公开(公告)号：US20210304022A1

公开(公告)日：2021-09-30

申请号：US16864355

申请日：2020-05-01

申请人： Crypteia Networks S.A.

发明人： Theocharis TSIGKRITIS ,  Moti SCHNEIDER

IPC分类号： G06N5/02 ,  G06N20/00

摘要： The present disclosure relates to a system and methods for extracting association rules from datasets.

公开(公告)号：US09319425B2

公开(公告)日：2016-04-19

申请号：US14338617

申请日：2014-07-23

申请人： Crypteia Networks S.A.

发明人： Ioannis Giokas

IPC分类号： G06F11/00 ,  H04L29/06 ,  G06F12/14 ,  G06F12/16

CPC分类号： H04L63/1433 ,  H04L63/1416 ,  H04L63/1441

摘要： Systems and method of the present disclosure are directed to a network security tool. In some embodiments, the tool identifies a current vulnerability of a private network. The tool can determine a signature of an attack configured to exploit the current vulnerability. The tool can comparing the signature with active and inactive signatures stored in a signature repository. The tool can compare the signatures to identify an inactive signature corresponding to the signature of the attack configured to exploit the current vulnerability. The tool can automatically activate, responsive to the comparison, the identified inactive signature. The tool can use the activated signature to identify an exploit based on data packets received via the private network.

摘要翻译： 本公开的系统和方法针对网络安全工具。 在一些实施例中，该工具识别私有网络的当前漏洞。 该工具可以确定配置为利用当前漏洞的攻击的签名。 该工具可以将签名与存储在签名库中的活动和非活动签名进行比较。 该工具可以比较签名以识别与配置为利用当前漏洞的攻击的签名相对应的非活动签名。 该工具可以根据比较自动激活所识别的非活动签名。 该工具可以使用激活的签名来识别基于经由专用网络接收的数据分组的漏洞利用。

公开(公告)号：US10721254B2

公开(公告)日：2020-07-21

申请号：US15909786

申请日：2018-03-01

申请人： Crypteia Networks S.A.

发明人： Ilias Kotinas ,  Theocharis Tsigkritis ,  Giorgos Gkroumas

IPC分类号： H04L29/06 ,  G06K9/62

摘要： Systems and methods for threat detection in a network are provided. The system obtains recoils for entities that access a network. The records include attributes associated with the entities. The system identifies features for each of the entities based on the attributes. The system generates a feature set for each of the entities. The feature set is generated from the features identified based on the attributes of each of the entities. The system forms clusters of entities based on the feature set for each of the entities. The system classifies each of the clusters with a threat severity score calculated based on scores associated with entities forming each of the clusters. The system determines to generate an alert for an entity in a cluster response to the threat severity score of the cluster being greater than a threshold.

公开(公告)号：US09392007B2

公开(公告)日：2016-07-12

申请号：US14531450

申请日：2014-11-03

申请人： Crypteia Networks S.A.

发明人： Ioannis Giokas

IPC分类号： G06F21/00 ,  H04L29/06

CPC分类号： H04L63/1416 ,  H04L51/12 ,  H04L63/1425

摘要： Systems and method of the present disclosure are directed to a network security monitor. The monitor can receive logs of a second computer network indicative of a status of the second computer network determined by a monitoring agent executing on the second computer network. The monitor can generate indexed logs from the logs based on log format. The monitor can retrieving a list of threat indicators from a database based on a schema from a plurality of threat indicators received from a plurality of heterogeneous repositories via the first computer network. The monitor can compare the list of threat indicators with the indexed logs. The monitor can generate a report based on the comparing to identify a threat.

摘要翻译： 本公开的系统和方法涉及网络安全监视器。 监视器可以接收指示由在第二计算机网络上执行的监视代理确定的第二计算机网络的状态的第二计算机网络的日志。 监视器可以基于日志格式从日志生成索引日志。 监视器可以基于来自经由第一计算机网络从多个异构存储库接收的多个威胁指示符的模式从数据库检索威胁指示符的列表。 监视器可以将威胁指示器列表与索引日志进行比较。 监视器可以基于比较来生成报告来识别威胁。

公开(公告)号：US20150128274A1

公开(公告)日：2015-05-07

申请号：US14531450

申请日：2014-11-03

申请人： Crypteia Networks S.A.

发明人： Ioannis Giokas

IPC分类号： H04L29/06

CPC分类号： H04L63/1416 ,  H04L51/12 ,  H04L63/1425

摘要： Systems and method of the present disclosure are directed to a network security monitor. The monitor can receive logs of a second computer network indicative of a status of the second computer network determined by a monitoring agent executing on the second computer network. The monitor can generate indexed logs from the logs based on log format. The monitor can retrieving a list of threat indicators from a database based on a schema from a plurality of threat indicators received from a plurality of heterogeneous repositories via the first computer network. The monitor can compare the list of threat indicators with the indexed logs. The monitor can generate a report based on the comparing to identify a threat.

摘要翻译： 本公开的系统和方法涉及网络安全监视器。 监视器可以接收指示由在第二计算机网络上执行的监视代理确定的第二计算机网络的状态的第二计算机网络的日志。 监视器可以基于日志格式从日志生成索引日志。 监视器可以基于来自经由第一计算机网络从多个异构存储库接收的多个威胁指示符的模式从数据库检索威胁指示符的列表。 监视器可以将威胁指示器列表与索引日志进行比较。 监视器可以基于比较来生成报告来识别威胁。