公开(公告)号：US12126641B2

公开(公告)日：2024-10-22

申请号：US18107172

申请日：2023-02-08

申请人： NEC Corporation

发明人： Masaru Kawakita

IPC分类号： H04L9/40 ,  H04L43/045

CPC分类号： H04L63/1425 ,  H04L43/045 ,  H04L2463/146

摘要： An attack situation visualization device includes: a memory that stores instructions; and at least one processer configured to process the instructions to: analyze a log in which information about a cyberattack is recorded and specify at least either of a source of a communication related to the cyberattack and a destination of a communication related to the cyberattack; and generate display information allowing display of an image in which an image representing a map, a source image representing the source, and a destination image representing the destination are arranged on the map, wherein, the at least one processer configured to process the instructions to generate the display information including an attack situation image visualizing at least either of a traffic volume and a communication frequency of a communication related to the cyberattack between the source and the destination.

公开(公告)号：US11991186B2

公开(公告)日：2024-05-21

申请号：US17057571

申请日：2018-05-22

申请人： Nokia Technologies Oy

发明人： Zhiyuan Hu ,  Jing Ping ,  Stephane Mahieu ,  Yueming Yin ,  Zhigang Luo

IPC分类号： G06F21/00 ,  H04L9/40 ,  H04L45/302

CPC分类号： H04L63/1416 ,  H04L45/306 ,  H04L63/1425 ,  H04L63/1441 ,  H04L2463/146

摘要： Embodiments of the present disclosure relate to methods, devices and computer readable storage medium for tracing an attack source in a service function chain overlay network. In example embodiments, a request for tracing an attack source of an attacking data is sent at the attack tracer to a first service function chain domain of a plurality of service function chain domains through which the attacking data flow passes subsequently. The request includes flow characteristics of the attacking data flow. Then, the attack tracer receives a first set of results of flow matching based on the flow characteristics from the first service function chain domain. The attack tracer identifies the attack source in the plurality of service function chain domains at least in part based on the first set of results. In this way, the attack source may be traced efficiently in the service function chain overlay network.

公开(公告)号：US20230208878A1

公开(公告)日：2023-06-29

申请号：US18145381

申请日：2022-12-22

申请人： Activision Publishing, Inc.

发明人： Philippe Louis Yves Paquet

IPC分类号： H04L9/40 ,  G06F16/957 ,  H04L61/5007

CPC分类号： H04L63/1483 ,  H04L63/1466 ,  G06F16/9574 ,  H04L61/5007 ,  H04L2463/146 ,  H04L2101/663

摘要： A method of tracking phishing activity is disclosed. A request to download a webpage hosted as part of a legitimate website on a server is initiated. The request includes identification data pertaining to at least one user computing device. The identification data is extracted from the request. A unique identifier corresponding to the extracted identification data is generated.
Fingerprint data is generated using at least a subset of the extracted identification data. The unique identifier, the extracted identification data and the fingerprint data is stored. The fingerprint data is encoded into a program and/or data associated with the webpage to generate a modified webpage. The modified webpage is transmitted from the server to the user computing device in response to the request.

公开(公告)号：US20230199013A1

公开(公告)日：2023-06-22

申请号：US18107172

申请日：2023-02-08

申请人： NEC Corporation

发明人： Masaru KAWAKITA

IPC分类号： H04L9/40 ,  H04L43/045

CPC分类号： H04L63/1425 ,  H04L43/045 ,  H04L2463/146

摘要： An attack situation visualization device includes: a memory that stores instructions; and at least one processer configured to process the instructions to: analyze a log in which information about a cyberattack is recorded and specify at least either of a source of a communication related to the cyberattack and a destination of a communication related to the cyberattack; and generate display information allowing display of an image in which an image representing a map, a source image representing the source, and a destination image representing the destination are arranged on the map, wherein, the at least one processer configured to process the instructions to generate the display information including an attack situation image visualizing at least either of a traffic volume and a communication frequency of a communication related to the cyberattack between the source and the destination.

公开(公告)号：US20230164153A1

公开(公告)日：2023-05-25

申请号：US18095353

申请日：2023-01-10

申请人： Code42 Software, Inc.

发明人： Peter John Lindquist

IPC分类号： H04L9/40 ,  G06N20/00

CPC分类号： H04L63/1416 ,  G06N20/00 ,  H04L2463/146

摘要： Systems and techniques for detecting suspicious file activity are described herein. System for identifying anomalous data events is adapted to monitor a networked file system and receive an indication of a suspicious event associated with a user and a file. The system is further adapted to perform a pattern of behavior analysis for the user, perform an adjacency by time analysis based on a set of events before the suspicious event and a set of events after the suspicious event, and perform an adjacency by location analysis using a set of files located in a location of the file. The system is further adapted to determine whether the suspicious event is an anomalous event based on the pattern of behavior analysis, the adjacency by time analysis, and the adjacency by location analysis and display a report for the user including the anomalous event.

公开(公告)号：US20180198805A1

公开(公告)日：2018-07-12

申请号：US15400389

申请日：2017-01-06

申请人： Cisco Technology, Inc.

发明人： Martin VEJMAN ,  Lukas MACHLICA

IPC分类号： H04L29/06 ,  G06N5/04 ,  G06N7/00 ,  G06N99/00

CPC分类号： H04L63/1416 ,  G06N5/022 ,  G06N7/005 ,  G06N20/00 ,  H04L61/1511 ,  H04L63/14 ,  H04L63/1425 ,  H04L63/1441 ,  H04L2463/146

摘要： Systems described herein preemptively detect newly registered network domains that are likely to be malicious before network behavior of the domains is actually observed. A network security device (e.g., a router) receives domain registration data that associates network domains with keys and generating a graph representing the domain registration data. Each edge of the graph connects a vertex representing a domain and a vertex representing a registration attribute (e.g., a registrant email address). The network security device identifies a connected component of the graph that meets a graph robustness threshold. The network security device determines whether a domain of the connected component whose behavior has not yet been observed is malicious using a predictive model based on existing maliciousness labels for other domains of the connected component.

公开(公告)号：US20180183819A1

公开(公告)日：2018-06-28

申请号：US15390915

申请日：2016-12-27

申请人： General Electric Company

发明人： Tam Khanh Le

IPC分类号： H04L29/06 ,  G06N7/00

CPC分类号： H04L63/1416 ,  G06F21/55 ,  G06F21/56 ,  G06N7/005 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1441 ,  H04L63/1458 ,  H04L2463/146

摘要： In some embodiments, a network event initiation detection engine may access a time series event data store containing indications for each of a series of received network events, including a time value. The network event initiation detection engine may then perform a statistical analysis on the information in the time series event data store, including the time values. The statistical analysis may be, for example, associated with durations of time existing between events. Based on the statistical analysis, a result may be output associated with a network event initiation likelihood. The result might indicate, for example, that an event was machine-initiated, human-initiated, etc.

公开(公告)号：US10003613B2

公开(公告)日：2018-06-19

申请号：US14975057

申请日：2015-12-18

申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION

发明人： Masayoshi Mizutani ,  Takahide Nogayama ,  Raymond H. P. Rudy ,  Scott R. Trent ,  Yuta Tsuboi ,  Yuji Watanabe

IPC分类号： H04L29/06 ,  G06F12/14 ,  H04L9/32 ,  G06F21/53 ,  G06F21/56

CPC分类号： H04L63/20 ,  G06F21/53 ,  G06F21/56 ,  H04L2463/146

摘要： A method and system are provided for performing a security inspection of a set of virtual images in a cloud infrastructure. The method includes merging the virtual images into a tree structure having a root and a plurality of leaves such that child leaves and a parent leaf to the child leaves have common ones of the virtual images. The method further includes identifying a security violation in a given one of the virtual images at a given one of the plurality of leaves. The method also includes applying a bisection method against a path in the tree from the root to the given one of the plurality of leaves to find a particular one of the virtual images that is a root cause of the security violation. The method additionally includes performing a corrective action for any of the plurality of images having the security violation.

公开(公告)号：US20170302691A1

公开(公告)日：2017-10-19

申请号：US15426346

申请日：2017-02-07

申请人： Acalvio Technologies, Inc.

发明人： Satnam Singh ,  Mohammad Waseem ,  Suril Desai ,  Venkata Babji Sama ,  Rajendra Gopalakrishna

IPC分类号： H04L29/06

CPC分类号： H04L63/1425 ,  G06F17/30958 ,  H04L43/026 ,  H04L43/045 ,  H04L63/0272 ,  H04L63/1408 ,  H04L63/1458 ,  H04L63/1491 ,  H04L2463/146

摘要： This disclosure is related to using network flow information of a network to determine the trajectory of an attack. In some examples, an adjacency data structure is generated for a network. The adjacency data structure can include a machine of the network that has interacted with another machine of the network. The network can further include one or more deception mechanisms. The deception mechanisms can indicate that an attack is occurring when a machine interacts with one of the deception mechanisms. When the attack is occurring, attack trajectory information can be generated by locating in the adjacency data structure the machine that interacted with the deception mechanism. The attack trajectory information can correlate the information from the interaction with the deception mechanism, the interaction information of the network, and machine information for each machine to determine a possible trajectory of an adversary.

公开(公告)号：US09774628B2

公开(公告)日：2017-09-26

申请号：US14829889

申请日：2015-08-19

申请人： THE BOEING COMPANY

发明人： Daniel Nguyen ,  Marissa A. Nishimoto ,  George C. Chang

IPC分类号： G06F21/55 ,  H04L29/06

CPC分类号： H04L63/1491 ,  H04L63/1433 ,  H04L2463/146

摘要： An aircraft includes an aircraft network having nodes and links and a sandbox network in communication with the aircraft network. The sandbox network simulates the aircraft network and includes sandbox nodes corresponding to the nodes of the aircraft network, a first set of sandbox links corresponding to the links of the aircraft network, and a second set of sandbox links providing communication between sandbox nodes not in communication via the first set of sandbox links. Computer executable instructions, when executed, perform the steps of: generating network traffic over the sandbox network such that the sandbox network models a behavior of the aircraft network; identifying a suspicious activity on the aircraft network; routing the suspicious activity from the aircraft network to the sandbox network; and analyzing the suspicious activity as the suspicious activity traverses through the sandbox network.