公开(公告)号：US11250034B2

公开(公告)日：2022-02-15

申请号：US16587832

申请日：2019-09-30

Applicant: Juniper Networks, Inc.

Inventor： Jacob Asher Langton ,  Daniel J. Quinlan ,  Kyle Adams

IPC: G06F17/00 ,  G06F16/28 ,  G06F16/35 ,  G06F16/182 ,  G06F9/451

Abstract: A device may receive an instruction to classify software. The device may identify a group of one or more user interfaces associated with the software based on receiving the instruction to classify the software. The device may determine a group of one or more user interface signatures associated with the group of one or more user interfaces. A user interface signature may include information, associated with a user interface in the group of one or more user interfaces, that may be used to classify the software. The device may generate information that identifies a classification of the software based on the group of one or more user interface signatures and based on known signature information. The known signature information may include information that corresponds to a correct software classification. The device may output the information that identifies the classification of the software.

公开(公告)号：US11163879B2

公开(公告)日：2021-11-02

申请号：US15495427

申请日：2017-04-24

Applicant: Juniper Networks, Inc.

Inventor： Jacob Asher Langton ,  Daniel J. Quinlan ,  Kyle Adams ,  Declan Conlon

IPC: G06F21/56 ,  G06F21/53

Abstract: A device may identify a plurality of files for a multi-file malware analysis. The device may execute the plurality of files in a malware testing environment. The device may monitor the malware testing environment for behavior indicative of malware. The device may detect the behavior indicative of malware. The device may perform a first multi-file malware analysis or a second multi-file malware analysis based on detecting the behavior indicative of malware. The first multi-file malware analysis may include a partitioning technique that partitions the plurality of files into two or more segments of files to identify a file, included in the plurality of files, that includes malware. The second multi-file malware analysis may include a scoring technique that modifies a plurality of malware scores, corresponding to the plurality of files, to identify the file, included in the plurality of files, that includes malware.

公开(公告)号：US10834103B2

公开(公告)日：2020-11-10

申请号：US15942530

申请日：2018-04-01

Applicant: Juniper Networks, Inc.

Inventor： Karthik Ragunath Balasundaram ,  Prakash T. Seshadri ,  Daniel J. Quinlan ,  Volodymyr Kuznetsov ,  Rakesh Kumar

IPC: H04L29/06 ,  G06F21/56 ,  H04L29/12

Abstract: A security platform may determine mapped attribute information associated with a plurality of host identifiers. The mapped attribute information may include information that identifies a set of related attributes. The security platform may determine, based on the mapped attribute information, that a host device is associated with at least two host identifiers of the plurality of host identifiers. The security platform may aggregate, based on the at two least host identifiers, threat information as aggregated threat information associated with the host device. The security platform may classify the host device as an infected device or a suspicious device based on the aggregated threat information.

公开(公告)号：US10021132B2

公开(公告)日：2018-07-10

申请号：US15640744

申请日：2017-07-03

Applicant: Juniper Networks, Inc.

Inventor： Kyle Adams ,  Daniel J. Quinlan

IPC: H04L29/06 ,  H04L12/927 ,  H04L29/08

CPC classification number: H04L63/1458 ,  G06F2221/2103 ,  H04L47/808 ,  H04L63/10 ,  H04L63/1425 ,  H04L63/1441 ,  H04L67/303 ,  H04L67/42 ,  H04L2463/141 ,  H04L2463/144

Abstract: A device may detect an attack. The device may receive, from a client device, a request for a resource. The device may determine, based on detecting the attack, a computationally expensive problem to be provided to the client device, where the computationally expensive problem requires a computation by the client device to solve the computationally expensive problem. The device may instruct the client device to provide a solution to the computationally expensive problem. The device may receive, from the client device, the solution to the computationally expensive problem. The device may selectively provide the client device with access to the resource based on the solution.

公开(公告)号：US09990496B2

公开(公告)日：2018-06-05

申请号：US15449342

申请日：2017-03-03

Applicant: Juniper Networks, Inc.

Inventor： Kyle Adams ,  Jacob Asher Langton ,  Daniel J. Quinlan

IPC: G06F7/04 ,  G06F21/56 ,  G06F21/62

CPC classification number: G06F21/56 ,  G06F21/6209 ,  G06F2221/034 ,  H04L63/0428 ,  H04L63/1441

Abstract: A device may receive a password-protected file to be accessed for analysis. The device may identify a contextual term, associated with the password-protected file, to be used as a password to attempt to access the password-protected file. The contextual term may be identified based on at least one of: metadata associated with the password-protected file, metadata associated with a source from which the password-protected file is received, or text associated with the source from which the password-protected file is received. The device may apply the contextual term as the password to attempt to access the password-protected file.

公开(公告)号：US09922193B2

公开(公告)日：2018-03-20

申请号：US15455981

申请日：2017-03-10

Applicant: Juniper Networks, Inc.

Inventor： Kyle Adams ,  Daniel J. Quinlan

IPC: G06F21/53 ,  G06F21/56 ,  G06F11/36

CPC classification number: G06F21/566 ,  G06F11/3688 ,  G06F11/3692 ,  G06F21/53 ,  G06F21/56 ,  G06F21/567 ,  G06F2221/034

Abstract: A security device may receive actual behavior information associated with an object. The actual behavior information may identify a first set of behaviors associated with executing the object in a live environment. The security device may determine test behavior information associated with the object. The test behavior information may identify a second set of behaviors associated with testing the object in a test environment. The security device may compare the first set of behaviors and the second set of behaviors to determine a difference between the first set of behaviors and the second set of behaviors. The security device may identify whether the object is an evasive malicious object based on the difference between the first set of behaviors and the second set of behaviors. The security device may provide an indication of whether the object is an evasive malicious object.

公开(公告)号：US09740862B1

公开(公告)日：2017-08-22

申请号：US14753259

申请日：2015-06-29

Applicant: Juniper Networks, Inc.

Inventor： Daniel J. Quinlan ,  Kyle Adams ,  Jacob Asher Langton

IPC: G06F21/00 ,  G06F21/56 ,  G06F21/53

CPC classification number: G06F21/53 ,  G06F21/566 ,  G06F2221/033 ,  G06F2221/2145

Abstract: A device may analyze a first file for malware. The device may determine that the first file causes a second file to be downloaded. The device may store linkage information that identifies a relationship between the first file and the second file based on determining that the first file causes the second file to be downloaded. The device may analyze the second file for malware. The device may determine a first malware score for the first file based on analyzing the second file for malware and based on the linkage information. The device may determine a second malware score for the second file based on analyzing the first file for malware and based on the linkage information.

公开(公告)号：US09680845B2

公开(公告)日：2017-06-13

申请号：US14675422

申请日：2015-03-31

Applicant: Juniper Networks, Inc.

Inventor： Jacob Asher Langton ,  Daniel J. Quinlan ,  Kyle Adams ,  Declan Conlon

IPC: H04L29/06 ,  H04L29/08 ,  H04L12/26 ,  G06F21/53 ,  G06F21/56

CPC classification number: H04L63/1416 ,  G06F21/53 ,  G06F21/566 ,  H04L43/0876 ,  H04L63/0227 ,  H04L63/1408 ,  H04L67/303

Abstract: A device may receive a trigger to determine whether a malicious file is operating on a client device. The device may determine a network activity profile associated with the malicious file based on receiving the trigger to determine whether the malicious file is operating on the client device. The network activity profile may include information regarding network activity associated with the malicious file when the malicious file is executed in a testing environment. The device may monitor network activity associated with the client device. The device may determine that the network activity associated with the client device matches the network activity profile associated with the malicious file based on monitoring the network activity associated with the client device. The device may provide information indicating that the network activity associated with the client device matches the network activity profile associated with the malicious file.

公开(公告)号：US20170063922A1

公开(公告)日：2017-03-02

申请号：US15350179

申请日：2016-11-14

Applicant: Juniper Networks, Inc.

Inventor： Oskar Ibatullin ,  Kyle Adams ,  Daniel J. Quinlan

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/1466 ,  G06F21/554 ,  H04L63/0209 ,  H04L63/1425 ,  H04L63/1441 ,  H04L67/10

Abstract: This disclosure describes techniques for proactively identifying possible attackers based on a profile of a device. For example, a device includes one or more processors and network interface cards to receive, from a remote device, network traffic directed to one or more computing devices protected by the device, determine, based on content of the network traffic, a first set of data points for the device, send a response to the remote device to ascertain a second set of data points for the device, and receive, from the remote device, at least a portion of the second set of data points. The device also includes a security module operable by the processors to determine a maliciousness rating, and selectively manage, based on the maliciousness rating, additional network traffic directed to the one or more computing devices protected by the security device and received from the remote device.

Abstract translation: 本公开描述了基于设备的轮廓主动地识别可能的攻击者的技术。 例如，设备包括一个或多个处理器和网络接口卡，用于从远程设备接收指向由设备保护的一个或多个计算设备的网络流量，基于网络业务的内容来确定第一组 发送对远程设备的响应以确定设备的第二组数据点，并从远程设备接收第二组数据点的至少一部分。 该设备还包括可由处理器操作以确定恶意等级的安全模块，并且基于恶意等级选择性地管理针对由安全设备保护并从远程设备接收的一个或多个计算设备的附加网络流量。

公开(公告)号：US20140283061A1

公开(公告)日：2014-09-18

申请号：US13910019

申请日：2013-06-04

Applicant: Juniper Networks, Inc.

Inventor： Daniel J. Quinlan ,  Kyle Adams ,  Oskar Ibatullin ,  Yuly Tenorio Morales ,  Robert W. Cameron ,  Bryan Burns

IPC: H04L29/06

CPC classification number: H04L63/1441 ,  H04L63/1408 ,  H04L67/02

Abstract: This disclosure describes a global attacker database that utilizes device fingerprinting to uniquely identify devices. For example, a device includes one or more processors and network interface cards to receive network traffic directed to one or more computing devices protected by the device, send, to the remote device, a request for data points of the remote device, wherein the data points include characteristics associated with the remote device, and receive at least a portion of the requested data points. The device also includes a fingerprint module to compare the received portion of the data points to sets of data points associated with known attacker devices, and determine, based on the comparison, whether a first set of data points of a first known attacker device satisfies a similarity threshold. The device also includes an security module to selectively manage, based on the determination, additional network traffic directed to the computing devices.

Abstract translation: 本公开描述了使用设备指纹识别设备的全局攻击者数据库。 例如，设备包括一个或多个处理器和网络接口卡，以接收指向由设备保护的一个或多个计算设备的网络流量，向远程设备发送对远程设备的数据点的请求，其中数据 点包括与远程设备相关联的特征，并且接收所请求的数据点的至少一部分。 所述设备还包括指纹模块，用于将接收到的数据点部分与已知攻击者设备相关联的数据点集合进行比较，并且基于比较确定第一已知攻击者设备的第一组数据点是否满足 相似性阈值。 该设备还包括安全模块，用于基于确定选择性地管理针对计算设备的附加网络流量。