CN104303153B - 用于异常子图检测、异常/更改检测和网络态势感知的路径扫描 - Google Patents
用于异常子图检测、异常/更改检测和网络态势感知的路径扫描 Download PDFInfo
- Publication number
- CN104303153B CN104303153B CN201380026239.XA CN201380026239A CN104303153B CN 104303153 B CN104303153 B CN 104303153B CN 201380026239 A CN201380026239 A CN 201380026239A CN 104303153 B CN104303153 B CN 104303153B
- Authority
- CN
- China
- Prior art keywords
- network
- sideline
- data
- model
- computing system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computing arrangements using knowledge-based models
- G06N5/02—Knowledge representation; Symbolic representation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computing arrangements using knowledge-based models
- G06N5/02—Knowledge representation; Symbolic representation
- G06N5/022—Knowledge engineering; Knowledge acquisition
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computing arrangements using knowledge-based models
- G06N5/04—Inference or reasoning models
- G06N5/045—Explanation of inference; Explainable artificial intelligence [XAI]; Interpretable artificial intelligence
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N7/00—Computing arrangements based on specific mathematical models
- G06N7/01—Probabilistic graphical models, e.g. probabilistic networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/0001—Systems modifying transmission characteristics according to link quality, e.g. power backoff
- H04L1/0015—Systems modifying transmission characteristics according to link quality, e.g. power backoff characterised by the adaptation strategy
- H04L1/0019—Systems modifying transmission characteristics according to link quality, e.g. power backoff characterised by the adaptation strategy in which mode-switching is based on a statistical approach
- H04L1/002—Algorithms with memory of the previous states, e.g. Markovian models
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/144—Detection or countermeasures against botnets
Abstract
Description
Claims (31)
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201261614148P | 2012-03-22 | 2012-03-22 | |
US61/614,148 | 2012-03-22 | ||
PCT/US2013/031402 WO2013184206A2 (en) | 2012-03-22 | 2013-03-14 | Path scanning for the detection of anomalous subgraphs and use of dns requests and host agents for anomaly/change detection and network situational awareness |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104303153A CN104303153A (zh) | 2015-01-21 |
CN104303153B true CN104303153B (zh) | 2017-06-13 |
Family
ID=49213611
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201380026043.0A Expired - Fee Related CN104303152B (zh) | 2012-03-22 | 2013-03-14 | 在内网检测异常以识别协同群组攻击的方法、装置和系统 |
CN201380026239.XA Expired - Fee Related CN104303153B (zh) | 2012-03-22 | 2013-03-14 | 用于异常子图检测、异常/更改检测和网络态势感知的路径扫描 |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201380026043.0A Expired - Fee Related CN104303152B (zh) | 2012-03-22 | 2013-03-14 | 在内网检测异常以识别协同群组攻击的方法、装置和系统 |
Country Status (7)
Country | Link |
---|---|
US (11) | US9560065B2 (zh) |
EP (3) | EP2828752B1 (zh) |
JP (3) | JP6139656B2 (zh) |
CN (2) | CN104303152B (zh) |
AU (8) | AU2013272215B2 (zh) |
CA (2) | CA2868054C (zh) |
WO (2) | WO2013184206A2 (zh) |
Families Citing this family (131)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
AU2013272215B2 (en) | 2012-03-22 | 2017-10-12 | Imperial Innovations Limited | Anomaly detection to identify coordinated group attacks in computer networks |
US20140041032A1 (en) * | 2012-08-01 | 2014-02-06 | Opera Solutions, Llc | System and Method for Detecting Network Intrusions Using Statistical Models and a Generalized Likelihood Ratio Test |
US9813307B2 (en) * | 2013-01-28 | 2017-11-07 | Rackspace Us, Inc. | Methods and systems of monitoring failures in a distributed network system |
US9483334B2 (en) * | 2013-01-28 | 2016-11-01 | Rackspace Us, Inc. | Methods and systems of predictive monitoring of objects in a distributed network system |
US9397902B2 (en) | 2013-01-28 | 2016-07-19 | Rackspace Us, Inc. | Methods and systems of tracking and verifying records of system change events in a distributed network system |
EP2785008A1 (en) * | 2013-03-29 | 2014-10-01 | British Telecommunications public limited company | Method and apparatus for detecting a multi-stage event |
EP2785009A1 (en) * | 2013-03-29 | 2014-10-01 | British Telecommunications public limited company | Method and apparatus for detecting a multi-stage event |
US8996889B2 (en) * | 2013-03-29 | 2015-03-31 | Dropbox, Inc. | Portable computing device with methodologies for client-side analytic data collection |
US9443075B2 (en) * | 2013-06-27 | 2016-09-13 | The Mitre Corporation | Interception and policy application for malicious communications |
EP2975538B1 (en) * | 2014-01-31 | 2020-11-25 | Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. | Computer-implemented method and apparatus for determining relevance of a node in a network |
US11782995B2 (en) * | 2014-01-31 | 2023-10-10 | MAX-PLANCK-Gesellschaft zur Förderung der Wissenschaften e.V. | Computer-implemented method and apparatus for determining a relevance of a node in a network |
WO2016022705A1 (en) * | 2014-08-05 | 2016-02-11 | AttackIQ, Inc. | Cyber security posture validation platform |
US10666676B1 (en) * | 2014-08-18 | 2020-05-26 | Trend Micro Incorporated | Detection of targeted email attacks |
EP3200115B1 (en) * | 2014-10-14 | 2019-01-09 | Nippon Telegraph and Telephone Corporation | Specification device, specification method, and specification program |
PL3095034T3 (pl) | 2014-10-21 | 2019-11-29 | Ironnet Cybersecurity Inc | Układ zabezpieczeń cybernetycznych |
WO2016164050A1 (en) * | 2015-04-10 | 2016-10-13 | Hewlett Packard Enterprise Development Lp | Network anomaly detection |
US10305917B2 (en) * | 2015-04-16 | 2019-05-28 | Nec Corporation | Graph-based intrusion detection using process traces |
US10476754B2 (en) * | 2015-04-16 | 2019-11-12 | Nec Corporation | Behavior-based community detection in enterprise information networks |
US10015175B2 (en) * | 2015-04-16 | 2018-07-03 | Los Alamos National Security, Llc | Detecting anomalous behavior via user authentication graphs |
WO2016190868A1 (en) * | 2015-05-28 | 2016-12-01 | Hewlett Packard Enterprise Development Lp | Processing network data using a graph data structure |
EP3287909B1 (en) * | 2015-06-02 | 2019-07-03 | Nippon Telegraph and Telephone Corporation | Access classification device, access classification method, and access classification program |
US9779222B2 (en) * | 2015-06-25 | 2017-10-03 | Extreme Networks, Inc. | Secure management of host connections |
US10430721B2 (en) * | 2015-07-27 | 2019-10-01 | Pivotal Software, Inc. | Classifying user behavior as anomalous |
US10425447B2 (en) * | 2015-08-28 | 2019-09-24 | International Business Machines Corporation | Incident response bus for data security incidents |
US20220255926A1 (en) * | 2015-10-28 | 2022-08-11 | Qomplx, Inc. | Event-triggered reauthentication of at-risk and compromised systems and accounts |
US10673887B2 (en) * | 2015-10-28 | 2020-06-02 | Qomplx, Inc. | System and method for cybersecurity analysis and score generation for insurance purposes |
US20210281609A1 (en) * | 2015-10-28 | 2021-09-09 | Qomplx, Inc. | Rating organization cybersecurity using probe-based network reconnaissance techniques |
US20210226928A1 (en) * | 2015-10-28 | 2021-07-22 | Qomplx, Inc. | Risk analysis using port scanning for multi-factor authentication |
US11070592B2 (en) | 2015-10-28 | 2021-07-20 | Qomplx, Inc. | System and method for self-adjusting cybersecurity analysis and score generation |
US11297109B2 (en) | 2015-10-28 | 2022-04-05 | Qomplx, Inc. | System and method for cybersecurity reconnaissance, analysis, and score generation using distributed systems |
US10560483B2 (en) * | 2015-10-28 | 2020-02-11 | Qomplx, Inc. | Rating organization cybersecurity using active and passive external reconnaissance |
US11563741B2 (en) * | 2015-10-28 | 2023-01-24 | Qomplx, Inc. | Probe-based risk analysis for multi-factor authentication |
US11388198B2 (en) | 2015-10-28 | 2022-07-12 | Qomplx, Inc. | Collaborative database and reputation management in adversarial information environments |
US11468368B2 (en) * | 2015-10-28 | 2022-10-11 | Qomplx, Inc. | Parametric modeling and simulation of complex systems using large datasets and heterogeneous data structures |
US10742647B2 (en) * | 2015-10-28 | 2020-08-11 | Qomplx, Inc. | Contextual and risk-based multi-factor authentication |
US11968239B2 (en) | 2015-10-28 | 2024-04-23 | Qomplx Llc | System and method for detection and mitigation of data source compromises in adversarial information environments |
NL2015680B1 (en) * | 2015-10-29 | 2017-05-31 | Opt/Net Consulting B V | Anomaly detection in a data stream. |
CN105426764A (zh) * | 2015-11-16 | 2016-03-23 | 北京航空航天大学 | 一种基于子模优化的并行异常子图检测方法与系统 |
US10375095B1 (en) * | 2015-11-20 | 2019-08-06 | Triad National Security, Llc | Modeling behavior in a network using event logs |
US9985982B1 (en) * | 2015-12-21 | 2018-05-29 | Cisco Technology, Inc. | Method and apparatus for aggregating indicators of compromise for use in network security |
US10148690B2 (en) * | 2015-12-21 | 2018-12-04 | Symantec Corporation | Accurate real-time identification of malicious BGP hijacks |
US11868853B2 (en) * | 2016-02-26 | 2024-01-09 | Nippon Telegraph And Telephone Corporation | Analysis device, analysis method, and analysis program |
CN105824754B (zh) * | 2016-03-17 | 2018-11-13 | 广州多益网络股份有限公司 | 客户端程序的Python异常捕获和上传的方法 |
US10333815B2 (en) * | 2016-03-17 | 2019-06-25 | Nec Corporation | Real-time detection of abnormal network connections in streaming data |
US10389741B2 (en) * | 2016-03-24 | 2019-08-20 | Cisco Technology, Inc. | Edge-based detection of new and unexpected flows |
US10218727B2 (en) | 2016-03-24 | 2019-02-26 | Cisco Technology, Inc. | Sanity check of potential learned anomalies |
US10389606B2 (en) * | 2016-03-25 | 2019-08-20 | Cisco Technology, Inc. | Merging of scored records into consistent aggregated anomaly messages |
US10826933B1 (en) * | 2016-03-31 | 2020-11-03 | Fireeye, Inc. | Technique for verifying exploit/malware at malware detection appliance through correlation with endpoints |
US10893059B1 (en) | 2016-03-31 | 2021-01-12 | Fireeye, Inc. | Verification and enhancement using detection systems located at the network periphery and endpoint devices |
CN105871865A (zh) * | 2016-04-26 | 2016-08-17 | 浪潮集团有限公司 | 基于OpenFlow的IaaS云安全状态转移分析系统 |
US11212297B2 (en) | 2016-06-17 | 2021-12-28 | Nippon Telegraph And Telephone Corporation | Access classification device, access classification method, and recording medium |
ES2728337T3 (es) | 2016-07-14 | 2019-10-23 | Ironnet Cybersecurity Inc | Simulación y realidad virtual basada en sistemas de comportamiento cibernético |
EP3507725A4 (en) * | 2016-08-31 | 2020-05-06 | 3M Innovative Properties Company | SYSTEMS AND METHODS FOR MODELING, ANALYZING, DETECTING AND MONITORING FLUID NETWORKS |
EP3291120B1 (en) | 2016-09-06 | 2021-04-21 | Accenture Global Solutions Limited | Graph database analysis for network anomaly detection systems |
US10476896B2 (en) * | 2016-09-13 | 2019-11-12 | Accenture Global Solutions Limited | Malicious threat detection through time series graph analysis |
US10129274B2 (en) * | 2016-09-22 | 2018-11-13 | Adobe Systems Incorporated | Identifying significant anomalous segments of a metrics dataset |
TWI648650B (zh) * | 2017-07-20 | 2019-01-21 | 中華電信股份有限公司 | 閘道裝置、其惡意網域與受駭主機的偵測方法及非暫態電腦可讀取媒體 |
CN107483438A (zh) * | 2017-08-15 | 2017-12-15 | 山东华诺网络科技有限公司 | 一种基于大数据的网络安全态势感知预警系统和方法 |
US11122066B2 (en) * | 2017-09-26 | 2021-09-14 | Jpmorgan Chase Bank, N.A. | Cyber security enhanced monitoring |
BR112020007076B1 (pt) * | 2017-11-08 | 2021-02-23 | Tetra Laval Holdings & Finance S.A | método para determinar um nível de risco microbiológico em um lote de alimentos, mídia legível por computador, e, sistema para determinar um nível de risco microbiológico em um lote de alimentos |
US11184369B2 (en) * | 2017-11-13 | 2021-11-23 | Vectra Networks, Inc. | Malicious relay and jump-system detection using behavioral indicators of actors |
US10567156B2 (en) | 2017-11-30 | 2020-02-18 | Bank Of America Corporation | Blockchain-based unexpected data detection |
CN108234492B (zh) * | 2018-01-02 | 2020-05-22 | 国网四川省电力公司信息通信公司 | 考虑负荷数据虚假注入的电力信息物理协同攻击分析方法 |
AT520746B1 (de) * | 2018-02-20 | 2019-07-15 | Ait Austrian Inst Tech Gmbh | Verfahren zur Erkennung von anormalen Betriebszuständen |
US11296960B2 (en) | 2018-03-08 | 2022-04-05 | Nicira, Inc. | Monitoring distributed applications |
DE102018206737A1 (de) * | 2018-05-02 | 2019-11-07 | Robert Bosch Gmbh | Verfahren und Vorrichtung zur Kalibrierung eines Systems zur Erkennung von Eindringversuchen in einem Rechnernetzwerk |
CN108990089B (zh) * | 2018-06-21 | 2022-02-22 | 中国铁道科学研究院集团有限公司通信信号研究所 | 移动通信网络多探测窗口联合检测分析方法 |
RU2697958C1 (ru) * | 2018-06-29 | 2019-08-21 | Акционерное общество "Лаборатория Касперского" | Система и способ обнаружения вредоносной активности на компьютерной системе |
AU2019319155A1 (en) * | 2018-08-07 | 2021-03-18 | Triad National Security, Llc | Modeling anomalousness of new subgraphs observed locally in a dynamic graph based on subgraph attributes |
US11122065B2 (en) | 2018-08-14 | 2021-09-14 | Vmware, Inc. | Adaptive anomaly detection for computer systems |
US10684909B1 (en) * | 2018-08-21 | 2020-06-16 | United States Of America As Represented By Secretary Of The Navy | Anomaly detection for preserving the availability of virtualized cloud services |
US11005868B2 (en) * | 2018-09-21 | 2021-05-11 | Mcafee, Llc | Methods, systems, and media for detecting anomalous network activity |
US11171975B2 (en) * | 2018-09-25 | 2021-11-09 | Cisco Technology, Inc. | Dynamic inspection of networking dependencies to enhance anomaly detection models in a network assurance service |
US11228603B1 (en) * | 2018-09-27 | 2022-01-18 | Juniper Networks, Inc. | Learning driven dynamic threat treatment for a software defined networking environment |
US11941054B2 (en) * | 2018-10-12 | 2024-03-26 | International Business Machines Corporation | Iterative constraint solving in abstract graph matching for cyber incident reasoning |
US11184374B2 (en) | 2018-10-12 | 2021-11-23 | International Business Machines Corporation | Endpoint inter-process activity extraction and pattern matching |
US10956566B2 (en) | 2018-10-12 | 2021-03-23 | International Business Machines Corporation | Multi-point causality tracking in cyber incident reasoning |
US11194910B2 (en) * | 2018-11-02 | 2021-12-07 | Microsoft Technology Licensing, Llc | Intelligent system for detecting multistage attacks |
CN109302418B (zh) * | 2018-11-15 | 2021-11-12 | 东信和平科技股份有限公司 | 一种基于深度学习的恶意域名检测方法及装置 |
EP3663951B1 (en) | 2018-12-03 | 2021-09-15 | British Telecommunications public limited company | Multi factor network anomaly detection |
WO2020114922A1 (en) | 2018-12-03 | 2020-06-11 | British Telecommunications Public Limited Company | Detecting anomalies in computer networks |
EP3891637A1 (en) | 2018-12-03 | 2021-10-13 | British Telecommunications public limited company | Detecting vulnerability change in software systems |
CN109753797B (zh) * | 2018-12-10 | 2020-11-03 | 中国科学院计算技术研究所 | 针对流式图的密集子图检测方法及系统 |
EP3681124B8 (en) * | 2019-01-09 | 2022-02-16 | British Telecommunications public limited company | Anomalous network node behaviour identification using deterministic path walking |
US11095540B2 (en) * | 2019-01-23 | 2021-08-17 | Servicenow, Inc. | Hybrid anomaly detection for response-time-based events in a managed network |
CN109889515B (zh) * | 2019-02-13 | 2020-08-28 | 北京航空航天大学 | 一种基于非参数统计的僵尸网络发现方法 |
US11436320B2 (en) | 2019-03-27 | 2022-09-06 | British Telecommunications Public Limited Company | Adaptive computer security |
US11449604B2 (en) * | 2019-03-27 | 2022-09-20 | British Telecommunications Public Limited Company | Computer security |
US11477225B2 (en) * | 2019-03-27 | 2022-10-18 | British Telecommunications Public Limited Company | Pre-emptive computer security |
CN110149421B (zh) * | 2019-05-30 | 2021-11-26 | 世纪龙信息网络有限责任公司 | 域名系统的异常监测方法、系统、装置和计算机设备 |
US11719563B2 (en) | 2019-07-03 | 2023-08-08 | Red Hat, Inc. | Distributed anomaly detection using combinable measurement value summaries |
CN110247932A (zh) * | 2019-07-04 | 2019-09-17 | 北京润通丰华科技有限公司 | 一种实现dns服务防御的检测系统和方法 |
US11188570B2 (en) | 2019-07-23 | 2021-11-30 | Vmware, Inc. | Using keys to aggregate flow attributes at host |
US11140090B2 (en) | 2019-07-23 | 2021-10-05 | Vmware, Inc. | Analyzing flow group attributes using configuration tags |
US11743135B2 (en) | 2019-07-23 | 2023-08-29 | Vmware, Inc. | Presenting data regarding grouped flows |
US11436075B2 (en) | 2019-07-23 | 2022-09-06 | Vmware, Inc. | Offloading anomaly detection from server to host |
US10911335B1 (en) * | 2019-07-23 | 2021-02-02 | Vmware, Inc. | Anomaly detection on groups of flows |
US11398987B2 (en) | 2019-07-23 | 2022-07-26 | Vmware, Inc. | Host-based flow aggregation |
US11288256B2 (en) | 2019-07-23 | 2022-03-29 | Vmware, Inc. | Dynamically providing keys to host for flow aggregation |
US11349876B2 (en) | 2019-07-23 | 2022-05-31 | Vmware, Inc. | Security policy recommendation generation |
US11340931B2 (en) | 2019-07-23 | 2022-05-24 | Vmware, Inc. | Recommendation generation based on selection of selectable elements of visual representation |
US11176157B2 (en) | 2019-07-23 | 2021-11-16 | Vmware, Inc. | Using keys to aggregate flows at appliance |
CN110460658B (zh) * | 2019-08-05 | 2022-05-10 | 上海红阵信息科技有限公司 | 一种基于拟态构造的分布式存储构建方法 |
TWI717831B (zh) * | 2019-09-11 | 2021-02-01 | 財團法人資訊工業策進會 | 攻擊路徑偵測方法、攻擊路徑偵測系統及非暫態電腦可讀取媒體 |
CN110602101B (zh) * | 2019-09-16 | 2021-01-01 | 北京三快在线科技有限公司 | 网络异常群组的确定方法、装置、设备及存储介质 |
US11418526B2 (en) | 2019-12-20 | 2022-08-16 | Microsoft Technology Licensing, Llc | Detecting anomalous network activity |
US11425150B1 (en) | 2020-01-10 | 2022-08-23 | Bank Of America Corporation | Lateral movement visualization for intrusion detection and remediation |
US11321213B2 (en) | 2020-01-16 | 2022-05-03 | Vmware, Inc. | Correlation key used to correlate flow and con text data |
US11503054B2 (en) * | 2020-03-05 | 2022-11-15 | Aetna Inc. | Systems and methods for identifying access anomalies using network graphs |
CN111526119B (zh) * | 2020-03-19 | 2022-06-14 | 北京三快在线科技有限公司 | 异常流量检测方法、装置、电子设备和计算机可读介质 |
US11677775B2 (en) * | 2020-04-10 | 2023-06-13 | AttackIQ, Inc. | System and method for emulating a multi-stage attack on a node within a target network |
US20210336947A1 (en) * | 2020-04-27 | 2021-10-28 | Microsoft Technology Licensing, Llc | Rogue certificate detection |
CN113628124B (zh) * | 2020-05-08 | 2024-01-16 | 深圳清华大学研究院 | Isp与视觉任务联合优化方法、系统、介质和电子设备 |
US11831664B2 (en) | 2020-06-03 | 2023-11-28 | Netskope, Inc. | Systems and methods for anomaly detection |
US11556636B2 (en) | 2020-06-30 | 2023-01-17 | Microsoft Technology Licensing, Llc | Malicious enterprise behavior detection tool |
EP3945708A1 (de) * | 2020-07-29 | 2022-02-02 | Siemens Aktiengesellschaft | Dynamisches vorhalten von kontextabhängigen rechnergestützten funktionalitäten in mobilen, verteilten edge clouds |
US20220091572A1 (en) * | 2020-09-22 | 2022-03-24 | Rockwell Automation Technologies, Inc. | Integrating container orchestration systems with operational technology devices |
CN112187833B (zh) * | 2020-11-09 | 2021-12-17 | 浙江大学 | 一种拟态waf中的ai+正则双匹配检测方法 |
US20220167171A1 (en) * | 2020-11-20 | 2022-05-26 | At&T Intellectual Property I, L.P. | Security anomaly detection for internet of things devices |
CN112769595B (zh) * | 2020-12-22 | 2023-05-09 | 阿波罗智联(北京)科技有限公司 | 异常检测方法、装置、电子设备及可读存储介质 |
US20220229903A1 (en) * | 2021-01-21 | 2022-07-21 | Intuit Inc. | Feature extraction and time series anomaly detection over dynamic graphs |
US11785032B2 (en) | 2021-01-22 | 2023-10-10 | Vmware, Inc. | Security threat detection based on network flow analysis |
US11765195B2 (en) | 2021-02-16 | 2023-09-19 | Icf International | Distributed network-level probabilistic attack graph generation |
JP2022168612A (ja) * | 2021-04-26 | 2022-11-08 | シャープ株式会社 | 機器管理システム、機器管理方法、及び機器管理プログラム |
US11831667B2 (en) | 2021-07-09 | 2023-11-28 | Vmware, Inc. | Identification of time-ordered sets of connections to identify threats to a datacenter |
CN113254674B (zh) * | 2021-07-12 | 2021-11-30 | 深圳市永达电子信息股份有限公司 | 一种网络安全设备知识推理方法、装置、系统及存储介质 |
US11949701B2 (en) | 2021-08-04 | 2024-04-02 | Microsoft Technology Licensing, Llc | Network access anomaly detection via graph embedding |
US11792151B2 (en) | 2021-10-21 | 2023-10-17 | Vmware, Inc. | Detection of threats based on responses to name resolution requests |
CN114884688B (zh) * | 2022-03-28 | 2023-07-04 | 天津大学 | 一种跨多属性网络的联邦异常检测方法 |
US20240012802A1 (en) * | 2022-07-08 | 2024-01-11 | Salesforce, Inc. | Mechanisms for serializing triples of a database store |
CN117851959A (zh) * | 2024-03-07 | 2024-04-09 | 中国人民解放军国防科技大学 | 基于fhgs的动态网络子图异常检测方法、装置和设备 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6671811B1 (en) * | 1999-10-25 | 2003-12-30 | Visa Internation Service Association | Features generation for use in computer network intrusion detection |
CN101547445A (zh) * | 2008-03-25 | 2009-09-30 | 上海摩波彼克半导体有限公司 | 移动通信网络中基于移动性进行入侵异常检测的系统和方法 |
US7627900B1 (en) * | 2005-03-10 | 2009-12-01 | George Mason Intellectual Properties, Inc. | Attack graph aggregation |
Family Cites Families (53)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7113988B2 (en) | 2000-06-29 | 2006-09-26 | International Business Machines Corporation | Proactive on-line diagnostics in a manageable network |
CA2430571C (en) | 2000-11-30 | 2011-07-12 | Lancope, Inc. | Flow-based detection of network intrusions |
US7168093B2 (en) | 2001-01-25 | 2007-01-23 | Solutionary, Inc. | Method and apparatus for verifying the integrity and security of computer networks and implementation of counter measures |
US7228566B2 (en) | 2001-07-10 | 2007-06-05 | Core Sdi, Incorporated | Automated computer system security compromise |
US6647975B2 (en) * | 2001-12-05 | 2003-11-18 | Terry Whitfield | Convertible ball projecting apparatus having a replaceable fork assembly |
ATE374493T1 (de) | 2002-03-29 | 2007-10-15 | Global Dataguard Inc | Adaptive verhaltensbezogene eindringdetektion |
US7603711B2 (en) * | 2002-10-31 | 2009-10-13 | Secnap Networks Security, LLC | Intrusion detection system |
US20040122803A1 (en) | 2002-12-19 | 2004-06-24 | Dom Byron E. | Detect and qualify relationships between people and find the best path through the resulting social network |
US7483972B2 (en) | 2003-01-08 | 2009-01-27 | Cisco Technology, Inc. | Network security monitoring system |
US8386377B1 (en) | 2003-05-12 | 2013-02-26 | Id Analytics, Inc. | System and method for credit scoring using an identity network connectivity |
JP3922375B2 (ja) | 2004-01-30 | 2007-05-30 | インターナショナル・ビジネス・マシーンズ・コーポレーション | 異常検出システム及びその方法 |
US20050203881A1 (en) * | 2004-03-09 | 2005-09-15 | Akio Sakamoto | Database user behavior monitor system and method |
EP1589716A1 (en) * | 2004-04-20 | 2005-10-26 | Ecole Polytechnique Fédérale de Lausanne (EPFL) | Method of detecting anomalous behaviour in a computer network |
US20060053136A1 (en) | 2004-08-09 | 2006-03-09 | Amir Ashiri | Method and system for analyzing multidimensional data |
US7941856B2 (en) * | 2004-12-06 | 2011-05-10 | Wisconsin Alumni Research Foundation | Systems and methods for testing and evaluating an intrusion detection system |
WO2006069495A1 (en) | 2004-12-31 | 2006-07-06 | Intel Corporation | Data partitioning and critical section reduction for bayesian network structure learning |
US8077718B2 (en) | 2005-08-12 | 2011-12-13 | Microsoft Corporation | Distributed network management |
US8271412B2 (en) * | 2005-12-21 | 2012-09-18 | University Of South Carolina | Methods and systems for determining entropy metrics for networks |
US7624448B2 (en) * | 2006-03-04 | 2009-11-24 | 21St Century Technologies, Inc. | Intelligent intrusion detection system utilizing enhanced graph-matching of network activity with context data |
US7530105B2 (en) * | 2006-03-21 | 2009-05-05 | 21St Century Technologies, Inc. | Tactical and strategic attack detection and prediction |
US7971252B2 (en) | 2006-06-09 | 2011-06-28 | Massachusetts Institute Of Technology | Generating a multiple-prerequisite attack graph |
US9438501B2 (en) | 2006-08-21 | 2016-09-06 | Lenovo Enterprise Solutions (Singapore) Pte. Ltd. | Multi-scale network traffic generator |
JP2008113409A (ja) | 2006-10-04 | 2008-05-15 | Alaxala Networks Corp | トラフィック制御システム及び管理サーバ |
US9680693B2 (en) | 2006-11-29 | 2017-06-13 | Wisconsin Alumni Research Foundation | Method and apparatus for network anomaly detection |
JPWO2008084729A1 (ja) | 2006-12-28 | 2010-04-30 | 日本電気株式会社 | アプリケーション連鎖性ウイルス及びdns攻撃発信元検知装置、その方法及びそのプログラム |
WO2009038818A2 (en) | 2007-04-12 | 2009-03-26 | Core Sdi, Incorporated | System and method for providing network penetration testing |
WO2009003126A1 (en) | 2007-06-26 | 2008-12-31 | Core Sdi, Incorporated | System and method for simulating computer network attacks |
EP2056559B1 (en) | 2007-11-02 | 2017-05-17 | Deutsche Telekom AG | Method and system for network simulation |
US8844033B2 (en) * | 2008-05-27 | 2014-09-23 | The Trustees Of Columbia University In The City Of New York | Systems, methods, and media for detecting network anomalies using a trained probabilistic model |
US20090319906A1 (en) | 2008-06-18 | 2009-12-24 | Eads Na Defense Security And Systems Solutions Inc | Systems and methods for reconstitution of network elements in a simulated network |
US8650630B2 (en) | 2008-09-18 | 2014-02-11 | Alcatel Lucent | System and method for exposing malicious sources using mobile IP messages |
CN101655787A (zh) * | 2009-02-24 | 2010-02-24 | 天津大学 | 加入攻击路径形式化分析的威胁建模方法 |
US20110030059A1 (en) * | 2009-07-30 | 2011-02-03 | Greenwald Lloyd G | Method for testing the security posture of a system |
US8490193B2 (en) | 2009-09-08 | 2013-07-16 | Core Security Technologies | System and method for probabilistic attack planning |
US8397298B2 (en) * | 2009-12-08 | 2013-03-12 | At&T Intellectual Property I, L.P. | Method and system for content distribution network security |
KR20110067264A (ko) | 2009-12-14 | 2011-06-22 | 성균관대학교산학협력단 | 네트워크 이상징후 탐지장치 및 방법 |
US8375255B2 (en) * | 2009-12-23 | 2013-02-12 | At&T Intellectual Property I, Lp | Device and method for detecting and diagnosing correlated network anomalies |
CN101778112B (zh) * | 2010-01-29 | 2013-01-23 | 中国科学院软件研究所 | 一种网络攻击检测方法 |
JP5532241B2 (ja) | 2010-07-15 | 2014-06-25 | 日本電信電話株式会社 | 高パケットレートフロー検出装置及び高パケットレートフロー検出方法 |
US8762298B1 (en) | 2011-01-05 | 2014-06-24 | Narus, Inc. | Machine learning based botnet detection using real-time connectivity graph based traffic features |
US8621618B1 (en) | 2011-02-07 | 2013-12-31 | Dell Products, Lp | System and method for assessing whether a communication contains an attack |
US8434150B2 (en) | 2011-03-24 | 2013-04-30 | Microsoft Corporation | Using social graphs to combat malicious attacks |
US8627473B2 (en) * | 2011-06-08 | 2014-01-07 | At&T Intellectual Property I, L.P. | Peer-to-peer (P2P) botnet tracking at backbone level |
US8955133B2 (en) | 2011-06-09 | 2015-02-10 | Microsoft Corporation | Applying antimalware logic without revealing the antimalware logic to adversaries |
EP2737404A4 (en) | 2011-07-26 | 2015-04-29 | Light Cyber Ltd | METHOD FOR DETECTING AN ANALYSIS ACTION WITHIN A COMPUTER NETWORK |
US9792430B2 (en) | 2011-11-03 | 2017-10-17 | Cyphort Inc. | Systems and methods for virtualized malware detection |
US9450973B2 (en) | 2011-11-21 | 2016-09-20 | At&T Intellectual Property I, L.P. | Method and apparatus for machine to machine network security monitoring in a communications network |
US8588764B1 (en) | 2012-01-26 | 2013-11-19 | Sprint Communications Company L.P. | Wireless network edge guardian |
AU2013272215B2 (en) | 2012-03-22 | 2017-10-12 | Imperial Innovations Limited | Anomaly detection to identify coordinated group attacks in computer networks |
US8863293B2 (en) | 2012-05-23 | 2014-10-14 | International Business Machines Corporation | Predicting attacks based on probabilistic game-theory |
US9710646B1 (en) | 2013-02-26 | 2017-07-18 | Palo Alto Networks, Inc. | Malware detection using clustering with malware source information |
US9185124B2 (en) | 2013-02-27 | 2015-11-10 | Sayan Chakraborty | Cyber defense systems and methods |
US9680855B2 (en) | 2014-06-30 | 2017-06-13 | Neo Prime, LLC | Probabilistic model for cyber risk forecasting |
-
2013
- 2013-03-14 AU AU2013272215A patent/AU2013272215B2/en not_active Ceased
- 2013-03-14 AU AU2013272211A patent/AU2013272211B2/en not_active Ceased
- 2013-03-14 EP EP13800081.5A patent/EP2828752B1/en active Active
- 2013-03-14 US US14/382,992 patent/US9560065B2/en active Active
- 2013-03-14 US US13/826,995 patent/US9038180B2/en active Active
- 2013-03-14 EP EP13800730.7A patent/EP2828753B1/en active Active
- 2013-03-14 US US13/826,736 patent/US9374380B2/en active Active
- 2013-03-14 CN CN201380026043.0A patent/CN104303152B/zh not_active Expired - Fee Related
- 2013-03-14 CA CA2868054A patent/CA2868054C/en not_active Expired - Fee Related
- 2013-03-14 CN CN201380026239.XA patent/CN104303153B/zh not_active Expired - Fee Related
- 2013-03-14 JP JP2015501780A patent/JP6139656B2/ja not_active Expired - Fee Related
- 2013-03-14 JP JP2015501782A patent/JP6148323B2/ja not_active Expired - Fee Related
- 2013-03-14 WO PCT/US2013/031402 patent/WO2013184206A2/en active Application Filing
- 2013-03-14 WO PCT/US2013/031463 patent/WO2013184211A2/en active Application Filing
- 2013-03-14 CA CA2868076A patent/CA2868076C/en not_active Expired - Fee Related
- 2013-03-14 EP EP19165350.0A patent/EP3522492A1/en not_active Withdrawn
-
2015
- 2015-01-30 US US14/609,836 patent/US9699206B2/en active Active
-
2016
- 2016-05-26 US US15/165,036 patent/US10122741B2/en active Active
- 2016-09-30 AU AU2016234999A patent/AU2016234999B2/en not_active Ceased
-
2017
- 2017-01-30 US US15/419,673 patent/US9825979B2/en active Active
- 2017-02-13 AU AU2017200969A patent/AU2017200969B2/en not_active Ceased
- 2017-04-27 JP JP2017088048A patent/JP6378395B2/ja not_active Expired - Fee Related
- 2017-06-29 US US15/637,475 patent/US10015183B1/en active Active
- 2017-10-30 AU AU2017254815A patent/AU2017254815B2/en not_active Ceased
- 2017-11-10 US US15/809,297 patent/US10243984B2/en active Active
-
2018
- 2018-05-15 AU AU2018203393A patent/AU2018203393B2/en not_active Ceased
- 2018-06-07 US US16/002,870 patent/US10728270B2/en active Active
- 2018-10-24 US US16/168,956 patent/US10530799B1/en not_active Expired - Fee Related
-
2019
- 2019-02-18 US US16/278,225 patent/US20190182281A1/en not_active Abandoned
- 2019-07-29 AU AU2019210493A patent/AU2019210493B2/en not_active Ceased
- 2019-08-15 AU AU2019216687A patent/AU2019216687B2/en not_active Ceased
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6671811B1 (en) * | 1999-10-25 | 2003-12-30 | Visa Internation Service Association | Features generation for use in computer network intrusion detection |
US7627900B1 (en) * | 2005-03-10 | 2009-12-01 | George Mason Intellectual Properties, Inc. | Attack graph aggregation |
CN101547445A (zh) * | 2008-03-25 | 2009-09-30 | 上海摩波彼克半导体有限公司 | 移动通信网络中基于移动性进行入侵异常检测的系统和方法 |
Also Published As
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104303153B (zh) | 用于异常子图检测、异常/更改检测和网络态势感知的路径扫描 | |
Estevez-Tapiador et al. | Anomaly detection methods in wired networks: a survey and taxonomy | |
Xie et al. | Anomaly detection in wireless sensor networks: A survey | |
Ali Alheeti et al. | Intelligent intrusion detection in external communication systems for autonomous vehicles | |
US20170318034A1 (en) | System and method to detect attacks on mobile wireless networks based on network controllability analysis | |
CN106716958A (zh) | 横向移动检测 | |
Hu et al. | Security risk situation quantification method based on threat prediction for multimedia communication network | |
CN117999559A (zh) | 使用元路径邻居采样和对比学习的图神经网络(gnn)训练 | |
Murad et al. | Software testing techniques in iot | |
Hameed et al. | IOTA-based Mobile crowd sensing: detection of fake sensing using logit-boosted machine learning algorithms | |
Atli | Anomaly-based intrusion detection by modeling probability distributions of flow characteristics | |
Jacob et al. | Anomalous distributed traffic: Detecting cyber security attacks amongst microservices using graph convolutional networks | |
CN110321438A (zh) | 基于复杂网络的实时欺诈检测方法、装置及电子设备 | |
Roschke et al. | High-quality attack graph-based IDS correlation | |
Muhati et al. | Asynchronous advantage actor-critic (a3c) learning for cognitive network security | |
Sajith et al. | Network intrusion detection system using ANFIS classifier | |
Radivilova et al. | Statistical and Signature Analysis Methods of Intrusion Detection | |
Wu et al. | Toward intelligent intrusion prediction for wireless sensor networks using three-layer brain-like learning | |
Kalutarage | Effective monitoring of slow suspicious activites on computer networks. | |
CN107251519A (zh) | 基于网络可控性分析来检测对移动无线网络的攻击的系统和方法 | |
Shyu et al. | A multiagent-based intrusion detection system with the support of multi-class supervised classification | |
Tanimu et al. | Network Intrusion Detection System Using Deep Learning Method with KDD Cup'99 Dataset | |
Gandhi | Stacked ensemble learning based approach for anomaly detection in IoT environment | |
Rajasekar et al. | GRU-BWFA Classifier for Detecting DDoS Attack within SNMP-MIB Dataset | |
Zhang et al. | I nternet of things network intrusion detection model based on quantum artificial fish group and fuzzy kernel clustering algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB03 | Change of inventor or designer information |
Inventor after: NEIL JOSHUA CHARLES Inventor after: FISK MICHAEL EDWARD Inventor after: BRUGH ALEXANDER WILLIAM Inventor after: HASH CURTIS LEE JR. Inventor after: STORLIE CURTIS BYRON Inventor after: Benjamin Uphoff Inventor after: KENT ALEXANDER Inventor before: NEIL JOSHUA CHARLES Inventor before: FISK MICHAEL EDWARD Inventor before: BRUGH ALEXANDER WILLIAM Inventor before: HASH CURTIS LEE JR. Inventor before: STORLIE CURTIS BYRON Inventor before: UPOFF BENJAMIN Inventor before: KENT ALEXANDER |
|
COR | Change of bibliographic data | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20181126 Address after: The American state of New Mexico Patentee after: National Security Co.,Ltd. Address before: The American state of New Mexico Patentee before: LOS ALAMOS NATIONAL SECURITY, LLC |
|
TR01 | Transfer of patent right | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170613 |
|
CF01 | Termination of patent right due to non-payment of annual fee |