-
公开(公告)号:US20240031191A1
公开(公告)日:2024-01-25
申请号:US18375901
申请日:2023-10-02
发明人: Phil Ploquin , Nicholas Tilman , Hari Potaraju
IPC分类号: H04L12/28 , H04L41/0806 , H04L67/133
CPC分类号: H04L12/281 , H04L12/2814 , H04L41/0806 , H04L12/2816 , H04L67/133 , H04L2012/285
摘要: A new approach is proposed to support appliance configuration identification and profiling management. An appliance scanning component running on an appliance is configured to scan, examine, and determine current configuration of the appliance including hardware components and/or software components installed on the appliance. The configuration of the appliance is then provided to an appliance profiling engine running on a server, wherein the appliance profiling engine hashes the configuration of the appliance into a unique identifier of the appliance and look up a model of the appliance from an appliance profiling database using the unique identifier as a key. If the configuration of the appliance is not found, the appliance profiling engine identifies discrepancies between the configuration of the appliance and other appliances in the appliance profiling database to determine if the appliance is a new model, a revision of an existing model, or is simply misconfigured.
-
公开(公告)号:US11811806B2
公开(公告)日:2023-11-07
申请号:US17247355
申请日:2020-12-08
发明人: Fleming Shi
IPC分类号: G06F21/00 , H04L9/40 , H04L61/4511
CPC分类号: H04L63/1425 , H04L61/4511 , H04L63/0236 , H04L63/0281 , H04L63/101 , H04L63/105
摘要: An approach is proposed to support Internet traffic inspection to detect and prevent access to blocked websites or resources. First, access requests initiated by users to websites hosted on servers over a network are intercepted by an inspection agent, which identifies and caches a pair of the domain/host name of each website and its corresponding IP address on the Internet to a localized DNS cache. When a newly intercepted access request identifies the website by its IP address only without specifying its domain/host name, the inspection agent looks up the domain name by its IP address from the DNS cache. If no domain name is found, the inspection agent redirects the access request to a proxy server instead of forwarding it to the server hosting the website for further inspection. The proxy server then inspects the IP address to determine if it is a legitimate website or not.
-
3.发明授权公开(公告)号:US11563757B2
公开(公告)日:2023-01-24
申请号:US16949863
申请日:2020-11-17
摘要: A new approach is proposed to support account takeover (ATO) detection based on login attempts by users. The approach relies on assessing fraudulence confidence level of login IP addresses to classify the login attempts by the users. A plurality of attributes/features in one or more user login data logs are extracted and used to build a labeled dataset for training a machine learning (ML) model that relies on statistics of the login attempts to classify and detect fraudulent logins. These attributes make it possible to ascertain if a login attempt or instance by a user is suspicious based on the ML model. In some embodiments, the ML model is trained using anonymized user login data to preserve privacy of the users and a proper level of data anonymization is determined based on the ML model's accuracy in detecting the ATO attacks when trained with different versions of the anonymized data.
-
公开(公告)号:US11457040B1
公开(公告)日:2022-09-27
申请号:US16788202
申请日:2020-02-11
发明人: Pablo German Sole , Jose Luis Ferras Pereira , Sinan Eren , Luisa Marina Moya Praca de Araujo Lima
IPC分类号: H04L29/06 , H04L9/40 , H04L69/163
摘要: A reverse TCP/IP stack infrastructure is disclosed. In an example use, an application executing on a client device as an operating system extension that uses a virtual private network stack of the operating system intercepts a first IP packet generated by a client program. The application determines that the first IP packet comprises a Transmission Control Protocol synchronize message and opens a socket to a destination Internet Protocol address and destination port. A synchronize acknowledgement is received. A packet to transmit to the client program is synthesized that includes a synchronize acknowledgment.
-
公开(公告)号:US11159565B2
公开(公告)日:2021-10-26
申请号:US16947074
申请日:2020-07-16
发明人: Marco Schweighauser , Lior Gavish , Itay Bleier , Asaf Cidon
摘要: A new approach is proposed that contemplates systems and methods to support email account takeover detection and remediation by utilizing an artificial intelligence (AI) engine/classifier that detects and remediates such attacks in real time. The AI engine is configured to continuously monitor and identify communication patterns of a user on an electronic messaging system of an entity via application programming interface (API) calls. The AI engine is then configured to collect and utilize a variety of features and/or signals from an email sent from an internal email account of the entity. The AI engine combines these signals to automatically detect whether the email account has been compromised by an external attacker and alert the individual user of the account and/or a system administrator accordingly in real time. The AI engine further enables the parties to remediate the effects of the compromised email account by performing one or more remediating actions.
-
公开(公告)号:US11145221B2
公开(公告)日:2021-10-12
申请号:US16358537
申请日:2019-03-19
发明人: Fleming Shi
摘要: An approach is proposed to support neutralizing real cyber threats to training materials by intercepting, modifying and redistributing active content(s) of an email arrived at a recipient's email account. Specifically, when the recipient triggers an active content such as an URL link embedded in and/or opens an attachment to the email, the triggered active content is synchronously intercepted and examined in real time for potential malicious intent of a phishing attack. If the active content is determined to be malicious, the malicious active content in the email is then disassembled and deactivated while the payload is reconstructed with links and markings for training purposes. The recipient is then provided with an anti-phishing training exercise, wherein content of the training exercise is specifically customized for the recipient based on the reconstructed payload of the received email and/or the recipient's security posture and awareness.
-
公开(公告)号:US11134058B1
公开(公告)日:2021-09-28
申请号:US16788205
申请日:2020-02-11
发明人: Pablo German Sole , Jose Luis Ferras Pereira , Sinan Eren , Luisa Marina Moya Praca de Araujo Lima
IPC分类号: H04L29/06
摘要: Network traffic inspection is disclosed. An application executing on a client device as an operating system that uses a virtual private network (VPN) stack of the operating system intercepts a first IP packet. The application determines that a policy should be applied to the intercepted first IP packet. The policy is applied to the intercepted first IP packet.
-
公开(公告)号:US11068569B2
公开(公告)日:2021-07-20
申请号:US15993218
申请日:2018-05-30
发明人: Fleming Shi
摘要: A new approach is proposed that contemplates systems and methods to support human activity tracking and authenticity verification of human-originated digital assets. First, activities performed by a producer while he/she is constructing a digital asset, e.g., an electronic message, are captured. Information/metadata of the captured activities are then packaged/encapsulated inside the constructed digital asset, wherein such metadata includes but is not limited to mouse and/or keyboard activities, software tools used, and other digital traces of the captured human activities. Once the digital asset is transmitted and received by a consumer, the metadata included in the digital asset is unpacked and analyzed to determine various levels of authenticity of the digital asset with respect to whether the digital asset is originated manually by a human being or automatically by a software program. The consumer may then take actions accordingly based on the level of authenticity of the received digital asset.
-
9.发明授权公开(公告)号:US11050714B2
公开(公告)日:2021-06-29
申请号:US16170859
申请日:2018-10-25
IPC分类号: H04L29/06 , G05B19/418 , H04L29/08
摘要: A new network security device/appliance is proposed to not only protect, but also to control and operate an industrial IoT device. Specifically, the network security device is configured to detect and block cyber attacks such as viruses, hacking attempts, and other types of cyber threats launched from an outside network against the industrial IoT device based on a set of configurable rules. In addition, the network security device is further configured to control and operate the industrial IoT device remotely in response to the cyber attacks by issuing and communicating certain instructions/command to the industrial IoT device. Besides accepting and executing control command from the network security device, the industrial IoT device is also configured to send a request to the network security device to make certain adjustments to the rules concerning network traffic directed to the industrial IoT device.
-
公开(公告)号:US20200372107A1
公开(公告)日:2020-11-26
申请号:US16549978
申请日:2019-08-23
发明人: Fleming SHI , Joseph Thomas COMEAU
IPC分类号: G06F17/27 , G06F21/56 , G06F16/835 , G06F17/22
摘要: A new approach is proposed that contemplates systems and methods to support scanning through a file of large size without having to load the entire file into memory of single file parser or scanner. The proposed approach is configured to divide a ginormous file to be parsed and scanned into a plurality of sections following a divide and conquer scheme. The plurality sections of the file are then parsed and loaded to a plurality of file scanners each configured to scan its allocated file section of a certain file type. Each of the plurality of file scanners is then configured to extract and evaluate from its allocated section file parts that can be harmful to a user of the file and/or expose sensitive/protected information of the user. The scan results are then collected, analyzed, and report to a user with a final determination on the malicious content and sensitive data.
-
-
-
-
-
-
-
-
-
搜索结果
177 条记录 (耗时 0.023 秒)
