-
-
公开(公告)号:US11122040B1
公开(公告)日:2021-09-14
申请号:US16233366
申请日:2018-12-27
申请人: Symantec Corporation
发明人: Yuqiong Sun , Xueqiang Wang , Susanta Nanda , Yun Shen , Pierre-Antoine Vervier , Petros Efstathopoulos
IPC分类号: H04L29/06
摘要: The disclosed computer-implemented method for fingerprinting devices may include (i) detecting that a new device has attempted to connect to a network gateway, (ii) attempting to fingerprint the new device as an instance of a known candidate device type by (a) transmitting to the new device, from a security application, a set of network messages that mimic network messages that a second application is configured to transmit to instances of the known candidate device type and (b) confirming, by the security application based on a response from the new device to the set of network messages, that the new device is the instance of the known candidate device type, and (iii) performing a security action to protect a network corresponding to the network gateway based on confirming that the new device is the instance of the known candidate device type. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US10440047B2
公开(公告)日:2019-10-08
申请号:US15630131
申请日:2017-06-22
申请人: Symantec Corporation
发明人: Pierre-Antoine Vervier , Yun Shen
摘要: The disclosed computer-implemented method for mapping Internet Protocol addresses for an organization may include (1) receiving information for an organization from an organizational server, (2) extracting data from a plurality of server data sources associated with the information, (3) mapping the data from the plurality of sever data sources to the information, and (4) determining, based at least in part on the mapped data, a list of IP addresses identifying one or more relationships associated with the organization thereby facilitating performing a security posture analysis against a malicious attack. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US20180375894A1
公开(公告)日:2018-12-27
申请号:US15630131
申请日:2017-06-22
申请人: Symantec Corporation
发明人: Pierre-Antoine Vervier , Yun Shen
CPC分类号: H04L63/1441 , G06Q10/0635 , H04L61/2007 , H04L61/2503 , H04L63/1433
摘要: The disclosed computer-implemented method for mapping Internet Protocol addresses for an organization may include (1) receiving information for an organization from an organizational server, (2) extracting data from a plurality of server data sources associated with the information, (3) mapping the data from the plurality of sever data sources to the information, and (4) determining, based at least in part on the mapped data, a list of IP addresses identifying one or more relationships associated with the organization thereby facilitating performing a security posture analysis against a malicious attack. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US10148690B2
公开(公告)日:2018-12-04
申请号:US14977261
申请日:2015-12-21
申请人: Symantec Corporation
发明人: Yun Shen , Yufei Han , Pierre-Antoine Vervier
IPC分类号: H04L29/06
摘要: A system and method for detecting malicious hijack events in real-time is provided. The method may include receiving routing data associated with a Border Gateway Protocol (BGP) event from at least one BGP router. The method may further include generating a hijack detection model using a machine learning technique, such as Positive Unlabeled learning. The machine learning technique may include at least one data input and a probability output; wherein, the data input couples to receive a set of historically confirmed BGP hijacking data and the routing data, while the probability output transmits a probability value for the malicious event which may be calculated based upon the data input. Finally, the method may include classifying the BGP event as a malicious event or a benign event using the BGP hijack model and correcting routing tables that have been corrupted by a malicious event.
-
6.发明授权公开(公告)号:US11108787B1
公开(公告)日:2021-08-31
申请号:US15940571
申请日:2018-03-29
申请人: SYMANTEC CORPORATION
发明人: Yun Shen , Pierre-Antoine Vervier
摘要: Securing a network device by forecasting an attack event using a recurrent neural network. In one embodiment, a method may include collecting event sequences of events that occurred on multiple network devices, generating training sequences, validation sequences, and test sequences from the event sequences, training a recurrent neural network using the training sequences, the validation sequences, and the test sequences, collecting an event sequence of the most recent events that occurred on a target network device, forecasting, using the recurrent neural network and based on the event sequence of the most recent events that occurred on the target network device, the next event that will occur on the target network device, and in response to the forecasted next event being an attack event, performing a security action to prevent harm to the target network device from the attack event.
-
公开(公告)号:US10277621B2
公开(公告)日:2019-04-30
申请号:US15647303
申请日:2017-07-12
申请人: Symantec Corporation
发明人: Pierre-Antoine Vervier , Yun Shen
摘要: The disclosed computer-implemented method for detecting vulnerabilities on servers may include (i) sending requests to servers for information about services potentially executing on the servers, (ii) receiving, in response to requests, messages from the servers that comprise the information about the services, wherein the set of messages use different formats for transmitting the information, (iii) creating, by analyzing the set of the messages, at least one heuristic that is capable of automatically extracting, from a message, an identifier of a service that executes on a server that sent the message, (iv) extracting, from the message, via the heuristic, the identifier of the service executes on the server that sent the message, and (v) determining, based on the identifier of the service, that the service contributes to a vulnerability on the server that sent the message. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US20170180418A1
公开(公告)日:2017-06-22
申请号:US14977261
申请日:2015-12-21
申请人: Symantec Corporation
发明人: Yun Shen , Yufei Han , Pierre-Antoine Vervier
IPC分类号: H04L29/06
CPC分类号: H04L63/1466 , H04L63/1408 , H04L63/1416 , H04L63/1425
摘要: A system and method for detecting malicious hijack events in real-time is provided. The method may include receiving routing data associated with a Border Gateway Protocol (BGP) event from at least one BGP router. The method may further include processing the routing data to generate a list of features representing ownership and various other details relating to origin and upstream equipment. The method may further include generating a hijack detection model using the routing data and the list of features, where a machine learning technique, such as Positive Unlabeled learning technique is employed. The machine learning technique may include at least one data input and a probability output; wherein, the data input couples to receive a set of historically confirmed BGP hijacking data and the routing data, while the probability output transmits a probability value for the malicious event which may be calculated based upon the data input. Finally, the method may include classifying the BGP event as a malicious event or a benign event using the BGP hijack model. This classification may be implemented using a threshold cut-off value and comparing this threshold with the probability generated by the machine learning technique.
-
公开(公告)号:US10944781B1
公开(公告)日:2021-03-09
申请号:US16018041
申请日:2018-06-25
申请人: Symantec Corporation
摘要: Disclosed computer-implemented methods for identifying malicious domain names from a passive domain name system server log (DNS log) may include, in some examples, (1) creating a pool of domain names from the DNS log, (2) identifying respective features of each name in the pool, (3) preparing a list of known benign names and respective features of each known benign name, (4) preparing a list of known malicious names and features of each known malicious name, (5) computing a classification model based on (A) the features of each benign name on the list of benign names and (B) the features of each malicious name on the list of malicious names, (6) identifying respective features of an unclassified domain name, and (7) classifying, using the classification model, the unclassified domain name as malicious, based on the respective features of the unclassified domain name. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US10547623B1
公开(公告)日:2020-01-28
申请号:US15664029
申请日:2017-07-31
申请人: SYMANTEC CORPORATION
摘要: Securing network devices by forecasting future security incidents for a network based on past security incidents. In one embodiment, a method may include constructing past inside-in security features for a network, constructing past outside-in security features for the network, and employing dynamic time warping to generate a similarity score for each security feature pair in the past inside-in security features, in the past outside-in security features, and between the past inside-in security features and the past outside-in security features. The method may further include generating a Coupled Gaussian Latent Variable (CGLV) model based on the similarity scores, forecasting future inside-in security features for the network using the CGLV model, and performing a security action on one or more network devices of the network based on the forecasted future inside-in security features for the network.
-
-
-
-
-
-
-
-
-
搜索结果
17 条记录 (耗时 0.015 秒)
