公开(公告)号：US10778702B1

公开(公告)日：2020-09-15

申请号：US15965787

申请日：2018-04-27

申请人： Anomali Inc.

发明人： Wei Huang ,  Evan Wright ,  Akshay Kumar

IPC分类号： H04L29/06 ,  H04L29/12 ,  H04L12/24 ,  G06F16/28 ,  G06F16/951

摘要： A method evaluates whether a web domain is malicious. The method forms a feature vector, including data from web crawling. The features may include: whether the domain is cached from web crawling; the number of unique publicly accessible URIs hosted on the domain; the number of backlinks referencing the domain; the number of unique domain names in referring backlinks; the number of unique IP addresses in the referring backlinks; the number of unique IP address groups in the referring backlinks; and the proportion of hyperlinks to the domain from popular websites. For multiple classifiers, the method computes a probability that the domain is malicious. Each classifier is a decision tree constructed according to a subset of features and a subset of sample feature vectors. The method combines the individual probabilities to form an overall probability and returns the computed overall probability to the client.

公开(公告)号：US20190158514A1

公开(公告)日：2019-05-23

申请号：US16255708

申请日：2019-01-23

申请人： Anomali Inc.

发明人： Wei Huang ,  Yizheng Zhou ,  Hugh Njemanze

IPC分类号： H04L29/06 ,  G06F21/55 ,  G06F21/62

摘要： A security monitoring system operated by a downstream client continually collects event information indicating events that have occurred within the computing environment of the downstream client. The monitoring system, using software provided by a threat analytics system, aggregates the event information into a secure and space efficient data structure. The monitoring system transmits the data structures storing event information to the threat analytics system for further processing. The threat analytics system also receives threat indicators from intelligence feed data sources. The threat analytics system compares the event information received from each security monitoring system against the threat indicators collected from the intelligence feed data sources to identify red flag events. The threat analytics system processes the event information to synthesize all information related to the red flag event and reports the red flag event to the downstream client.

公开(公告)号：US11245711B2

公开(公告)日：2022-02-08

申请号：US16838991

申请日：2020-04-02

申请人： Anomali Inc.

发明人： Wei Huang ,  Yizheng Zhou ,  Peizhou Guo ,  Mohsen Imani

IPC分类号： G06F15/173 ,  H04L29/06 ,  H04L29/08 ,  H04L12/26 ,  G06F16/22

摘要： A system and a method are disclosed for describing a mechanism for tracking malicious activity detected on a network. For example, based on network data collected from a server, the disclosed system may detect malicious activity originating from a client device directed to the server. To detect the malicious activity, network data may be captured by the server and analyzed. When malicious activity is detected, the system may track the malicious activity, using the network data, to an earliest connection date of a client device from where the malicious activity potentially originated. The earliest connection date may indicate a potential start date of the malicious activity.

公开(公告)号：US20200322363A1

公开(公告)日：2020-10-08

申请号：US16838991

申请日：2020-04-02

申请人： Anomali Inc.

发明人： Wei Huang ,  Yizheng Zhou ,  Peizhou Guo ,  Mohsen Imani

IPC分类号： H04L29/06 ,  H04L29/08 ,  H04L12/26 ,  G06F16/22

摘要： A system and a method are disclosed for describing a mechanism for tracking malicious activity detected on a network. For example, based on network data collected from a server, the disclosed system may detect malicious activity originating from a client device directed to the server. To detect the malicious activity, network data may be captured by the server and analyzed. When malicious activity is detected, the system may track the malicious activity, using the network data, to an earliest connection date of a client device from where the malicious activity potentially originated. The earliest connection date may indicate a potential start date of the malicious activity

公开(公告)号：US20230344848A1

公开(公告)日：2023-10-26

申请号：US17986821

申请日：2022-11-14

申请人： Anomali Inc.

发明人： Wei Huang ,  Mohsen Imani ,  Yizheng Zhou

IPC分类号： H04L9/40

CPC分类号： H04L63/1425 ,  H04L63/1433 ,  H04L63/0263

摘要： A method for managing an attack surface is provided. The method comprises obtaining network traffic logs for the domain, correlating the logs to threats, mapping a flow of network traffic between malicious indicators and host identifiers, determining an exposed set of host identifiers, determining host attributes and indicator attributes of hosts identified in the exposed set, providing the exposed set and the attributes as input to a prioritization model, receiving prioritization scores as output from the prioritization model, and generating a prioritized attack surface data structure based on the scores. An interface is configured to modify a display based on the prioritized attack surface data structure.

公开(公告)号：US11509669B2

公开(公告)日：2022-11-22

申请号：US17569408

申请日：2022-01-05

申请人： Anomali Inc.

发明人： Wei Huang ,  Yizheng Zhou ,  Peizhou Guo ,  Mohsen Imani

IPC分类号： G06F15/173 ,  H04L9/40 ,  H04L67/141 ,  H04L43/16 ,  G06F16/22 ,  H04L43/08

摘要： A system and a method are disclosed for describing a mechanism for tracking malicious activity detected on a network. For example, based on network data collected from a server, the disclosed system may detect malicious activity originating from a client device directed to the server. To detect the malicious activity, network data may be captured by the server and analyzed. When malicious activity is detected, the system may track the malicious activity, using the network data, to an earliest connection date of a client device from where the malicious activity potentially originated. The earliest connection date may indicate a potential start date of the malicious activity.

公开(公告)号：US20220131881A1

公开(公告)日：2022-04-28

申请号：US17569408

申请日：2022-01-05

申请人： Anomali Inc.

发明人： Wei Huang ,  Yizheng Zhou ,  Peizhou Guo ,  Mohsen Imani

IPC分类号： G06F21/56 ,  H04L67/141 ,  H04L43/16 ,  G06F16/22 ,  H04L43/08

摘要： A system and a method are disclosed for describing a mechanism for tracking malicious activity detected on a network. For example, based on network data collected from a server, the disclosed system may detect malicious activity originating from a client device directed to the server. To detect the malicious activity, network data may be captured by the server and analyzed. When malicious activity is detected, the system may track the malicious activity, using the network data, to an earliest connection date of a client device from where the malicious activity potentially originated. The earliest connection date may indicate a potential start date of the malicious activity