公开(公告)号：US20240314169A1

公开(公告)日：2024-09-19

申请号：US18674428

申请日：2024-05-24

Applicant: Zscaler, Inc.

Inventor： Rubin Azad

IPC: H04L9/40

CPC classification number: H04L63/1491 ,  H04L63/1416 ,  H04L63/1425

Abstract: Systems and methods for cloud-based threat alerts and monitoring include monitoring network traffic via a cloud-based system of one or more tenants of the cloud-based system; receiving a plurality of alerts associated with the network traffic from a plurality of security tools of the cloud-based system; logging the plurality of alerts; and providing an event chain, including the plurality of alerts. Based on the event chain, alerts can be identified as being false positives or legitimate.

公开(公告)号：US12074908B2

公开(公告)日：2024-08-27

申请号：US17369057

申请日：2021-07-07

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Huazhi Yang ,  Donghui Wang

IPC: H04L29/06 ,  H04L9/40 ,  H04L45/00 ,  H04L45/745 ,  H04L61/103 ,  H04L101/622

CPC classification number: H04L63/1491 ,  H04L45/66 ,  H04L45/745 ,  H04L61/103 ,  H04L2101/622

Abstract: This application discloses a cyber threat deception method and system, and a forwarding device. The forwarding device obtains a deception target set, where the deception target set includes a deception target, and the deception target includes an unused internet protocol (IP) address or an unopened port number on a used IP address. The forwarding device receives an IP packet from a host, and determines whether a destination party that the IP packet requests to access belongs to the deception target set. If the destination party that the IP packet requests to access belongs to the deception target set, the forwarding device sends the IP packet to a honeypot management server. The forwarding device receives a response packet, returned by the honeypot management server, of the corresponding IP packet. The forwarding device sends the response packet to the host.

公开(公告)号：US20240283822A1

公开(公告)日：2024-08-22

申请号：US18170492

申请日：2023-02-16

Applicant: Capital One Services, LLC

Inventor： Galen RAFFERTY ,  Samuel Sharpe ,  Brian Barr ,  Jeremy Goodsitt ,  Michael Davis ,  Taylor Turner ,  Justin Au-Yeung ,  Owen Reinert

IPC: H04L9/40 ,  H04L41/16

CPC classification number: H04L63/1491 ,  H04L41/16 ,  H04L63/1416

Abstract: In some aspects, a computing system may iterate between adding spurious data to the dataset and training a model on the dataset. If the model's performance has not dropped by more than a threshold amount, then additional spurious data may be added to the dataset until the desired amount of performance decrease has been achieved. the computing system may determine the amount of impact each feature has on a model's output. The computing system may generate a spurious data sample by modifying values of features that are more impactful than other features. The computing system may repeatedly modify the spurious data that is stored in a dataset. If a cybersecurity incident occurs (e.g., the dataset is stolen or leaked), the system may identify when the cybersecurity incident took place based on the spurious data that is stored in the dataset.

公开(公告)号：US20240275815A1

公开(公告)日：2024-08-15

申请号：US18109431

申请日：2023-02-14

Applicant: BANK OF AMERICA CORPORATION

Inventor： George Anthony Albero ,  Edward Lee Traywick ,  Maharaj Mukherjee ,  Benjamin Moores

IPC: H04L9/40 ,  G06N20/00

CPC classification number: H04L63/1491 ,  G06N20/00 ,  H04L63/102

Abstract: Systems, computer program products, and methods are described herein for activating a decoy resource based on duress triggers in an electronic network. The present invention is configured to receive a resource distribution request, wherein the resource distribution request comprises a resource account identifier; determine a verified unique identifier sequence associated with the resource account identifier; receive an unverified unique identifier sequence associated with the resource distribution request; compare the unverified unique identifier sequence with the verified unique identifier sequence; and determine, based on the comparison of the unverified unique identifier sequence with the verified unique identifier sequence, a duress trigger; and activate, in an instance where the duress trigger is positive, a decoy resource container, wherein the decoy resource container comprises at least one decoy resource.

公开(公告)号：US11997139B2

公开(公告)日：2024-05-28

申请号：US18183022

申请日：2023-03-13

Applicant: Sentinelone, Inc.

Inventor： Venu Vissamsetty ,  Anil Gupta ,  Harinath Vishwanath Ramchetty

IPC: H04L9/40 ,  G06F21/56 ,  H04L41/12 ,  H04L61/4505 ,  H04L61/5007 ,  H04L61/4523

CPC classification number: H04L63/1491 ,  G06F21/566 ,  H04L41/12 ,  H04L61/4505 ,  H04L61/5007 ,  H04L61/4523

Abstract: Endpoints in a network execute a sensor module that intercepts commands to obtain information regarding a remote network resource. The sensor module compares a source of commands to a sanctioned list of applications. If the source is not sanctioned, then a simulated response can be provided to the source that references a decoy server.

公开(公告)号：US11997115B1

公开(公告)日：2024-05-28

申请号：US17510380

申请日：2021-10-26

Applicant: Cofense Inc.

Inventor： Aaron Higbee ,  David Chamberlain ,  Vineetha Philip

IPC: H04L9/40 ,  G06F16/35 ,  G06F21/00 ,  G06F21/55 ,  H04L51/212 ,  H04L51/08

CPC classification number: H04L63/1416 ,  G06F16/35 ,  G06F21/00 ,  G06F21/554 ,  H04L51/212 ,  H04L63/1433 ,  H04L63/1483 ,  H04L63/1491 ,  H04L63/20 ,  H04L51/08

Abstract: Methods, network devices, and machine-readable media for an integrated environment and platform for automated processing of reports of suspicious messages, and further including automated threat simulation, reporting, detection, and remediation, including rapid quarantine and restore functions.

公开(公告)号：US20240155002A1

公开(公告)日：2024-05-09

申请号：US18499757

申请日：2023-11-01

Applicant: TOYOTA JIDOSHA KABUSHIKI KAISHA

Inventor： Kazuya OKADA

IPC: H04L9/40 ,  H04L67/12

CPC classification number: H04L63/1491 ,  H04L67/12

Abstract: A first controller of a first device monitors communication to a first vehicle connected to the network. Further, when it is detected that an attack on the first vehicle is being carried out from the attack source device, the first controller transmits a first command for activating a honeypot server simulating a vehicle system of the first vehicle to the second device and transmits a second command for transferring packets transmitted from the attacking device to the first vehicle to the second device to a communication device that relays communication to the first vehicle in the network. Further, a second controller of a second device processes packets transmitted from the attack source device to the first vehicle and transferred to the second device by the communication device.

公开(公告)号：US11916931B2

公开(公告)日：2024-02-27

申请号：US17606111

申请日：2019-04-24

Applicant: Telefonaktiebolaget LM Ericsson (publ)

Inventor： Konstantinos Vandikas ,  Leonid Mokrushin ,  Maxim Teslenko ,  Daniel Lindström ,  Marin Orlic

IPC: H04L9/40 ,  G06N3/04

CPC classification number: H04L63/1416 ,  G06N3/04 ,  H04L63/1425 ,  H04L63/1491

Abstract: A method of operating a protection node for protecting a pattern classification node from malicious requests may be provided. The protection node may receive, from a user node, a request containing an original pattern to be classified by a machine learning algorithm performed by the pattern classification node. The protection node may add noise to the original pattern to generate a noisy pattern. The protection node may obtain a first classification of the noisy pattern based on processing of the noisy pattern by a first clone of the machine learning algorithm at the protection node; obtain a second classification of the original pattern based forwarding the request for processing of the original pattern by the machine learning algorithm performed at the pattern classification node; and compare the first and second classifications to determine whether the first and second classifications satisfy a defined similarity rule. The protection node may use the comparison to manage the request from the user node.

公开(公告)号：US20240039954A1

公开(公告)日：2024-02-01

申请号：US18365371

申请日：2023-08-04

Applicant: Zscaler, Inc.

Inventor： Shriyash Shete ,  Chakkaravarthy Periyasamy Balaiah ,  Karthikeyan Thamilarasu ,  Deepen Desai ,  Rubin Azad ,  Jithin Prajeev Nair ,  Raj Krishna

IPC: H04L9/40

CPC classification number: H04L63/1491 ,  H04L63/1425 ,  H04L63/1416

Abstract: Systems and methods are provided for performing risk assessment activities and preparing attained risk data for display on one or more user interfaces. In one implementation, a method may include the step of detecting one or more cybersecurity risk factors associated with an organization to determine a risk posture of the organization. The method may further include the step of attaining one or more remediation recommendations for enabling a person associated with the organization to select one or more actions for mitigating the one or more cybersecurity risk factors and improving the risk posture of the organization. Then, the method is configured to communicate display information to a user device associated with the organization, the display information including at least the one or more cybersecurity risk factors and the one or more remediation recommendations to be exhibited on a Graphical User Interface (GUI) of the user device.

公开(公告)号：US20240031477A1

公开(公告)日：2024-01-25

申请号：US18212429

申请日：2023-06-21

Applicant: Capital One Services, LLC

Inventor： Jeffrey RULE ,  Kaitlin NEWMAN ,  Rajko ILINCIC

IPC: H04M3/24 ,  H04M3/22 ,  H04L51/02 ,  H04M3/54 ,  G10L15/30 ,  G10L15/18 ,  G06N20/00 ,  G06N5/04 ,  H04L9/40 ,  G10L15/22

CPC classification number: H04M3/247 ,  H04M3/2218 ,  H04M3/2281 ,  H04L51/02 ,  H04M3/54 ,  G10L15/30 ,  G10L15/1815 ,  G06N20/00 ,  G06N5/04 ,  H04L63/1491 ,  G10L15/22 ,  G10L2015/223 ,  H04M2242/16 ,  H04M2203/6027

Abstract: A server can receive a plurality of records at a databases such that each record is associated with a phone call and includes at least one request generated based on a transcript of the phone call. The server can generate a training dataset based on the plurality of records. The server can further train a binary classification model using the training dataset. Next, the server can receive a live transcript of a phone call in progress. The server can generate at least one live request based on the live transcript using a natural language processing module of the server. The server can provide the at least one live request to the binary classification model as input to generate a prediction. Lastly, the server can transmit the prediction to an entity receiving the phone call in progress. The prediction can cause a transfer of the call to a chatbot.