzhe Ma , Kevin Roundy , Chris Gates , Yun Shen
摘要: The disclosed computer-implemented method for preventing decentralized malware attacks may include (i) receiving, by a computing device, node data from a group of nodes over a network, (ii) training a machine learning model by shuffling the node data to generate a set of outputs utilized for predicting malicious data, (iii) calculating a statistical deviation for each output in the set of outputs from an aggregated output for the set of outputs, and (iv) identifying, based on the statistical deviation, an anomalous output in the set of outputs that is associated with one or more of the malicious nodes, the one or more malicious nodes hosting the malicious data. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US11025649B1
公开(公告)日:2021-06-01
申请号:US16019166
申请日:2018-06-26
申请人: Symantec Corporation
发明人: Leyla Bilge , Yufei Han , Oystein Fladby
摘要: The disclosed computer-implemented method for malware classification may include receiving dynamic analysis traces that include event descriptions regarding malware programs, and labels regarding classes of malware programs; performing a first mapping of the event descriptions to a first set of vector representations, wherein order of the events is not taken into account by the first mapping; performing a second mapping of the event descriptions to a second set of vector representations, wherein order of the events is taken into account by the second mapping; combining the first set of vector representations and the second set of vector representations into a combined set of vector representations; inputting the combined set of vector representations, along with the labels, into an autoencoder; and training the autoencoder to generate a feature space representation that correlates identified features with classes of malware. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US11012454B1
公开(公告)日:2021-05-18
申请号:US16230703
申请日:2018-12-21
申请人: SYMANTEC CORPORATION
发明人: Yufei Han , Xiaolin Wang
摘要: Detecting abnormal user behavior via temporally regularized tensor factorization. A method may include obtaining behavioral data of a plurality of users of cloud services to establish a first behavioral baseline; obtaining behavioral data for a particular user of the plurality of users to establish a second behavioral baseline; determining a first variation of behavior between the second and first behavioral baseline to determine an expected behavior; creating a tensor model for a succession of pre-determined time periods comprising multiple three-dimensional tensors; determining a temporal dependence between the multiple three-dimensional tensors; determining a temporal smoothness between the multiple three-dimensional tensors; predicting a future variation in behavior of the particular user based on a combination of the temporal dependence and the temporal smoothness, where the future variation in behavior indicates a potential security threat; and performing a remedial security action on a client device based on the predicted future variation in behavior.
-
公开(公告)号:US10367845B1
公开(公告)日:2019-07-30
申请号:US16116980
申请日:2018-08-30
申请人: Symantec Corporation
IPC分类号: H04L29/06 , G06F16/901
摘要: The disclosed computer-implemented method for evaluating infection risks based on profiled user behaviors may include (1) collecting user-behavior profiles that may include labeled profiles (e.g., infected profiles and/or clean profiles) and/or unlabeled profiles, (2) training a classification model to distinguish infected profiles from clean profiles using features and labels of the user-behavior profiles, and (3) using the classification model to predict (a) a likelihood that a computing system of a user will become infected based on a profile of user behaviors of the user and/or (b) a likelihood that a user behavior in the user-behavior profiles will result in a computing-system infection. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US10785243B1
公开(公告)日:2020-09-22
申请号:US16147467
申请日:2018-09-28
申请人: Symantec Corporation
发明人: Yufei Han , Michael Hart , Joseph Lopilato
摘要: Log text is encoded into a low dimensional feature vector. A temporal predictive model is constructed based on the low dimensional feature vector. The temporal predictive model is used to calculate probabilities of the occurrence of security incidents based on signature names from the log text encoded in the low dimensional feature vector. A preventative security action is automatically taken in response to the calculated probability of the occurrence of a specific security incident exceeding a given threshold.
-
公开(公告)号:US10547623B1
公开(公告)日:2020-01-28
申请号:US15664029
申请日:2017-07-31
申请人: SYMANTEC CORPORATION
摘要: Securing network devices by forecasting future security incidents for a network based on past security incidents. In one embodiment, a method may include constructing past inside-in security features for a network, constructing past outside-in security features for the network, and employing dynamic time warping to generate a similarity score for each security feature pair in the past inside-in security features, in the past outside-in security features, and between the past inside-in security features and the past outside-in security features. The method may further include generating a Coupled Gaussian Latent Variable (CGLV) model based on the similarity scores, forecasting future inside-in security features for the network using the CGLV model, and performing a security action on one or more network devices of the network based on the forecasted future inside-in security features for the network.
-
公开(公告)号:US10516680B1
公开(公告)日:2019-12-24
申请号:US15189362
申请日:2016-06-22
申请人: Symantec Corporation
IPC分类号: H04L29/06
摘要: A computer-implemented method for assessing cyber risks using incident-origin information may include (1) receiving a request for a cyber-risk assessment of an entity of interest, (2) using an Internet-address data source that maps identifiers of entities to public Internet addresses of the entities to translate an identifier of the entity into a set of Internet addresses of the entity, (3) using an incident-origin data source that maps externally-detected security incidents to public Internet addresses from which the security incidents originated to translate the set of Internet addresses into a set of security incidents that originated from the entity, and (4) using the set of security incidents to generate the cyber-risk assessment of the entity. Various other methods, systems, and computer-readable media may have similar features.
-
公开(公告)号:US10437994B1
公开(公告)日:2019-10-08
申请号:US15163720
申请日:2016-05-25
申请人: Symantec Corporation
发明人: Yun Shen , Yufei Han , Pierre-Antoine Vervier
摘要: The disclosed computer-implemented method for determining the reputations of unknown files may include (1) identifying a file that was downloaded by the computing device from an external file host, (2) creating a node that represents the file in a dynamic file relationship graph, (3) connecting the node in the dynamic file relationship graph with at least one other node that represents an attribute of the external file host, and (4) labeling the node with a reputation score calculated based at least in part on a reputation score of the at least one other node that represents the attribute of the external file host. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US10116680B1
公开(公告)日:2018-10-30
申请号:US15188956
申请日:2016-06-21
申请人: Symantec Corporation
摘要: The disclosed computer-implemented method for evaluating infection risks based on profiled user behaviors may include (1) collecting user-behavior profiles that may include labeled profiles (e.g., infected profiles and/or clean profiles) and/or unlabeled profiles, (2) training a classification model to distinguish infected profiles from clean profiles using features and labels of the user-behavior profiles, and (3) using the classification model to predict (a) a likelihood that a computing system of a user will become infected based on a profile of user behaviors of the user and/or (b) a likelihood that a user behavior in the user-behavior profiles will result in a computing-system infection. Various other methods, systems, and computer-readable media are also disclosed.
-
-
-
-
-
-
-
-
-
搜索结果
18 条记录 (耗时 0.016 秒)
