-
1.发明公开公开(公告)号:US20240364738A1
公开(公告)日:2024-10-31
申请号:US18755402
申请日:2024-06-26
CPC分类号: H04L63/1483 , G06N3/04 , G06N3/08
摘要: Techniques for providing deep learning for malicious URL classification (URLC) using the innocent until proven guilty (IUPG) learning framework are disclosed. In some embodiments, a system, process, and/or computer program product includes storing a set comprising one or more innocent until proven guilty (IUPG) models for static analysis of a sample; performing a static analysis of one or more URLs associated with the sample, wherein performing the static analysis includes using at least one stored IUPG model; and determining that the sample is malicious based at least in part on the static analysis of the one or more URLs associated with the sample, and in response to determining that the sample is malicious, performing an action based on a security policy.
-
公开(公告)号:US12132752B2
公开(公告)日:2024-10-29
申请号:US18481764
申请日:2023-10-05
发明人: Michael Edward Weber , Jun Wang , Yuchen Zhou , Wei Xu
IPC分类号: G06F21/00 , H04L9/40 , H04L61/4511
CPC分类号: H04L63/1425 , H04L61/4511 , H04L63/0245 , H04L63/1441
摘要: The technology presented herein enables the use of a clustering algorithm to identify additional malicious domains based on known malicious domains. A domain identifier system identifies a first plurality of domain names associated with a malicious domain campaign and seeding a first clustering algorithm with the first plurality of domain names. After seeding the first clustering algorithm, the domain identifier system uses the first clustering algorithm to process passive domain name system (DNS) records to identify and group a second plurality of domain names associated with the malicious domain campaign.
-
公开(公告)号:US20240338332A1
公开(公告)日:2024-10-10
申请号:US18297276
申请日:2023-04-07
发明人: Rahul Devidas Rajewar , Yilin Zhao , Gong Cheng
IPC分类号: G06F13/40
CPC分类号: G06F13/4068 , G06F2213/40
摘要: A service obtains traffic logs for traffic of a network that has been sent according to a Layer 7 protocol (e.g., SNMP or DNS). The service identifies from the traffic logs device names that appear to correspond to different devices/NICs as names of candidate multi-NIC devices. The service extracts features from names of the candidate multi-NIC devices and generates respective feature vectors. The service can generate “documents” representing each device name from which it extracts features by determining n-grams of each device name, where a set of n-grams of a device name is treated as a document, and each n-gram is treated as a term in the document. Exemplary features that can be extracted based on a device name document include within-document and cross-document uniqueness scores. The service clusters the feature vectors with unsupervised learning and identifies clusters of a size that satisfies a criterion as corresponding to multi-NIC devices.
-
公开(公告)号:US20240314144A1
公开(公告)日:2024-09-19
申请号:US18670541
申请日:2024-05-21
发明人: Daiping Liu , Jun Wang , Wei Xu
IPC分类号: H04L9/40 , G06N20/00 , H04L61/4511 , H04L61/58
CPC分类号: H04L63/1416 , G06N20/00 , H04L61/4511 , H04L61/58 , H04L63/0236 , H04L63/1425 , H04L63/20
摘要: The present application discloses a method, system, and computer system for predicting responses to DNS queries. The method includes receiving a DNS query comprising a subdomain portion and a root domain portion from a client device, determining whether to obtain target address information corresponding to the DNS from a predictive cache, in response to determining to obtain the target address information from the predictive cache, obtaining the target address information from the predictive cache, and providing the target address information to the client device.
-
公开(公告)号:US20240314105A1
公开(公告)日:2024-09-19
申请号:US18674456
申请日:2024-05-24
发明人: Feng Wang
IPC分类号: H04L9/40
CPC分类号: H04L63/0227
摘要: Internet of Things (IoT) device classification is disclosed. Byte frequency information is obtained from an application executing on an Internet of Things (IoT) device that has a corresponding flow. The obtained byte frequency information is transmitted to a remote system. A classification of the application is received from the remote system. A policy is applied to the IoT device based at least in part on the received classification.
-
6.发明公开公开(公告)号:US20240297818A1
公开(公告)日:2024-09-05
申请号:US18442985
申请日:2024-02-15
IPC分类号: H04L41/0668 , G06F16/28 , G06F16/955 , G06F17/18 , H04L9/40 , H04L12/46 , H04L41/12 , H04L41/14 , H04L43/04 , H04L43/062 , H04L43/065 , H04L43/0811 , H04L43/0817 , H04L43/0864 , H04L43/0876 , H04L43/10 , H04L45/00 , H04L45/02 , H04L45/125 , H04L45/28 , H04L45/302 , H04L47/125 , H04L47/22 , H04L47/24 , H04L47/32 , H04L47/70 , H04L47/78 , H04L61/2503 , H04L61/4511 , H04L61/4523 , H04L67/141 , H04L67/52 , H04L67/63 , H04L69/40 , H04W84/04
CPC分类号: H04L41/0668 , G06F16/285 , G06F16/955 , G06F17/18 , H04L12/4633 , H04L12/4641 , H04L41/12 , H04L41/14 , H04L43/04 , H04L43/062 , H04L43/065 , H04L43/0817 , H04L43/0864 , H04L43/0876 , H04L45/02 , H04L45/125 , H04L45/28 , H04L45/302 , H04L45/306 , H04L45/38 , H04L47/125 , H04L47/22 , H04L47/24 , H04L47/32 , H04L47/781 , H04L47/825 , H04L63/061 , H04L67/141 , H04L67/52 , H04L67/63 , H04L69/40 , H04L43/0811 , H04L43/10 , H04L45/22 , H04L61/2503 , H04L61/4511 , H04L61/4523 , H04W84/04
摘要: Various techniques for dynamic path selection and data flow forwarding are disclosed. For example, various systems, processes, and computer program products for dynamic path selection and data flow forwarding are disclosed for providing dynamic path selection and data flow forwarding that can facilitate preserving/enforcing symmetry in data flows as disclosed with respect to various embodiments.
-
公开(公告)号:US20240292472A1
公开(公告)日:2024-08-29
申请号:US18174363
申请日:2023-02-24
发明人: Ta Chien Lin
IPC分类号: H04W76/10 , H04W12/069 , H04W12/69
CPC分类号: H04W76/10 , H04W12/069 , H04W12/69 , H04W84/18
摘要: A node being added to a wireless mesh network (“network”) identifies an available wireless network(s) for which WPA-Enterprise is deployed that is advertised by a “gateway node,” such as the network's main node. The new and main node have installed digital certificates that were issued by the mesh service provider. The node attempts to connect to the wireless network(s) using 802.1X authentication with its certificate. On successful network connection establishment, the node establishes a secure connection with an external service offered by the mesh service provider. Meanwhile, a user associated with the network scans a code attached to the node to initiate registration of the node for the user and network. The external service receives the encoded information, registers the node in association with the user and the network, and communicates a network configuration to the node over the secure connection. The node installs the configuration and is incorporated in the network as a satellite node.
-
公开(公告)号:US20240291854A1
公开(公告)日:2024-08-29
申请号:US18650178
申请日:2024-04-30
发明人: Lei Xu , Stefan Achleitner , Yu Fu , Shengming Xu
IPC分类号: H04L9/40 , H04L65/1069
CPC分类号: H04L63/1441 , H04L63/166 , H04L65/1069
摘要: An inline malicious traffic detector captures handshake messages in a session with a security protocol. The inline malicious traffic detector comprises a classifier that generates a verdict for the session indicating malicious or benign. The classifier is trained on labelled sessions using custom features generated from handshake messages. Based on determining that the session is malicious using features of the handshake messages, the inline malicious traffic detector blocks the session.
-
公开(公告)号:US20240291829A1
公开(公告)日:2024-08-29
申请号:US18650045
申请日:2024-04-29
发明人: Liron Levin , Isaac Schnitzer , Elad Shuster , Pavel Novik
IPC分类号: H04L9/40 , G06F16/901 , H04L67/133 , H04L69/22
CPC分类号: H04L63/1408 , G06F16/9027 , H04L67/133 , H04L69/22
摘要: A cybersecurity appliance monitoring application traffic to a web application programming interface (API) dynamically updates tree structures for the web API using the application traffic. An API tree generator generates batches of API trees from paths indicated in the application traffic. An API tree merger/pruner updates the generated batches of API trees with various merging, pruning, compacting, and malicious detection operations on the generated batches of API trees. The cybersecurity appliance implements the updated API trees with an API agent that filters the application traffic prior to processing by the web API.
-
10.发明授权公开(公告)号:US12069102B2
公开(公告)日:2024-08-20
申请号:US17646857
申请日:2022-01-03
CPC分类号: H04L63/205 , H04L47/20 , H04L63/0236 , H04L67/52
摘要: Some network architectures include perimeter or edge devices which perform network address translation or otherwise modify data in a network traffic packet header, such as the source address. The modification of the source address prevents downstream devices from knowing the true or original source address from which the traffic originated. To address this issue, perimeter devices can insert the original source address in an X-Forwarded-For field of the packet header. Firewalls and related security services can be programmed to record the original source address in the XFF field in addition to the other packet information and to consider the original source address during security analysis. Using the original source address in the XFF field, services can determine additional characteristics about the traffic, such as geographic origin or associated user accounts, and use these characteristics to identify applicable rules or policies.
-
-
-
-
-
-
-
-
-
搜索结果
998 条记录 (耗时 0.043 秒)
