公开(公告)号：US20230281300A1

公开(公告)日：2023-09-07

申请号：US17847829

申请日：2022-06-23

Applicant: Cisco Technology, Inc.

Inventor： Pavel Prochazka ,  Stepan Dvorak ,  Lukas Bajer ,  Martin Kopp ,  Kyrylo Shcherbin

IPC: G06F21/55

CPC classification number: G06F21/55 ,  G06F2221/034

Abstract: Techniques for identifying malicious actors across datasets of different origin. The techniques may include receiving input data indicative of network interactions between entities and modalities. Based at least in part on the input data, a maliciousness score associated with a first entity may be determined. In some instances, a value of the maliciousness score may be partially based on a number of the modalities that are interacting with the first entity and also interacting with one or more malicious entities. The techniques may further include determining whether the value of the maliciousness score exceeds a threshold value and, based at least in part on the value of the maliciousness score exceeding the threshold value, a request may be made to identify the first entity as a new malicious entity.

公开(公告)号：US20240356957A1

公开(公告)日：2024-10-24

申请号：US18373765

申请日：2023-09-27

Applicant: Cisco Technology, Inc.

Inventor： Lukas Bajer ,  Pavel Prochazka ,  Michal Mares

IPC: H04L9/40

CPC classification number: H04L63/1433 ,  H04L63/1425

Abstract: Techniques for identifying malicious threats for investigation using network telemetry data. The techniques include receiving network telemetry data regarding a computer network and also receiving information regarding one or more known malicious nodes which are designated as seeds. A Risk Map Graph (RMG) is constructing using the one or more seeds and the relationship data. The RMG is used to assign risk scores to the network nodes. Data regarding the most at-risk nodes is sent to a security service for investigation. Data is received from the security service as to which of the selected nodes is malicious. These malicious nodes are designated as new seeds, and another RMG is constructed with these new seed nodes. This process can be continuously iterated until either the security budget has been reached or all relevant nodes have been investigated.