-
公开(公告)号:US11979374B2
公开(公告)日:2024-05-07
申请号:US18301760
申请日:2023-04-17
申请人: Cujo LLC
发明人: Syed Alam , Chris Griffiths , Santeri Kangas
IPC分类号: H04L9/40 , H04L61/4511
CPC分类号: H04L63/0236 , H04L61/4511 , H04L63/0263 , H04L63/166
摘要: There is provided a method comprising receiving a domain name system (DNS) query from a client computing device, decrypting the DNS query by a DNS resolver device, and requesting reputation information related to the FQDN from an agent device of the router apparatus. If a matching FQDN is not found in a local database, the DNS query is allowed to proceed from the DNS resolver device to a cloud DNS resolver, the IP and MAC address of the client computing device are logged and mapped to the local database, the reputation information related to the FQDN is requested from a cloud FQDN server, and if the reputation information indicates that the FQDN should be blocked, the local database is updated with the reputation information and further queries to the FQDN are blocked.
-
公开(公告)号:US11838262B1
公开(公告)日:2023-12-05
申请号:US18072280
申请日:2022-11-30
申请人: Cujo LLC
发明人: Santeri Kangas , Kimmo Kasslin , Leonardas Marozas , Filip Savin
IPC分类号: H04L29/12 , H04L61/4511 , H04L61/09 , H04L9/40 , H04L67/02 , G06F15/16 , G06F16/901 , H04L101/618
CPC分类号: H04L61/4511 , H04L61/09 , H04L63/14 , H04L67/02 , H04L2101/618
摘要: A first data communication of a first connected device related to a first target website is intercepted. The first data communication identifies the first target website by a first fully qualified domain name (FQDN), and the first FQDN is mapped to a first Internet protocol (IP) address. A pair of the first FQDN and the first IP address is determined. A second data communication of a second connected device related to a second target website is intercepted. The second data communication comprises a second encrypted FQDN and a second IP address of the second target website. The second IP address is determined to be equal to the first IP address. A cybersecurity reputation of the second target website is retrieved based on the first FQDN. In response to determining that the reputation matches a predetermined alarm condition, a cybersecurity operation is enforced for the second data communication.
-
公开(公告)号:US11799910B2
公开(公告)日:2023-10-24
申请号:US17371698
申请日:2021-07-09
申请人: Cujo LLC
发明人: Evgeny Kornev , Matti Niemenmaa
IPC分类号: H04L9/40 , H04L67/02 , H04L101/663
CPC分类号: H04L63/166 , H04L63/0236 , H04L63/20 , H04L67/02 , H04L2101/663
摘要: A network apparatus receives a first message relating to a transport layer security (TLS) handshake process for an initialization phase of a Quic user datagram protocol (UDP) Internet Connection (QUIC) connection from a client computing device toward a target computing device, wherein the first message of the TLS handshake process comprises at least a connection identifier. The network apparatus generates a second message relating to the TLS handshake process in response to the first message, wherein a cipher suite value of the second message is set to an invalid cipher suite value for the client computing device and wherein the invalid cipher suite value is unsupported by the client computing device, and sends the second message to the client computing device to cause the client computer device to close the QUIC connection.
-
公开(公告)号:US11700235B2
公开(公告)日:2023-07-11
申请号:US17499986
申请日:2021-10-13
申请人: Cujo LLC
发明人: Syed Alam , Chris Griffiths , Santeri Kangas
IPC分类号: H04L9/40 , H04L61/4511
CPC分类号: H04L63/0236 , H04L61/4511 , H04L63/0263 , H04L63/166
摘要: There is provided a method comprising receiving a domain name system (DNS) query from a client computing device, decrypting the DNS query by a DNS resolver device, and requesting reputation information related to the FQDN from an agent device of the router apparatus. If a matching FQDN is not found in a local database, the DNS query is allowed to proceed from the DNS resolver device to a cloud DNS resolver, the IP and MAC address of the client computing device are logged and mapped to the local database, the reputation information related to the FQDN is requested from a cloud FQDN server, and if the reputation information indicates that the FQDN should be blocked, the local database is updated with the reputation information and further queries to the FQDN are blocked.
-
公开(公告)号:US11528189B1
公开(公告)日:2022-12-13
申请号:US17689301
申请日:2022-03-08
申请人: Cujo LLC
发明人: Attila Egri , Christian Kiss-Toth , Matteo Cafasso
IPC分类号: G06F15/173 , H04L41/085 , H04L43/065 , H04L41/12 , H04L41/0893
摘要: Network device identification is disclosed. A set of data attributes relating to at least two different data types is extracted from network traffic data associated with each user device of a set of user devices. A cluster data set of one or more known device clusters is expanded with the set of data attributes for generating an expanded cluster data set. One or more new device clusters is identified from the expanded cluster data set of the one or more known device clusters by using similarity-based metrics and a weighting factor selected based on the data types of the set of data attributes, and one or more device identification rules is generated based on the one or more new device clusters.
-
公开(公告)号:US20220094682A1
公开(公告)日:2022-03-24
申请号:US17026621
申请日:2020-09-21
申请人: Cujo LLC
发明人: Marius Gaubas , Matti Niemenmaa
IPC分类号: H04L29/06
摘要: A network apparatus receives a connection request from a client computing device toward a target computing device. Next a target identifier that identifies the target computing device is extracted from the connection request. The connection request is sent to the target computing device and a reputation request with the target identifier is sent to a web resource analyser engine. In response to detecting that a response from the target computing device is received before a response from the web resource analyser engine, the response to the connection request from the target computing device is held by performing a rewrite in a target section of a user-space utility program rule and by using operating system kernel module in user-space memory area of the network apparatus. In response to a receipt of the response from the web resource analyser engine, the response to the connection request is released.
-
公开(公告)号:US11277422B2
公开(公告)日:2022-03-15
申请号:US15909962
申请日:2018-03-01
申请人: Cujo LLC
IPC分类号: G06F21/55 , H04L29/06 , G06N20/00 , G06F15/76 , H04L41/14 , G06F21/53 , H04L43/062 , H04L43/026 , H04L41/16
摘要: The behavior analysis engine can also detect malicious network addresses that are sent to networked devices in the local network. The network traffic hub identifies network communications that are transmitted through the local network that contain network addresses. The network traffic hub transmits (or sends) the network address to the behavior analysis engine and the behavior analysis engine extracts network address features from the network address. The behavior analysis engine then applies an execution model to the execution features to determine a confidence score for the network address that represents the execution model's certainty that the network address is malicious. The behavior analysis engine uses the confidence score to provide instructions to the network traffic hub as to whether to allow the networked device to receive the network address.
-
公开(公告)号:US10924567B2
公开(公告)日:2021-02-16
申请号:US16440997
申请日:2019-06-14
申请人: Cujo LLC
发明人: Leonid Kuperman , Attila Egri , Gabor Takacs , Paulius Ulozas
摘要: A network traffic hub receives network traffic from a user device running an application. The network traffic hub aggregates the network traffic into augmented netflows. Based on netflow parameters extracted by the network traffic hub, one or more augmented netflows are associated with the application. The network traffic hub determines whether an augmented netflow is a result of the application being in an active state or a passive state based on, for example, the quantity of data within the netflow. If the quantity of data within the augmented netflow is larger than a data threshold, the augmented netflow can be classified as an active usage, and if the data is less than the data threshold, the augmented netflow can be classified as a passive usage. Thus, by classifying network traffic of an application as active or passive, a record of a user's active usage of the application can be recorded.
-
公开(公告)号:US10135633B2
公开(公告)日:2018-11-20
申请号:US15099526
申请日:2016-04-14
申请人: Cujo LLC
摘要: A method and system for detecting malicious behavior from smart appliances within a network. Smart appliances have a certain level of intelligence that allows them to perform a specific role more effectively and conveniently. Network traffic data and appliance identification data is collected about smart appliances within a network. The data is sent to a behavior analysis engine, which computes confidence levels for anomalies within the network traffic that may be caused by malicious behavior. If the behavior analysis engine determines that malicious behavior is present in the network, it sends an instruction to a network traffic hub to block network traffic relating to the anomaly. In some embodiments, network traffic is blocked based on source-destination pairs. In some embodiments, network traffic is blocked from a device outside the network that is determined to be malicious.
-
公开(公告)号:US10103900B2
公开(公告)日:2018-10-16
申请号:US15099526
申请日:2016-04-14
申请人: Cujo LLC
摘要: A method and system for detecting malicious behavior from smart appliances within a network. Smart appliances have a certain level of intelligence that allows them to perform a specific role more effectively and conveniently. Network traffic data and appliance identification data is collected about smart appliances within a network. The data is sent to a behavior analysis engine, which computes confidence levels for anomalies within the network traffic that may be caused by malicious behavior. If the behavior analysis engine determines that malicious behavior is present in the network, it sends an instruction to a network traffic hub to block network traffic relating to the anomaly. In some embodiments, network traffic is blocked based on source-destination pairs. In some embodiments, network traffic is blocked from a device outside the network that is determined to be malicious.
-
-
-
-
-
-
-
-
-
搜索结果
76 条记录 (耗时 0.024 秒)
