CN104303153A - 用于异常子图检测、异常/更改检测和网络态势感知的路径扫描 - Google Patents
用于异常子图检测、异常/更改检测和网络态势感知的路径扫描 Download PDFInfo
- Publication number
- CN104303153A CN104303153A CN201380026239.XA CN201380026239A CN104303153A CN 104303153 A CN104303153 A CN 104303153A CN 201380026239 A CN201380026239 A CN 201380026239A CN 104303153 A CN104303153 A CN 104303153A
- Authority
- CN
- China
- Prior art keywords
- network
- sideline
- data
- model
- computing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computing arrangements using knowledge-based models
- G06N5/02—Knowledge representation; Symbolic representation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computing arrangements using knowledge-based models
- G06N5/02—Knowledge representation; Symbolic representation
- G06N5/022—Knowledge engineering; Knowledge acquisition
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computing arrangements using knowledge-based models
- G06N5/04—Inference or reasoning models
- G06N5/045—Explanation of inference; Explainable artificial intelligence [XAI]; Interpretable artificial intelligence
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N7/00—Computing arrangements based on specific mathematical models
- G06N7/01—Probabilistic graphical models, e.g. probabilistic networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/0001—Systems modifying transmission characteristics according to link quality, e.g. power backoff
- H04L1/0015—Systems modifying transmission characteristics according to link quality, e.g. power backoff characterised by the adaptation strategy
- H04L1/0019—Systems modifying transmission characteristics according to link quality, e.g. power backoff characterised by the adaptation strategy in which mode-switching is based on a statistical approach
- H04L1/002—Algorithms with memory of the previous states, e.g. Markovian models
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/144—Detection or countermeasures against botnets
Abstract
Description
Claims (31)
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201261614148P | 2012-03-22 | 2012-03-22 | |
US61/614,148 | 2012-03-22 | ||
PCT/US2013/031402 WO2013184206A2 (en) | 2012-03-22 | 2013-03-14 | Path scanning for the detection of anomalous subgraphs and use of dns requests and host agents for anomaly/change detection and network situational awareness |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104303153A true CN104303153A (zh) | 2015-01-21 |
CN104303153B CN104303153B (zh) | 2017-06-13 |
Family
ID=49213611
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201380026043.0A Expired - Fee Related CN104303152B (zh) | 2012-03-22 | 2013-03-14 | 在内网检测异常以识别协同群组攻击的方法、装置和系统 |
CN201380026239.XA Expired - Fee Related CN104303153B (zh) | 2012-03-22 | 2013-03-14 | 用于异常子图检测、异常/更改检测和网络态势感知的路径扫描 |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201380026043.0A Expired - Fee Related CN104303152B (zh) | 2012-03-22 | 2013-03-14 | 在内网检测异常以识别协同群组攻击的方法、装置和系统 |
Country Status (7)
Country | Link |
---|---|
US (11) | US9038180B2 (zh) |
EP (3) | EP2828753B1 (zh) |
JP (3) | JP6139656B2 (zh) |
CN (2) | CN104303152B (zh) |
AU (8) | AU2013272211B2 (zh) |
CA (2) | CA2868076C (zh) |
WO (2) | WO2013184206A2 (zh) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105426764A (zh) * | 2015-11-16 | 2016-03-23 | 北京航空航天大学 | 一种基于子模优化的并行异常子图检测方法与系统 |
CN108140075A (zh) * | 2015-07-27 | 2018-06-08 | 皮沃塔尔软件公司 | 将用户行为分类为异常 |
CN108496328A (zh) * | 2015-12-21 | 2018-09-04 | 赛门铁克公司 | 恶意bgp劫持的精确实时识别 |
CN109643335A (zh) * | 2016-08-31 | 2019-04-16 | 3M创新有限公司 | 用于建模、分析、检测和监测流体网络的系统和方法 |
CN109753797A (zh) * | 2018-12-10 | 2019-05-14 | 中国科学院计算技术研究所 | 针对流式图的密集子图检测方法及系统 |
CN111526119A (zh) * | 2020-03-19 | 2020-08-11 | 北京三快在线科技有限公司 | 异常流量检测方法、装置、电子设备和计算机可读介质 |
CN112769595A (zh) * | 2020-12-22 | 2021-05-07 | 北京百度网讯科技有限公司 | 异常检测方法、装置、电子设备及可读存储介质 |
CN114884688A (zh) * | 2022-03-28 | 2022-08-09 | 天津大学 | 一种跨多属性网络的联邦异常检测方法 |
Families Citing this family (120)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2828753B1 (en) | 2012-03-22 | 2019-05-08 | Triad National Security, LLC | Anomaly detection to identify coordinated group attacks in computer networks |
US20140041032A1 (en) * | 2012-08-01 | 2014-02-06 | Opera Solutions, Llc | System and Method for Detecting Network Intrusions Using Statistical Models and a Generalized Likelihood Ratio Test |
US9483334B2 (en) * | 2013-01-28 | 2016-11-01 | Rackspace Us, Inc. | Methods and systems of predictive monitoring of objects in a distributed network system |
US9397902B2 (en) | 2013-01-28 | 2016-07-19 | Rackspace Us, Inc. | Methods and systems of tracking and verifying records of system change events in a distributed network system |
US9813307B2 (en) * | 2013-01-28 | 2017-11-07 | Rackspace Us, Inc. | Methods and systems of monitoring failures in a distributed network system |
US8996889B2 (en) * | 2013-03-29 | 2015-03-31 | Dropbox, Inc. | Portable computing device with methodologies for client-side analytic data collection |
EP2785008A1 (en) * | 2013-03-29 | 2014-10-01 | British Telecommunications public limited company | Method and apparatus for detecting a multi-stage event |
EP2785009A1 (en) * | 2013-03-29 | 2014-10-01 | British Telecommunications public limited company | Method and apparatus for detecting a multi-stage event |
US9443075B2 (en) * | 2013-06-27 | 2016-09-13 | The Mitre Corporation | Interception and policy application for malicious communications |
EP2975538B1 (en) * | 2014-01-31 | 2020-11-25 | Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. | Computer-implemented method and apparatus for determining relevance of a node in a network |
US11782995B2 (en) * | 2014-01-31 | 2023-10-10 | MAX-PLANCK-Gesellschaft zur Förderung der Wissenschaften e.V. | Computer-implemented method and apparatus for determining a relevance of a node in a network |
WO2016022705A1 (en) * | 2014-08-05 | 2016-02-11 | AttackIQ, Inc. | Cyber security posture validation platform |
US10666676B1 (en) * | 2014-08-18 | 2020-05-26 | Trend Micro Incorporated | Detection of targeted email attacks |
US10397261B2 (en) * | 2014-10-14 | 2019-08-27 | Nippon Telegraph And Telephone Corporation | Identifying device, identifying method and identifying program |
CN106170772B (zh) | 2014-10-21 | 2018-04-17 | 铁网网络安全股份有限公司 | 网络安全系统 |
US10686814B2 (en) | 2015-04-10 | 2020-06-16 | Hewlett Packard Enterprise Development Lp | Network anomaly detection |
US10015175B2 (en) * | 2015-04-16 | 2018-07-03 | Los Alamos National Security, Llc | Detecting anomalous behavior via user authentication graphs |
US10305917B2 (en) * | 2015-04-16 | 2019-05-28 | Nec Corporation | Graph-based intrusion detection using process traces |
US10476754B2 (en) * | 2015-04-16 | 2019-11-12 | Nec Corporation | Behavior-based community detection in enterprise information networks |
US10791131B2 (en) * | 2015-05-28 | 2020-09-29 | Hewlett Packard Enterprise Development Lp | Processing network data using a graph data structure |
US10462168B2 (en) | 2015-06-02 | 2019-10-29 | Nippon Telegraph And Telephone Corporation | Access classifying device, access classifying method, and access classifying program |
US9779222B2 (en) * | 2015-06-25 | 2017-10-03 | Extreme Networks, Inc. | Secure management of host connections |
US10425447B2 (en) * | 2015-08-28 | 2019-09-24 | International Business Machines Corporation | Incident response bus for data security incidents |
US10742647B2 (en) * | 2015-10-28 | 2020-08-11 | Qomplx, Inc. | Contextual and risk-based multi-factor authentication |
US20210226928A1 (en) * | 2015-10-28 | 2021-07-22 | Qomplx, Inc. | Risk analysis using port scanning for multi-factor authentication |
US11563741B2 (en) * | 2015-10-28 | 2023-01-24 | Qomplx, Inc. | Probe-based risk analysis for multi-factor authentication |
US11297109B2 (en) | 2015-10-28 | 2022-04-05 | Qomplx, Inc. | System and method for cybersecurity reconnaissance, analysis, and score generation using distributed systems |
US11968239B2 (en) | 2015-10-28 | 2024-04-23 | Qomplx Llc | System and method for detection and mitigation of data source compromises in adversarial information environments |
US20210281609A1 (en) * | 2015-10-28 | 2021-09-09 | Qomplx, Inc. | Rating organization cybersecurity using probe-based network reconnaissance techniques |
US11388198B2 (en) | 2015-10-28 | 2022-07-12 | Qomplx, Inc. | Collaborative database and reputation management in adversarial information environments |
US20220255926A1 (en) * | 2015-10-28 | 2022-08-11 | Qomplx, Inc. | Event-triggered reauthentication of at-risk and compromised systems and accounts |
US10560483B2 (en) * | 2015-10-28 | 2020-02-11 | Qomplx, Inc. | Rating organization cybersecurity using active and passive external reconnaissance |
US11070592B2 (en) | 2015-10-28 | 2021-07-20 | Qomplx, Inc. | System and method for self-adjusting cybersecurity analysis and score generation |
US10673887B2 (en) * | 2015-10-28 | 2020-06-02 | Qomplx, Inc. | System and method for cybersecurity analysis and score generation for insurance purposes |
US11468368B2 (en) * | 2015-10-28 | 2022-10-11 | Qomplx, Inc. | Parametric modeling and simulation of complex systems using large datasets and heterogeneous data structures |
NL2015680B1 (en) * | 2015-10-29 | 2017-05-31 | Opt/Net Consulting B V | Anomaly detection in a data stream. |
US10375095B1 (en) * | 2015-11-20 | 2019-08-06 | Triad National Security, Llc | Modeling behavior in a network using event logs |
US9985982B1 (en) * | 2015-12-21 | 2018-05-29 | Cisco Technology, Inc. | Method and apparatus for aggregating indicators of compromise for use in network security |
WO2017145591A1 (ja) * | 2016-02-26 | 2017-08-31 | 日本電信電話株式会社 | 分析装置、分析方法および分析プログラム |
CN105824754B (zh) * | 2016-03-17 | 2018-11-13 | 广州多益网络股份有限公司 | 客户端程序的Python异常捕获和上传的方法 |
US10333815B2 (en) * | 2016-03-17 | 2019-06-25 | Nec Corporation | Real-time detection of abnormal network connections in streaming data |
US10389741B2 (en) * | 2016-03-24 | 2019-08-20 | Cisco Technology, Inc. | Edge-based detection of new and unexpected flows |
US10218727B2 (en) | 2016-03-24 | 2019-02-26 | Cisco Technology, Inc. | Sanity check of potential learned anomalies |
US10389606B2 (en) * | 2016-03-25 | 2019-08-20 | Cisco Technology, Inc. | Merging of scored records into consistent aggregated anomaly messages |
US10893059B1 (en) | 2016-03-31 | 2021-01-12 | Fireeye, Inc. | Verification and enhancement using detection systems located at the network periphery and endpoint devices |
CN105871865A (zh) * | 2016-04-26 | 2016-08-17 | 浪潮集团有限公司 | 基于OpenFlow的IaaS云安全状态转移分析系统 |
US11212297B2 (en) | 2016-06-17 | 2021-12-28 | Nippon Telegraph And Telephone Corporation | Access classification device, access classification method, and recording medium |
CA3001040C (en) | 2016-07-14 | 2018-07-17 | IronNet Cybersecurity, Inc. | Simulation and virtual reality based cyber behavioral systems |
EP3291120B1 (en) | 2016-09-06 | 2021-04-21 | Accenture Global Solutions Limited | Graph database analysis for network anomaly detection systems |
US10476896B2 (en) * | 2016-09-13 | 2019-11-12 | Accenture Global Solutions Limited | Malicious threat detection through time series graph analysis |
US10129274B2 (en) * | 2016-09-22 | 2018-11-13 | Adobe Systems Incorporated | Identifying significant anomalous segments of a metrics dataset |
TWI648650B (zh) * | 2017-07-20 | 2019-01-21 | 中華電信股份有限公司 | 閘道裝置、其惡意網域與受駭主機的偵測方法及非暫態電腦可讀取媒體 |
CN107483438A (zh) * | 2017-08-15 | 2017-12-15 | 山东华诺网络科技有限公司 | 一种基于大数据的网络安全态势感知预警系统和方法 |
SG11202002802TA (en) * | 2017-09-26 | 2020-04-29 | Jpmorgan Chase Bank Na | Cyber security enhanced monitoring |
BR112020007076B1 (pt) * | 2017-11-08 | 2021-02-23 | Tetra Laval Holdings & Finance S.A | método para determinar um nível de risco microbiológico em um lote de alimentos, mídia legível por computador, e, sistema para determinar um nível de risco microbiológico em um lote de alimentos |
US11184369B2 (en) * | 2017-11-13 | 2021-11-23 | Vectra Networks, Inc. | Malicious relay and jump-system detection using behavioral indicators of actors |
US10567156B2 (en) | 2017-11-30 | 2020-02-18 | Bank Of America Corporation | Blockchain-based unexpected data detection |
CN108234492B (zh) * | 2018-01-02 | 2020-05-22 | 国网四川省电力公司信息通信公司 | 考虑负荷数据虚假注入的电力信息物理协同攻击分析方法 |
AT520746B1 (de) * | 2018-02-20 | 2019-07-15 | Ait Austrian Inst Tech Gmbh | Verfahren zur Erkennung von anormalen Betriebszuständen |
US11296960B2 (en) | 2018-03-08 | 2022-04-05 | Nicira, Inc. | Monitoring distributed applications |
DE102018206737A1 (de) * | 2018-05-02 | 2019-11-07 | Robert Bosch Gmbh | Verfahren und Vorrichtung zur Kalibrierung eines Systems zur Erkennung von Eindringversuchen in einem Rechnernetzwerk |
CN108990089B (zh) * | 2018-06-21 | 2022-02-22 | 中国铁道科学研究院集团有限公司通信信号研究所 | 移动通信网络多探测窗口联合检测分析方法 |
RU2697958C1 (ru) * | 2018-06-29 | 2019-08-21 | Акционерное общество "Лаборатория Касперского" | Система и способ обнаружения вредоносной активности на компьютерной системе |
AU2019319155A1 (en) * | 2018-08-07 | 2021-03-18 | Triad National Security, Llc | Modeling anomalousness of new subgraphs observed locally in a dynamic graph based on subgraph attributes |
US11122065B2 (en) | 2018-08-14 | 2021-09-14 | Vmware, Inc. | Adaptive anomaly detection for computer systems |
US10684909B1 (en) * | 2018-08-21 | 2020-06-16 | United States Of America As Represented By Secretary Of The Navy | Anomaly detection for preserving the availability of virtualized cloud services |
US11005868B2 (en) * | 2018-09-21 | 2021-05-11 | Mcafee, Llc | Methods, systems, and media for detecting anomalous network activity |
US11171975B2 (en) * | 2018-09-25 | 2021-11-09 | Cisco Technology, Inc. | Dynamic inspection of networking dependencies to enhance anomaly detection models in a network assurance service |
US11228603B1 (en) * | 2018-09-27 | 2022-01-18 | Juniper Networks, Inc. | Learning driven dynamic threat treatment for a software defined networking environment |
US10956566B2 (en) | 2018-10-12 | 2021-03-23 | International Business Machines Corporation | Multi-point causality tracking in cyber incident reasoning |
US11184374B2 (en) | 2018-10-12 | 2021-11-23 | International Business Machines Corporation | Endpoint inter-process activity extraction and pattern matching |
US11941054B2 (en) * | 2018-10-12 | 2024-03-26 | International Business Machines Corporation | Iterative constraint solving in abstract graph matching for cyber incident reasoning |
US11194910B2 (en) * | 2018-11-02 | 2021-12-07 | Microsoft Technology Licensing, Llc | Intelligent system for detecting multistage attacks |
CN109302418B (zh) * | 2018-11-15 | 2021-11-12 | 东信和平科技股份有限公司 | 一种基于深度学习的恶意域名检测方法及装置 |
US11960610B2 (en) | 2018-12-03 | 2024-04-16 | British Telecommunications Public Limited Company | Detecting vulnerability change in software systems |
EP3663951B1 (en) | 2018-12-03 | 2021-09-15 | British Telecommunications public limited company | Multi factor network anomaly detection |
EP3681124B8 (en) * | 2019-01-09 | 2022-02-16 | British Telecommunications public limited company | Anomalous network node behaviour identification using deterministic path walking |
US11095540B2 (en) * | 2019-01-23 | 2021-08-17 | Servicenow, Inc. | Hybrid anomaly detection for response-time-based events in a managed network |
CN109889515B (zh) * | 2019-02-13 | 2020-08-28 | 北京航空航天大学 | 一种基于非参数统计的僵尸网络发现方法 |
EP3948603B1 (en) * | 2019-03-27 | 2023-03-22 | British Telecommunications public limited company | Pre-emptive computer security |
EP3948604B1 (en) * | 2019-03-27 | 2023-03-22 | British Telecommunications public limited company | Computer security |
EP3948605B1 (en) | 2019-03-27 | 2023-02-15 | British Telecommunications public limited company | Adaptive computer security |
CN110149421B (zh) * | 2019-05-30 | 2021-11-26 | 世纪龙信息网络有限责任公司 | 域名系统的异常监测方法、系统、装置和计算机设备 |
US11719563B2 (en) | 2019-07-03 | 2023-08-08 | Red Hat, Inc. | Distributed anomaly detection using combinable measurement value summaries |
CN110247932A (zh) * | 2019-07-04 | 2019-09-17 | 北京润通丰华科技有限公司 | 一种实现dns服务防御的检测系统和方法 |
US11288256B2 (en) | 2019-07-23 | 2022-03-29 | Vmware, Inc. | Dynamically providing keys to host for flow aggregation |
US11188570B2 (en) | 2019-07-23 | 2021-11-30 | Vmware, Inc. | Using keys to aggregate flow attributes at host |
US11349876B2 (en) | 2019-07-23 | 2022-05-31 | Vmware, Inc. | Security policy recommendation generation |
US11176157B2 (en) | 2019-07-23 | 2021-11-16 | Vmware, Inc. | Using keys to aggregate flows at appliance |
US11140090B2 (en) | 2019-07-23 | 2021-10-05 | Vmware, Inc. | Analyzing flow group attributes using configuration tags |
US11398987B2 (en) | 2019-07-23 | 2022-07-26 | Vmware, Inc. | Host-based flow aggregation |
US11340931B2 (en) | 2019-07-23 | 2022-05-24 | Vmware, Inc. | Recommendation generation based on selection of selectable elements of visual representation |
US10911335B1 (en) * | 2019-07-23 | 2021-02-02 | Vmware, Inc. | Anomaly detection on groups of flows |
US11743135B2 (en) | 2019-07-23 | 2023-08-29 | Vmware, Inc. | Presenting data regarding grouped flows |
US11436075B2 (en) | 2019-07-23 | 2022-09-06 | Vmware, Inc. | Offloading anomaly detection from server to host |
CN110460658B (zh) * | 2019-08-05 | 2022-05-10 | 上海红阵信息科技有限公司 | 一种基于拟态构造的分布式存储构建方法 |
TWI717831B (zh) * | 2019-09-11 | 2021-02-01 | 財團法人資訊工業策進會 | 攻擊路徑偵測方法、攻擊路徑偵測系統及非暫態電腦可讀取媒體 |
CN110602101B (zh) * | 2019-09-16 | 2021-01-01 | 北京三快在线科技有限公司 | 网络异常群组的确定方法、装置、设备及存储介质 |
US11418526B2 (en) | 2019-12-20 | 2022-08-16 | Microsoft Technology Licensing, Llc | Detecting anomalous network activity |
US11425150B1 (en) | 2020-01-10 | 2022-08-23 | Bank Of America Corporation | Lateral movement visualization for intrusion detection and remediation |
US11321213B2 (en) | 2020-01-16 | 2022-05-03 | Vmware, Inc. | Correlation key used to correlate flow and con text data |
US11503054B2 (en) | 2020-03-05 | 2022-11-15 | Aetna Inc. | Systems and methods for identifying access anomalies using network graphs |
US11677775B2 (en) * | 2020-04-10 | 2023-06-13 | AttackIQ, Inc. | System and method for emulating a multi-stage attack on a node within a target network |
US20210336947A1 (en) * | 2020-04-27 | 2021-10-28 | Microsoft Technology Licensing, Llc | Rogue certificate detection |
CN113628124B (zh) * | 2020-05-08 | 2024-01-16 | 深圳清华大学研究院 | Isp与视觉任务联合优化方法、系统、介质和电子设备 |
US11831664B2 (en) | 2020-06-03 | 2023-11-28 | Netskope, Inc. | Systems and methods for anomaly detection |
US11556636B2 (en) | 2020-06-30 | 2023-01-17 | Microsoft Technology Licensing, Llc | Malicious enterprise behavior detection tool |
EP3945708A1 (de) * | 2020-07-29 | 2022-02-02 | Siemens Aktiengesellschaft | Dynamisches vorhalten von kontextabhängigen rechnergestützten funktionalitäten in mobilen, verteilten edge clouds |
US20220091572A1 (en) * | 2020-09-22 | 2022-03-24 | Rockwell Automation Technologies, Inc. | Integrating container orchestration systems with operational technology devices |
CN112187833B (zh) * | 2020-11-09 | 2021-12-17 | 浙江大学 | 一种拟态waf中的ai+正则双匹配检测方法 |
US20220167171A1 (en) * | 2020-11-20 | 2022-05-26 | At&T Intellectual Property I, L.P. | Security anomaly detection for internet of things devices |
US20220229903A1 (en) * | 2021-01-21 | 2022-07-21 | Intuit Inc. | Feature extraction and time series anomaly detection over dynamic graphs |
US11785032B2 (en) | 2021-01-22 | 2023-10-10 | Vmware, Inc. | Security threat detection based on network flow analysis |
US11765195B2 (en) | 2021-02-16 | 2023-09-19 | Icf International | Distributed network-level probabilistic attack graph generation |
JP2022168612A (ja) * | 2021-04-26 | 2022-11-08 | シャープ株式会社 | 機器管理システム、機器管理方法、及び機器管理プログラム |
US11831667B2 (en) | 2021-07-09 | 2023-11-28 | Vmware, Inc. | Identification of time-ordered sets of connections to identify threats to a datacenter |
CN113254674B (zh) * | 2021-07-12 | 2021-11-30 | 深圳市永达电子信息股份有限公司 | 一种网络安全设备知识推理方法、装置、系统及存储介质 |
US11949701B2 (en) | 2021-08-04 | 2024-04-02 | Microsoft Technology Licensing, Llc | Network access anomaly detection via graph embedding |
US11792151B2 (en) | 2021-10-21 | 2023-10-17 | Vmware, Inc. | Detection of threats based on responses to name resolution requests |
US20240012802A1 (en) * | 2022-07-08 | 2024-01-11 | Salesforce, Inc. | Mechanisms for serializing triples of a database store |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030101976A1 (en) * | 2001-12-05 | 2003-06-05 | Terry Whitfield | Convertible ball projecting apparatus having a replaceable fork assembly |
US6671811B1 (en) * | 1999-10-25 | 2003-12-30 | Visa Internation Service Association | Features generation for use in computer network intrusion detection |
US20060053136A1 (en) * | 2004-08-09 | 2006-03-09 | Amir Ashiri | Method and system for analyzing multidimensional data |
US20070209074A1 (en) * | 2006-03-04 | 2007-09-06 | Coffman Thayne R | Intelligent intrusion detection system utilizing enhanced graph-matching of network activity with context data |
US20070240207A1 (en) * | 2004-04-20 | 2007-10-11 | Ecole Polytechnique Federale De Lausanne (Epfl) | Method of Detecting Anomalous Behaviour in a Computer Network |
US20090024549A1 (en) * | 2005-12-21 | 2009-01-22 | Johnson Joseph E | Methods and Systems for Determining Entropy Metrics for Networks |
CN101547445A (zh) * | 2008-03-25 | 2009-09-30 | 上海摩波彼克半导体有限公司 | 移动通信网络中基于移动性进行入侵异常检测的系统和方法 |
US7627900B1 (en) * | 2005-03-10 | 2009-12-01 | George Mason Intellectual Properties, Inc. | Attack graph aggregation |
Family Cites Families (48)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7113988B2 (en) | 2000-06-29 | 2006-09-26 | International Business Machines Corporation | Proactive on-line diagnostics in a manageable network |
AU2002230541B2 (en) | 2000-11-30 | 2007-08-23 | Cisco Technology, Inc. | Flow-based detection of network intrusions |
US7168093B2 (en) * | 2001-01-25 | 2007-01-23 | Solutionary, Inc. | Method and apparatus for verifying the integrity and security of computer networks and implementation of counter measures |
US7228566B2 (en) | 2001-07-10 | 2007-06-05 | Core Sdi, Incorporated | Automated computer system security compromise |
US8205259B2 (en) * | 2002-03-29 | 2012-06-19 | Global Dataguard Inc. | Adaptive behavioral intrusion detection systems and methods |
US7603711B2 (en) | 2002-10-31 | 2009-10-13 | Secnap Networks Security, LLC | Intrusion detection system |
US20040122803A1 (en) | 2002-12-19 | 2004-06-24 | Dom Byron E. | Detect and qualify relationships between people and find the best path through the resulting social network |
US7483972B2 (en) * | 2003-01-08 | 2009-01-27 | Cisco Technology, Inc. | Network security monitoring system |
US8386377B1 (en) | 2003-05-12 | 2013-02-26 | Id Analytics, Inc. | System and method for credit scoring using an identity network connectivity |
JP3922375B2 (ja) * | 2004-01-30 | 2007-05-30 | インターナショナル・ビジネス・マシーンズ・コーポレーション | 異常検出システム及びその方法 |
US20050203881A1 (en) * | 2004-03-09 | 2005-09-15 | Akio Sakamoto | Database user behavior monitor system and method |
US7941856B2 (en) * | 2004-12-06 | 2011-05-10 | Wisconsin Alumni Research Foundation | Systems and methods for testing and evaluating an intrusion detection system |
EP1846837A4 (en) | 2004-12-31 | 2012-04-04 | Intel Corp | DATA SCREENING AND REDUCING CRITICAL SECTIONS IN THE LEARNING OF A BAYESIAN NETWORK STRUCTURE |
US8077718B2 (en) | 2005-08-12 | 2011-12-13 | Microsoft Corporation | Distributed network management |
US7530105B2 (en) * | 2006-03-21 | 2009-05-05 | 21St Century Technologies, Inc. | Tactical and strategic attack detection and prediction |
US7971252B2 (en) | 2006-06-09 | 2011-06-28 | Massachusetts Institute Of Technology | Generating a multiple-prerequisite attack graph |
US9438501B2 (en) | 2006-08-21 | 2016-09-06 | Lenovo Enterprise Solutions (Singapore) Pte. Ltd. | Multi-scale network traffic generator |
JP2008113409A (ja) | 2006-10-04 | 2008-05-15 | Alaxala Networks Corp | トラフィック制御システム及び管理サーバ |
EP2122908A2 (en) * | 2006-11-29 | 2009-11-25 | Wisconsin Alumni Research Foundation | Method and apparatus for network anomaly detection |
WO2008084729A1 (ja) | 2006-12-28 | 2008-07-17 | Nec Corporation | アプリケーション連鎖性ウイルス及びdns攻撃発信元検知装置、その方法及びそのプログラム |
EP2145281B1 (en) | 2007-04-12 | 2013-11-20 | Core Sdi, Incorporated | System, method and computer readable medium for providing network penetration testing |
WO2009003126A1 (en) | 2007-06-26 | 2008-12-31 | Core Sdi, Incorporated | System and method for simulating computer network attacks |
EP2056559B1 (en) | 2007-11-02 | 2017-05-17 | Deutsche Telekom AG | Method and system for network simulation |
US8844033B2 (en) * | 2008-05-27 | 2014-09-23 | The Trustees Of Columbia University In The City Of New York | Systems, methods, and media for detecting network anomalies using a trained probabilistic model |
US9246768B2 (en) | 2008-06-18 | 2016-01-26 | Camber Corporation | Systems and methods for a simulated network attack generator |
US8650630B2 (en) * | 2008-09-18 | 2014-02-11 | Alcatel Lucent | System and method for exposing malicious sources using mobile IP messages |
CN101655787A (zh) * | 2009-02-24 | 2010-02-24 | 天津大学 | 加入攻击路径形式化分析的威胁建模方法 |
US20110030059A1 (en) * | 2009-07-30 | 2011-02-03 | Greenwald Lloyd G | Method for testing the security posture of a system |
US8490193B2 (en) | 2009-09-08 | 2013-07-16 | Core Security Technologies | System and method for probabilistic attack planning |
US8397298B2 (en) | 2009-12-08 | 2013-03-12 | At&T Intellectual Property I, L.P. | Method and system for content distribution network security |
KR20110067264A (ko) | 2009-12-14 | 2011-06-22 | 성균관대학교산학협력단 | 네트워크 이상징후 탐지장치 및 방법 |
US8375255B2 (en) | 2009-12-23 | 2013-02-12 | At&T Intellectual Property I, Lp | Device and method for detecting and diagnosing correlated network anomalies |
CN101778112B (zh) * | 2010-01-29 | 2013-01-23 | 中国科学院软件研究所 | 一种网络攻击检测方法 |
JP5532241B2 (ja) * | 2010-07-15 | 2014-06-25 | 日本電信電話株式会社 | 高パケットレートフロー検出装置及び高パケットレートフロー検出方法 |
US8762298B1 (en) | 2011-01-05 | 2014-06-24 | Narus, Inc. | Machine learning based botnet detection using real-time connectivity graph based traffic features |
US8621618B1 (en) | 2011-02-07 | 2013-12-31 | Dell Products, Lp | System and method for assessing whether a communication contains an attack |
US8434150B2 (en) | 2011-03-24 | 2013-04-30 | Microsoft Corporation | Using social graphs to combat malicious attacks |
US8627473B2 (en) | 2011-06-08 | 2014-01-07 | At&T Intellectual Property I, L.P. | Peer-to-peer (P2P) botnet tracking at backbone level |
US8955133B2 (en) | 2011-06-09 | 2015-02-10 | Microsoft Corporation | Applying antimalware logic without revealing the antimalware logic to adversaries |
EP2737404A4 (en) | 2011-07-26 | 2015-04-29 | Light Cyber Ltd | METHOD FOR DETECTING AN ANALYSIS ACTION WITHIN A COMPUTER NETWORK |
US9792430B2 (en) * | 2011-11-03 | 2017-10-17 | Cyphort Inc. | Systems and methods for virtualized malware detection |
US9450973B2 (en) | 2011-11-21 | 2016-09-20 | At&T Intellectual Property I, L.P. | Method and apparatus for machine to machine network security monitoring in a communications network |
US8588764B1 (en) | 2012-01-26 | 2013-11-19 | Sprint Communications Company L.P. | Wireless network edge guardian |
EP2828753B1 (en) | 2012-03-22 | 2019-05-08 | Triad National Security, LLC | Anomaly detection to identify coordinated group attacks in computer networks |
US8863293B2 (en) | 2012-05-23 | 2014-10-14 | International Business Machines Corporation | Predicting attacks based on probabilistic game-theory |
US9710646B1 (en) | 2013-02-26 | 2017-07-18 | Palo Alto Networks, Inc. | Malware detection using clustering with malware source information |
US9185124B2 (en) | 2013-02-27 | 2015-11-10 | Sayan Chakraborty | Cyber defense systems and methods |
US9680855B2 (en) | 2014-06-30 | 2017-06-13 | Neo Prime, LLC | Probabilistic model for cyber risk forecasting |
-
2013
- 2013-03-14 EP EP13800730.7A patent/EP2828753B1/en active Active
- 2013-03-14 WO PCT/US2013/031402 patent/WO2013184206A2/en active Application Filing
- 2013-03-14 US US13/826,995 patent/US9038180B2/en active Active
- 2013-03-14 WO PCT/US2013/031463 patent/WO2013184211A2/en active Application Filing
- 2013-03-14 JP JP2015501780A patent/JP6139656B2/ja not_active Expired - Fee Related
- 2013-03-14 CA CA2868076A patent/CA2868076C/en not_active Expired - Fee Related
- 2013-03-14 AU AU2013272211A patent/AU2013272211B2/en not_active Ceased
- 2013-03-14 AU AU2013272215A patent/AU2013272215B2/en not_active Ceased
- 2013-03-14 JP JP2015501782A patent/JP6148323B2/ja not_active Expired - Fee Related
- 2013-03-14 US US14/382,992 patent/US9560065B2/en active Active
- 2013-03-14 EP EP19165350.0A patent/EP3522492A1/en not_active Withdrawn
- 2013-03-14 CN CN201380026043.0A patent/CN104303152B/zh not_active Expired - Fee Related
- 2013-03-14 EP EP13800081.5A patent/EP2828752B1/en active Active
- 2013-03-14 US US13/826,736 patent/US9374380B2/en active Active
- 2013-03-14 CN CN201380026239.XA patent/CN104303153B/zh not_active Expired - Fee Related
- 2013-03-14 CA CA2868054A patent/CA2868054C/en not_active Expired - Fee Related
-
2015
- 2015-01-30 US US14/609,836 patent/US9699206B2/en active Active
-
2016
- 2016-05-26 US US15/165,036 patent/US10122741B2/en active Active
- 2016-09-30 AU AU2016234999A patent/AU2016234999B2/en not_active Ceased
-
2017
- 2017-01-30 US US15/419,673 patent/US9825979B2/en active Active
- 2017-02-13 AU AU2017200969A patent/AU2017200969B2/en not_active Ceased
- 2017-04-27 JP JP2017088048A patent/JP6378395B2/ja not_active Expired - Fee Related
- 2017-06-29 US US15/637,475 patent/US10015183B1/en active Active
- 2017-10-30 AU AU2017254815A patent/AU2017254815B2/en not_active Ceased
- 2017-11-10 US US15/809,297 patent/US10243984B2/en active Active
-
2018
- 2018-05-15 AU AU2018203393A patent/AU2018203393B2/en not_active Ceased
- 2018-06-07 US US16/002,870 patent/US10728270B2/en active Active
- 2018-10-24 US US16/168,956 patent/US10530799B1/en not_active Expired - Fee Related
-
2019
- 2019-02-18 US US16/278,225 patent/US20190182281A1/en not_active Abandoned
- 2019-07-29 AU AU2019210493A patent/AU2019210493B2/en not_active Ceased
- 2019-08-15 AU AU2019216687A patent/AU2019216687B2/en not_active Ceased
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6671811B1 (en) * | 1999-10-25 | 2003-12-30 | Visa Internation Service Association | Features generation for use in computer network intrusion detection |
US20030101976A1 (en) * | 2001-12-05 | 2003-06-05 | Terry Whitfield | Convertible ball projecting apparatus having a replaceable fork assembly |
US20070240207A1 (en) * | 2004-04-20 | 2007-10-11 | Ecole Polytechnique Federale De Lausanne (Epfl) | Method of Detecting Anomalous Behaviour in a Computer Network |
US20060053136A1 (en) * | 2004-08-09 | 2006-03-09 | Amir Ashiri | Method and system for analyzing multidimensional data |
US7627900B1 (en) * | 2005-03-10 | 2009-12-01 | George Mason Intellectual Properties, Inc. | Attack graph aggregation |
US20090024549A1 (en) * | 2005-12-21 | 2009-01-22 | Johnson Joseph E | Methods and Systems for Determining Entropy Metrics for Networks |
US20070209074A1 (en) * | 2006-03-04 | 2007-09-06 | Coffman Thayne R | Intelligent intrusion detection system utilizing enhanced graph-matching of network activity with context data |
CN101547445A (zh) * | 2008-03-25 | 2009-09-30 | 上海摩波彼克半导体有限公司 | 移动通信网络中基于移动性进行入侵异常检测的系统和方法 |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108140075A (zh) * | 2015-07-27 | 2018-06-08 | 皮沃塔尔软件公司 | 将用户行为分类为异常 |
CN105426764A (zh) * | 2015-11-16 | 2016-03-23 | 北京航空航天大学 | 一种基于子模优化的并行异常子图检测方法与系统 |
CN108496328A (zh) * | 2015-12-21 | 2018-09-04 | 赛门铁克公司 | 恶意bgp劫持的精确实时识别 |
CN109643335A (zh) * | 2016-08-31 | 2019-04-16 | 3M创新有限公司 | 用于建模、分析、检测和监测流体网络的系统和方法 |
CN109643335B (zh) * | 2016-08-31 | 2023-07-25 | 3M创新有限公司 | 用于建模、分析、检测和监测流体网络的系统和方法 |
CN109753797B (zh) * | 2018-12-10 | 2020-11-03 | 中国科学院计算技术研究所 | 针对流式图的密集子图检测方法及系统 |
CN109753797A (zh) * | 2018-12-10 | 2019-05-14 | 中国科学院计算技术研究所 | 针对流式图的密集子图检测方法及系统 |
CN111526119A (zh) * | 2020-03-19 | 2020-08-11 | 北京三快在线科技有限公司 | 异常流量检测方法、装置、电子设备和计算机可读介质 |
CN111526119B (zh) * | 2020-03-19 | 2022-06-14 | 北京三快在线科技有限公司 | 异常流量检测方法、装置、电子设备和计算机可读介质 |
CN112769595A (zh) * | 2020-12-22 | 2021-05-07 | 北京百度网讯科技有限公司 | 异常检测方法、装置、电子设备及可读存储介质 |
CN112769595B (zh) * | 2020-12-22 | 2023-05-09 | 阿波罗智联(北京)科技有限公司 | 异常检测方法、装置、电子设备及可读存储介质 |
CN114884688A (zh) * | 2022-03-28 | 2022-08-09 | 天津大学 | 一种跨多属性网络的联邦异常检测方法 |
CN114884688B (zh) * | 2022-03-28 | 2023-07-04 | 天津大学 | 一种跨多属性网络的联邦异常检测方法 |
Also Published As
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104303153A (zh) | 用于异常子图检测、异常/更改检测和网络态势感知的路径扫描 | |
US20220124108A1 (en) | System and method for monitoring security attack chains | |
Ahuja et al. | Automated DDOS attack detection in software defined networking | |
Bangui et al. | A hybrid machine learning model for intrusion detection in VANET | |
US10091218B2 (en) | System and method to detect attacks on mobile wireless networks based on network controllability analysis | |
EP2924579B1 (en) | Event correlation | |
Shukla et al. | Artificial intelligence assisted IoT data intrusion detection | |
US10187401B2 (en) | Hierarchical feature extraction for malware classification in network traffic | |
Estevez-Tapiador et al. | Anomaly detection methods in wired networks: a survey and taxonomy | |
US20170353480A1 (en) | Network security apparatus and method of detecting malicious behavior in computer networks via cost-sensitive and connectivity constrained classification | |
CN104601553A (zh) | 一种结合异常监测的物联网篡改入侵检测方法 | |
CN112288566A (zh) | 基于深度神经网络的跨链交易异常检测和预警方法及系统 | |
US20200186550A1 (en) | Method and a system for detecting an intrusion on a network | |
Ksibi et al. | IoMT Security Model based on Machine Learning and Risk Assessment Techniques | |
Berguig et al. | DoS detection based on mobile agent and naïve bayes filter | |
Shirafkan et al. | An Intrusion Detection System using Deep Cellular Learning Automata and Semantic Hierarchy for Enhancing RPL Protocol Security | |
Chowdhury et al. | Information Fusion-based Cybersecurity Threat Detection for Intelligent Transportation System | |
Tiamiyu | INVESTIGATING TRUSTED ROUTING MECHANISM ON A FULL-MESHED TELECOMMUNICATION NETWORK MODEL | |
Hormann et al. | Analysis of Security Events in Industrial Networks Using Self-Organizing Maps by the Example of Log4j. | |
Benila et al. | An Evaluation and Implementation of the Effectiveness of Cloud Security as a Service in IoT Security | |
Le et al. | Graphical inference for multiple intrusion detection | |
Javed | Design and Development of Intelligent Security Management Systems: Threat Detection and Response in Cyber-Based Infrastructures | |
Sultan | Multiple simultaneous threat detection in unix environment | |
Wee et al. | Reasoning with cause and effect in intrusion detection | |
ANANTHI et al. | A FUZZY NEURAL NETWORK AND MULTIPLE KERNEL FUZZY C-MEANS ALGORITHM FOR SECURED INTRUSION DETECTION SYSTEM. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB03 | Change of inventor or designer information |
Inventor after: NEIL JOSHUA CHARLES Inventor after: FISK MICHAEL EDWARD Inventor after: BRUGH ALEXANDER WILLIAM Inventor after: HASH CURTIS LEE JR. Inventor after: STORLIE CURTIS BYRON Inventor after: Benjamin Uphoff Inventor after: KENT ALEXANDER Inventor before: NEIL JOSHUA CHARLES Inventor before: FISK MICHAEL EDWARD Inventor before: BRUGH ALEXANDER WILLIAM Inventor before: HASH CURTIS LEE JR. Inventor before: STORLIE CURTIS BYRON Inventor before: UPOFF BENJAMIN Inventor before: KENT ALEXANDER |
|
COR | Change of bibliographic data | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20181126 Address after: The American state of New Mexico Patentee after: National Security Co.,Ltd. Address before: The American state of New Mexico Patentee before: LOS ALAMOS NATIONAL SECURITY, LLC |
|
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170613 |