JP6378395B2 - 異常部分グラフの検出のための道探査及び異常/変更検出及び網状況認知のためのdns要求及びホストエージェントの使用 - Google Patents
異常部分グラフの検出のための道探査及び異常/変更検出及び網状況認知のためのdns要求及びホストエージェントの使用 Download PDFInfo
- Publication number
- JP6378395B2 JP6378395B2 JP2017088048A JP2017088048A JP6378395B2 JP 6378395 B2 JP6378395 B2 JP 6378395B2 JP 2017088048 A JP2017088048 A JP 2017088048A JP 2017088048 A JP2017088048 A JP 2017088048A JP 6378395 B2 JP6378395 B2 JP 6378395B2
- Authority
- JP
- Japan
- Prior art keywords
- network
- data
- host
- computer
- anomaly
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computing arrangements using knowledge-based models
- G06N5/02—Knowledge representation; Symbolic representation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computing arrangements using knowledge-based models
- G06N5/02—Knowledge representation; Symbolic representation
- G06N5/022—Knowledge engineering; Knowledge acquisition
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computing arrangements using knowledge-based models
- G06N5/04—Inference or reasoning models
- G06N5/045—Explanation of inference; Explainable artificial intelligence [XAI]; Interpretable artificial intelligence
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N7/00—Computing arrangements based on specific mathematical models
- G06N7/01—Probabilistic graphical models, e.g. probabilistic networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/0001—Systems modifying transmission characteristics according to link quality, e.g. power backoff
- H04L1/0015—Systems modifying transmission characteristics according to link quality, e.g. power backoff characterised by the adaptation strategy
- H04L1/0019—Systems modifying transmission characteristics according to link quality, e.g. power backoff characterised by the adaptation strategy in which mode-switching is based on a statistical approach
- H04L1/002—Algorithms with memory of the previous states, e.g. Markovian models
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/144—Detection or countermeasures against botnets
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Artificial Intelligence (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Software Systems (AREA)
- Evolutionary Computation (AREA)
- Mathematical Physics (AREA)
- Data Mining & Analysis (AREA)
- Computer Hardware Design (AREA)
- Computational Linguistics (AREA)
- Probability & Statistics with Applications (AREA)
- Medical Informatics (AREA)
- Computational Mathematics (AREA)
- Pure & Applied Mathematics (AREA)
- Algebra (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Quality & Reliability (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
- Debugging And Monitoring (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Description
function ENUMERATE(E, K):
// E = グラフを表す辺のリスト
// K = 列挙する道の整数長
for each edge A in E: // Aはグラフ内のある辺
list P[l] = A // Aが道内の最初の辺になる
RECURSE(E, P, 1, K) // 追加の辺を再帰的に付加する
function RECURS E(E, P, L, K):
// E = グラフを表す辺のリスト
// P = 道を表す辺のリスト
// L = Pの整数長
// K = 列挙する道の整数長
edge A = P[L] // Aは道内の最後の辺
for each edge B in E: // Bはグラフ内のある辺
if A[2] = B[1] then:
P[L+1] = B // Bが道内の最後の辺になる
if L+1 == K:
EMIT(P) // k縦続道が見付かった
else:
RECURSE(E, P, L+l, K) // 追加の辺を再帰的に付加
Claims (8)
- 計算システムが,網内の対応するホストによって送受信された網通信に属する複数のホストエージェントからデータを収集するステップと,
前記計算システムが,グラフ内の複数のk縦続道に時間のスライド窓ベースで統計モデルを適用することによって,所定期間内の異常振舞を検出するために前記の収集したデータを分析するステップと,
異常振舞が検出されたとき,前記計算システムが,前記所定期間内に前記異常振舞が発生したという指示を提供するステップと,
を有する,計算機で実現される方法。 - 前記収集されたデータは,片方向通信として,前記ホストエージェントからユーザデータグラムプロトコル(UDP)を介して送信される,請求項1に記載の計算機で実現される方法。
- ホストごとに収集された前記データは,開始したプロセスイメージのチェックサムを含むプロセス停止及び開始情報と,網接続イベントログと,実行中プロセスと確立されている網接続との対応付けと,現在の網接続状態と,を有する,請求項1に記載の計算機で実現される方法。
- 前記収集されたデータは,ホスト間の網接続を示す三つ組の値のリストを有し,各三つ組は,前記通信が発生した時刻と,送信元インターネットプロトコル(IP)アドレスと,あて先IPアドレスとを有する,請求項1に記載の計算機で実現される方法。
- 前記データを収集する前記ステップは,前記データを求めて前記ホストエージェントを周期的にポーリングするステップを更に有する,請求項1に記載の計算機で実現される方法。
- 前記計算システムが,伝送制御プロトコル(TCP)時間待機状態を用いて,短期間接続の情報を収集するステップを更に有する,請求項1に記載の計算機で実現される方法。
- 前記計算システムが,前記カウントについて平均及び分散統計量を計算することによってカウント情報を用い,カウント加重値を設定するステップを更に有する,請求項1に記載の計算機で実現される方法。
- 前記データは対応するホストの異常性のレベルに比例して収集され,
低レベルの異常性においては,基本確率的方式からの派生と考えられるとおり,前記計算システムが,基本網接続性及びプロセス情報を集約し,
中レベルの異常性では,前記計算システムが,より多くのプロセス報告及びサービス,並びにより完全な網振舞データを収集し,
高レベルの異常性では,前記計算システムが,完全なホスト振舞情報を収集し,完全なパケット捕捉を行う,請求項1に記載の計算機で実現される方法。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201261614148P | 2012-03-22 | 2012-03-22 | |
US61/614,148 | 2012-03-22 |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2015501780A Division JP6139656B2 (ja) | 2012-03-22 | 2013-03-14 | 異常部分グラフの検出のための道探査及び異常/変更検出及び網状況認知のためのdns要求及びホストエージェントの使用 |
Publications (2)
Publication Number | Publication Date |
---|---|
JP2017143578A JP2017143578A (ja) | 2017-08-17 |
JP6378395B2 true JP6378395B2 (ja) | 2018-08-22 |
Family
ID=49213611
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2015501780A Expired - Fee Related JP6139656B2 (ja) | 2012-03-22 | 2013-03-14 | 異常部分グラフの検出のための道探査及び異常/変更検出及び網状況認知のためのdns要求及びホストエージェントの使用 |
JP2015501782A Expired - Fee Related JP6148323B2 (ja) | 2012-03-22 | 2013-03-14 | 計算機ネットワークにおいて調整グループ攻撃を識別する異常検出 |
JP2017088048A Expired - Fee Related JP6378395B2 (ja) | 2012-03-22 | 2017-04-27 | 異常部分グラフの検出のための道探査及び異常/変更検出及び網状況認知のためのdns要求及びホストエージェントの使用 |
Family Applications Before (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2015501780A Expired - Fee Related JP6139656B2 (ja) | 2012-03-22 | 2013-03-14 | 異常部分グラフの検出のための道探査及び異常/変更検出及び網状況認知のためのdns要求及びホストエージェントの使用 |
JP2015501782A Expired - Fee Related JP6148323B2 (ja) | 2012-03-22 | 2013-03-14 | 計算機ネットワークにおいて調整グループ攻撃を識別する異常検出 |
Country Status (7)
Country | Link |
---|---|
US (11) | US9560065B2 (ja) |
EP (3) | EP2828752B1 (ja) |
JP (3) | JP6139656B2 (ja) |
CN (2) | CN104303153B (ja) |
AU (8) | AU2013272211B2 (ja) |
CA (2) | CA2868076C (ja) |
WO (2) | WO2013184211A2 (ja) |
Families Citing this family (136)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2013184211A2 (en) | 2012-03-22 | 2013-12-12 | Los Alamos National Security, Llc | Anomaly detection to identify coordinated group attacks in computer networks |
US20140041032A1 (en) * | 2012-08-01 | 2014-02-06 | Opera Solutions, Llc | System and Method for Detecting Network Intrusions Using Statistical Models and a Generalized Likelihood Ratio Test |
US9397902B2 (en) | 2013-01-28 | 2016-07-19 | Rackspace Us, Inc. | Methods and systems of tracking and verifying records of system change events in a distributed network system |
US9483334B2 (en) * | 2013-01-28 | 2016-11-01 | Rackspace Us, Inc. | Methods and systems of predictive monitoring of objects in a distributed network system |
US9813307B2 (en) * | 2013-01-28 | 2017-11-07 | Rackspace Us, Inc. | Methods and systems of monitoring failures in a distributed network system |
EP2785009A1 (en) * | 2013-03-29 | 2014-10-01 | British Telecommunications public limited company | Method and apparatus for detecting a multi-stage event |
US8996889B2 (en) * | 2013-03-29 | 2015-03-31 | Dropbox, Inc. | Portable computing device with methodologies for client-side analytic data collection |
EP2785008A1 (en) * | 2013-03-29 | 2014-10-01 | British Telecommunications public limited company | Method and apparatus for detecting a multi-stage event |
US9443075B2 (en) * | 2013-06-27 | 2016-09-13 | The Mitre Corporation | Interception and policy application for malicious communications |
EP2975538B1 (en) * | 2014-01-31 | 2020-11-25 | Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. | Computer-implemented method and apparatus for determining relevance of a node in a network |
US11782995B2 (en) * | 2014-01-31 | 2023-10-10 | MAX-PLANCK-Gesellschaft zur Förderung der Wissenschaften e.V. | Computer-implemented method and apparatus for determining a relevance of a node in a network |
US10812516B2 (en) * | 2014-08-05 | 2020-10-20 | AttackIQ, Inc. | Cyber security posture validation platform |
US10666676B1 (en) * | 2014-08-18 | 2020-05-26 | Trend Micro Incorporated | Detection of targeted email attacks |
JP6088714B2 (ja) * | 2014-10-14 | 2017-03-01 | 日本電信電話株式会社 | 特定装置、特定方法および特定プログラム |
CN106170772B (zh) | 2014-10-21 | 2018-04-17 | 铁网网络安全股份有限公司 | 网络安全系统 |
WO2016164050A1 (en) * | 2015-04-10 | 2016-10-13 | Hewlett Packard Enterprise Development Lp | Network anomaly detection |
US10476754B2 (en) * | 2015-04-16 | 2019-11-12 | Nec Corporation | Behavior-based community detection in enterprise information networks |
US10305917B2 (en) * | 2015-04-16 | 2019-05-28 | Nec Corporation | Graph-based intrusion detection using process traces |
US10015175B2 (en) * | 2015-04-16 | 2018-07-03 | Los Alamos National Security, Llc | Detecting anomalous behavior via user authentication graphs |
WO2016190868A1 (en) * | 2015-05-28 | 2016-12-01 | Hewlett Packard Enterprise Development Lp | Processing network data using a graph data structure |
JP6557334B2 (ja) * | 2015-06-02 | 2019-08-07 | 日本電信電話株式会社 | アクセス分類装置、アクセス分類方法、及びアクセス分類プログラム |
US9779222B2 (en) * | 2015-06-25 | 2017-10-03 | Extreme Networks, Inc. | Secure management of host connections |
US10430721B2 (en) * | 2015-07-27 | 2019-10-01 | Pivotal Software, Inc. | Classifying user behavior as anomalous |
US10425447B2 (en) * | 2015-08-28 | 2019-09-24 | International Business Machines Corporation | Incident response bus for data security incidents |
US20210281609A1 (en) * | 2015-10-28 | 2021-09-09 | Qomplx, Inc. | Rating organization cybersecurity using probe-based network reconnaissance techniques |
US10742647B2 (en) * | 2015-10-28 | 2020-08-11 | Qomplx, Inc. | Contextual and risk-based multi-factor authentication |
US12003544B2 (en) | 2015-10-28 | 2024-06-04 | Qomplx Llc | System and methods for automatically assessing and improving a cybersecurity risk score |
US11468368B2 (en) * | 2015-10-28 | 2022-10-11 | Qomplx, Inc. | Parametric modeling and simulation of complex systems using large datasets and heterogeneous data structures |
US11968239B2 (en) | 2015-10-28 | 2024-04-23 | Qomplx Llc | System and method for detection and mitigation of data source compromises in adversarial information environments |
US10673887B2 (en) | 2015-10-28 | 2020-06-02 | Qomplx, Inc. | System and method for cybersecurity analysis and score generation for insurance purposes |
US11388198B2 (en) | 2015-10-28 | 2022-07-12 | Qomplx, Inc. | Collaborative database and reputation management in adversarial information environments |
US20220255926A1 (en) * | 2015-10-28 | 2022-08-11 | Qomplx, Inc. | Event-triggered reauthentication of at-risk and compromised systems and accounts |
US11070592B2 (en) | 2015-10-28 | 2021-07-20 | Qomplx, Inc. | System and method for self-adjusting cybersecurity analysis and score generation |
US11297109B2 (en) | 2015-10-28 | 2022-04-05 | Qomplx, Inc. | System and method for cybersecurity reconnaissance, analysis, and score generation using distributed systems |
US11563741B2 (en) * | 2015-10-28 | 2023-01-24 | Qomplx, Inc. | Probe-based risk analysis for multi-factor authentication |
US12015596B2 (en) | 2015-10-28 | 2024-06-18 | Qomplx Llc | Risk analysis using port scanning for multi-factor authentication |
US10560483B2 (en) * | 2015-10-28 | 2020-02-11 | Qomplx, Inc. | Rating organization cybersecurity using active and passive external reconnaissance |
NL2015680B1 (en) * | 2015-10-29 | 2017-05-31 | Opt/Net Consulting B V | Anomaly detection in a data stream. |
CN105426764A (zh) * | 2015-11-16 | 2016-03-23 | 北京航空航天大学 | 一种基于子模优化的并行异常子图检测方法与系统 |
US10375095B1 (en) * | 2015-11-20 | 2019-08-06 | Triad National Security, Llc | Modeling behavior in a network using event logs |
US9985982B1 (en) * | 2015-12-21 | 2018-05-29 | Cisco Technology, Inc. | Method and apparatus for aggregating indicators of compromise for use in network security |
US10148690B2 (en) * | 2015-12-21 | 2018-12-04 | Symantec Corporation | Accurate real-time identification of malicious BGP hijacks |
JP6518000B2 (ja) * | 2016-02-26 | 2019-05-22 | 日本電信電話株式会社 | 分析装置、分析方法および分析プログラム |
CN105824754B (zh) * | 2016-03-17 | 2018-11-13 | 广州多益网络股份有限公司 | 客户端程序的Python异常捕获和上传的方法 |
US10333815B2 (en) * | 2016-03-17 | 2019-06-25 | Nec Corporation | Real-time detection of abnormal network connections in streaming data |
US10218727B2 (en) | 2016-03-24 | 2019-02-26 | Cisco Technology, Inc. | Sanity check of potential learned anomalies |
US10389741B2 (en) * | 2016-03-24 | 2019-08-20 | Cisco Technology, Inc. | Edge-based detection of new and unexpected flows |
US10389606B2 (en) * | 2016-03-25 | 2019-08-20 | Cisco Technology, Inc. | Merging of scored records into consistent aggregated anomaly messages |
US10893059B1 (en) | 2016-03-31 | 2021-01-12 | Fireeye, Inc. | Verification and enhancement using detection systems located at the network periphery and endpoint devices |
US10826933B1 (en) * | 2016-03-31 | 2020-11-03 | Fireeye, Inc. | Technique for verifying exploit/malware at malware detection appliance through correlation with endpoints |
CN105871865A (zh) * | 2016-04-26 | 2016-08-17 | 浪潮集团有限公司 | 基于OpenFlow的IaaS云安全状态转移分析系统 |
US11212297B2 (en) | 2016-06-17 | 2021-12-28 | Nippon Telegraph And Telephone Corporation | Access classification device, access classification method, and recording medium |
ES2728337T3 (es) | 2016-07-14 | 2019-10-23 | Ironnet Cybersecurity Inc | Simulación y realidad virtual basada en sistemas de comportamiento cibernético |
US11200352B2 (en) * | 2016-08-31 | 2021-12-14 | 3M Innovative Properties Company | Systems and methods for modeling, analyzing, detecting, and monitoring fluid networks |
EP3291120B1 (en) | 2016-09-06 | 2021-04-21 | Accenture Global Solutions Limited | Graph database analysis for network anomaly detection systems |
US10476896B2 (en) * | 2016-09-13 | 2019-11-12 | Accenture Global Solutions Limited | Malicious threat detection through time series graph analysis |
US10129274B2 (en) * | 2016-09-22 | 2018-11-13 | Adobe Systems Incorporated | Identifying significant anomalous segments of a metrics dataset |
TWI648650B (zh) * | 2017-07-20 | 2019-01-21 | 中華電信股份有限公司 | 閘道裝置、其惡意網域與受駭主機的偵測方法及非暫態電腦可讀取媒體 |
CN107483438A (zh) * | 2017-08-15 | 2017-12-15 | 山东华诺网络科技有限公司 | 一种基于大数据的网络安全态势感知预警系统和方法 |
CN111542811B (zh) * | 2017-09-26 | 2023-12-12 | 摩根大通国家银行 | 增强网络安全的监视 |
BR112020007076B1 (pt) * | 2017-11-08 | 2021-02-23 | Tetra Laval Holdings & Finance S.A | método para determinar um nível de risco microbiológico em um lote de alimentos, mídia legível por computador, e, sistema para determinar um nível de risco microbiológico em um lote de alimentos |
US11184369B2 (en) * | 2017-11-13 | 2021-11-23 | Vectra Networks, Inc. | Malicious relay and jump-system detection using behavioral indicators of actors |
US10567156B2 (en) | 2017-11-30 | 2020-02-18 | Bank Of America Corporation | Blockchain-based unexpected data detection |
CN108234492B (zh) * | 2018-01-02 | 2020-05-22 | 国网四川省电力公司信息通信公司 | 考虑负荷数据虚假注入的电力信息物理协同攻击分析方法 |
AT520746B1 (de) * | 2018-02-20 | 2019-07-15 | Ait Austrian Inst Tech Gmbh | Verfahren zur Erkennung von anormalen Betriebszuständen |
US11296960B2 (en) | 2018-03-08 | 2022-04-05 | Nicira, Inc. | Monitoring distributed applications |
DE102018206737A1 (de) * | 2018-05-02 | 2019-11-07 | Robert Bosch Gmbh | Verfahren und Vorrichtung zur Kalibrierung eines Systems zur Erkennung von Eindringversuchen in einem Rechnernetzwerk |
CN108990089B (zh) * | 2018-06-21 | 2022-02-22 | 中国铁道科学研究院集团有限公司通信信号研究所 | 移动通信网络多探测窗口联合检测分析方法 |
RU2697958C1 (ru) * | 2018-06-29 | 2019-08-21 | Акционерное общество "Лаборатория Касперского" | Система и способ обнаружения вредоносной активности на компьютерной системе |
WO2020033404A1 (en) * | 2018-08-07 | 2020-02-13 | Triad National Security, Llc | Modeling anomalousness of new subgraphs observed locally in a dynamic graph based on subgraph attributes |
US11122065B2 (en) | 2018-08-14 | 2021-09-14 | Vmware, Inc. | Adaptive anomaly detection for computer systems |
US10684909B1 (en) * | 2018-08-21 | 2020-06-16 | United States Of America As Represented By Secretary Of The Navy | Anomaly detection for preserving the availability of virtualized cloud services |
US11005868B2 (en) * | 2018-09-21 | 2021-05-11 | Mcafee, Llc | Methods, systems, and media for detecting anomalous network activity |
US11171975B2 (en) * | 2018-09-25 | 2021-11-09 | Cisco Technology, Inc. | Dynamic inspection of networking dependencies to enhance anomaly detection models in a network assurance service |
US11228603B1 (en) * | 2018-09-27 | 2022-01-18 | Juniper Networks, Inc. | Learning driven dynamic threat treatment for a software defined networking environment |
US11941054B2 (en) * | 2018-10-12 | 2024-03-26 | International Business Machines Corporation | Iterative constraint solving in abstract graph matching for cyber incident reasoning |
US11184374B2 (en) | 2018-10-12 | 2021-11-23 | International Business Machines Corporation | Endpoint inter-process activity extraction and pattern matching |
US10956566B2 (en) | 2018-10-12 | 2021-03-23 | International Business Machines Corporation | Multi-point causality tracking in cyber incident reasoning |
US11194910B2 (en) * | 2018-11-02 | 2021-12-07 | Microsoft Technology Licensing, Llc | Intelligent system for detecting multistage attacks |
CN109302418B (zh) * | 2018-11-15 | 2021-11-12 | 东信和平科技股份有限公司 | 一种基于深度学习的恶意域名检测方法及装置 |
EP3663951B1 (en) | 2018-12-03 | 2021-09-15 | British Telecommunications public limited company | Multi factor network anomaly detection |
US11989289B2 (en) | 2018-12-03 | 2024-05-21 | British Telecommunications Public Limited Company | Remediating software vulnerabilities |
WO2020114920A1 (en) | 2018-12-03 | 2020-06-11 | British Telecommunications Public Limited Company | Detecting vulnerable software systems |
US11960610B2 (en) | 2018-12-03 | 2024-04-16 | British Telecommunications Public Limited Company | Detecting vulnerability change in software systems |
US11973778B2 (en) | 2018-12-03 | 2024-04-30 | British Telecommunications Public Limited Company | Detecting anomalies in computer networks |
CN109753797B (zh) * | 2018-12-10 | 2020-11-03 | 中国科学院计算技术研究所 | 针对流式图的密集子图检测方法及系统 |
EP3681124B8 (en) * | 2019-01-09 | 2022-02-16 | British Telecommunications public limited company | Anomalous network node behaviour identification using deterministic path walking |
US11095540B2 (en) * | 2019-01-23 | 2021-08-17 | Servicenow, Inc. | Hybrid anomaly detection for response-time-based events in a managed network |
CN109889515B (zh) * | 2019-02-13 | 2020-08-28 | 北京航空航天大学 | 一种基于非参数统计的僵尸网络发现方法 |
WO2020193332A1 (en) * | 2019-03-27 | 2020-10-01 | British Telecommunications Public Limited Company | Pre-emptive computer security |
US11436320B2 (en) | 2019-03-27 | 2022-09-06 | British Telecommunications Public Limited Company | Adaptive computer security |
US11449604B2 (en) * | 2019-03-27 | 2022-09-20 | British Telecommunications Public Limited Company | Computer security |
CN110149421B (zh) * | 2019-05-30 | 2021-11-26 | 世纪龙信息网络有限责任公司 | 域名系统的异常监测方法、系统、装置和计算机设备 |
US11719563B2 (en) | 2019-07-03 | 2023-08-08 | Red Hat, Inc. | Distributed anomaly detection using combinable measurement value summaries |
CN110247932A (zh) * | 2019-07-04 | 2019-09-17 | 北京润通丰华科技有限公司 | 一种实现dns服务防御的检测系统和方法 |
US11188570B2 (en) | 2019-07-23 | 2021-11-30 | Vmware, Inc. | Using keys to aggregate flow attributes at host |
US11349876B2 (en) | 2019-07-23 | 2022-05-31 | Vmware, Inc. | Security policy recommendation generation |
US11398987B2 (en) | 2019-07-23 | 2022-07-26 | Vmware, Inc. | Host-based flow aggregation |
US11340931B2 (en) | 2019-07-23 | 2022-05-24 | Vmware, Inc. | Recommendation generation based on selection of selectable elements of visual representation |
US11436075B2 (en) | 2019-07-23 | 2022-09-06 | Vmware, Inc. | Offloading anomaly detection from server to host |
US11743135B2 (en) | 2019-07-23 | 2023-08-29 | Vmware, Inc. | Presenting data regarding grouped flows |
US11176157B2 (en) | 2019-07-23 | 2021-11-16 | Vmware, Inc. | Using keys to aggregate flows at appliance |
US11288256B2 (en) | 2019-07-23 | 2022-03-29 | Vmware, Inc. | Dynamically providing keys to host for flow aggregation |
US10911335B1 (en) * | 2019-07-23 | 2021-02-02 | Vmware, Inc. | Anomaly detection on groups of flows |
US11140090B2 (en) | 2019-07-23 | 2021-10-05 | Vmware, Inc. | Analyzing flow group attributes using configuration tags |
CN110460658B (zh) * | 2019-08-05 | 2022-05-10 | 上海红阵信息科技有限公司 | 一种基于拟态构造的分布式存储构建方法 |
TWI717831B (zh) * | 2019-09-11 | 2021-02-01 | 財團法人資訊工業策進會 | 攻擊路徑偵測方法、攻擊路徑偵測系統及非暫態電腦可讀取媒體 |
CN110602101B (zh) * | 2019-09-16 | 2021-01-01 | 北京三快在线科技有限公司 | 网络异常群组的确定方法、装置、设备及存储介质 |
US11418526B2 (en) | 2019-12-20 | 2022-08-16 | Microsoft Technology Licensing, Llc | Detecting anomalous network activity |
US11425150B1 (en) | 2020-01-10 | 2022-08-23 | Bank Of America Corporation | Lateral movement visualization for intrusion detection and remediation |
US11321213B2 (en) | 2020-01-16 | 2022-05-03 | Vmware, Inc. | Correlation key used to correlate flow and con text data |
US11503054B2 (en) | 2020-03-05 | 2022-11-15 | Aetna Inc. | Systems and methods for identifying access anomalies using network graphs |
CN111526119B (zh) * | 2020-03-19 | 2022-06-14 | 北京三快在线科技有限公司 | 异常流量检测方法、装置、电子设备和计算机可读介质 |
US11677775B2 (en) * | 2020-04-10 | 2023-06-13 | AttackIQ, Inc. | System and method for emulating a multi-stage attack on a node within a target network |
US20210336947A1 (en) * | 2020-04-27 | 2021-10-28 | Microsoft Technology Licensing, Llc | Rogue certificate detection |
CN113628124B (zh) * | 2020-05-08 | 2024-01-16 | 深圳清华大学研究院 | Isp与视觉任务联合优化方法、系统、介质和电子设备 |
US11831664B2 (en) | 2020-06-03 | 2023-11-28 | Netskope, Inc. | Systems and methods for anomaly detection |
US11556636B2 (en) | 2020-06-30 | 2023-01-17 | Microsoft Technology Licensing, Llc | Malicious enterprise behavior detection tool |
EP3945708A1 (de) * | 2020-07-29 | 2022-02-02 | Siemens Aktiengesellschaft | Dynamisches vorhalten von kontextabhängigen rechnergestützten funktionalitäten in mobilen, verteilten edge clouds |
CN112187833B (zh) * | 2020-11-09 | 2021-12-17 | 浙江大学 | 一种拟态waf中的ai+正则双匹配检测方法 |
US20220167171A1 (en) * | 2020-11-20 | 2022-05-26 | At&T Intellectual Property I, L.P. | Security anomaly detection for internet of things devices |
CN112769595B (zh) * | 2020-12-22 | 2023-05-09 | 阿波罗智联(北京)科技有限公司 | 异常检测方法、装置、电子设备及可读存储介质 |
US20220229903A1 (en) * | 2021-01-21 | 2022-07-21 | Intuit Inc. | Feature extraction and time series anomaly detection over dynamic graphs |
US11785032B2 (en) | 2021-01-22 | 2023-10-10 | Vmware, Inc. | Security threat detection based on network flow analysis |
US11991187B2 (en) | 2021-01-22 | 2024-05-21 | VMware LLC | Security threat detection based on network flow analysis |
US11765195B2 (en) | 2021-02-16 | 2023-09-19 | Icf International | Distributed network-level probabilistic attack graph generation |
JP2022168612A (ja) * | 2021-04-26 | 2022-11-08 | シャープ株式会社 | 機器管理システム、機器管理方法、及び機器管理プログラム |
US11831667B2 (en) | 2021-07-09 | 2023-11-28 | Vmware, Inc. | Identification of time-ordered sets of connections to identify threats to a datacenter |
US11997120B2 (en) | 2021-07-09 | 2024-05-28 | VMware LLC | Detecting threats to datacenter based on analysis of anomalous events |
CN113254674B (zh) * | 2021-07-12 | 2021-11-30 | 深圳市永达电子信息股份有限公司 | 一种网络安全设备知识推理方法、装置、系统及存储介质 |
US11949701B2 (en) | 2021-08-04 | 2024-04-02 | Microsoft Technology Licensing, Llc | Network access anomaly detection via graph embedding |
US11792151B2 (en) | 2021-10-21 | 2023-10-17 | Vmware, Inc. | Detection of threats based on responses to name resolution requests |
US12015591B2 (en) | 2021-12-06 | 2024-06-18 | VMware LLC | Reuse of groups in security policy |
CN114884688B (zh) * | 2022-03-28 | 2023-07-04 | 天津大学 | 一种跨多属性网络的联邦异常检测方法 |
US20240012802A1 (en) * | 2022-07-08 | 2024-01-11 | Salesforce, Inc. | Mechanisms for serializing triples of a database store |
CN117851959B (zh) * | 2024-03-07 | 2024-05-28 | 中国人民解放军国防科技大学 | 基于fhgs的动态网络子图异常检测方法、装置和设备 |
Family Cites Families (56)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6671811B1 (en) * | 1999-10-25 | 2003-12-30 | Visa Internation Service Association | Features generation for use in computer network intrusion detection |
US7113988B2 (en) | 2000-06-29 | 2006-09-26 | International Business Machines Corporation | Proactive on-line diagnostics in a manageable network |
US7185368B2 (en) | 2000-11-30 | 2007-02-27 | Lancope, Inc. | Flow-based detection of network intrusions |
US7168093B2 (en) | 2001-01-25 | 2007-01-23 | Solutionary, Inc. | Method and apparatus for verifying the integrity and security of computer networks and implementation of counter measures |
US7228566B2 (en) | 2001-07-10 | 2007-06-05 | Core Sdi, Incorporated | Automated computer system security compromise |
US6647975B2 (en) * | 2001-12-05 | 2003-11-18 | Terry Whitfield | Convertible ball projecting apparatus having a replaceable fork assembly |
EP1490768B1 (en) | 2002-03-29 | 2007-09-26 | Global Dataguard, Inc. | Adaptive behavioural intrusion detection |
US7603711B2 (en) * | 2002-10-31 | 2009-10-13 | Secnap Networks Security, LLC | Intrusion detection system |
US20040122803A1 (en) | 2002-12-19 | 2004-06-24 | Dom Byron E. | Detect and qualify relationships between people and find the best path through the resulting social network |
US7483972B2 (en) * | 2003-01-08 | 2009-01-27 | Cisco Technology, Inc. | Network security monitoring system |
US8386377B1 (en) | 2003-05-12 | 2013-02-26 | Id Analytics, Inc. | System and method for credit scoring using an identity network connectivity |
JP3922375B2 (ja) * | 2004-01-30 | 2007-05-30 | インターナショナル・ビジネス・マシーンズ・コーポレーション | 異常検出システム及びその方法 |
US20050203881A1 (en) | 2004-03-09 | 2005-09-15 | Akio Sakamoto | Database user behavior monitor system and method |
EP1589716A1 (en) | 2004-04-20 | 2005-10-26 | Ecole Polytechnique Fédérale de Lausanne (EPFL) | Method of detecting anomalous behaviour in a computer network |
EP1787220A2 (en) | 2004-08-09 | 2007-05-23 | Verix Ltd. | Method and system for analyzing multidimensional data |
US7941856B2 (en) | 2004-12-06 | 2011-05-10 | Wisconsin Alumni Research Foundation | Systems and methods for testing and evaluating an intrusion detection system |
JP4890468B2 (ja) | 2004-12-31 | 2012-03-07 | インテル コーポレイション | ベイズ・ネットワーク構造学習のデータ分割及びクリティカル・セクション |
US7735141B1 (en) * | 2005-03-10 | 2010-06-08 | Noel Steven E | Intrusion event correlator |
US8077718B2 (en) | 2005-08-12 | 2011-12-13 | Microsoft Corporation | Distributed network management |
WO2008051258A2 (en) | 2005-12-21 | 2008-05-02 | University Of South Carolina | Methods and systems for determining entropy metrics for networks |
US7624448B2 (en) * | 2006-03-04 | 2009-11-24 | 21St Century Technologies, Inc. | Intelligent intrusion detection system utilizing enhanced graph-matching of network activity with context data |
US7530105B2 (en) | 2006-03-21 | 2009-05-05 | 21St Century Technologies, Inc. | Tactical and strategic attack detection and prediction |
US7971252B2 (en) | 2006-06-09 | 2011-06-28 | Massachusetts Institute Of Technology | Generating a multiple-prerequisite attack graph |
US9438501B2 (en) | 2006-08-21 | 2016-09-06 | Lenovo Enterprise Solutions (Singapore) Pte. Ltd. | Multi-scale network traffic generator |
JP2008113409A (ja) * | 2006-10-04 | 2008-05-15 | Alaxala Networks Corp | トラフィック制御システム及び管理サーバ |
JP2010511359A (ja) * | 2006-11-29 | 2010-04-08 | ウイスコンシン アラムナイ リサーチ フオンデーシヨン | ネットワーク異常検出のための方法と装置 |
JPWO2008084729A1 (ja) * | 2006-12-28 | 2010-04-30 | 日本電気株式会社 | アプリケーション連鎖性ウイルス及びdns攻撃発信元検知装置、その方法及びそのプログラム |
ES2446944T3 (es) | 2007-04-12 | 2014-03-10 | Core Sdi, Incorporated | Sistema, método y medio legible por ordenador para proporcionar pruebas de penetración de red |
EP2163027B1 (en) | 2007-06-26 | 2017-09-13 | Core Sdi, Incorporated | System and method for simulating computer network attacks |
EP2056559B1 (en) | 2007-11-02 | 2017-05-17 | Deutsche Telekom AG | Method and system for network simulation |
CN101547445B (zh) * | 2008-03-25 | 2011-06-01 | 上海摩波彼克半导体有限公司 | 移动通信网络中基于移动性进行入侵异常检测的系统和方法 |
US8844033B2 (en) * | 2008-05-27 | 2014-09-23 | The Trustees Of Columbia University In The City Of New York | Systems, methods, and media for detecting network anomalies using a trained probabilistic model |
US20090319248A1 (en) | 2008-06-18 | 2009-12-24 | Eads Na Defense Security And Systems | Systems and methods for a simulated network traffic generator |
US8650630B2 (en) | 2008-09-18 | 2014-02-11 | Alcatel Lucent | System and method for exposing malicious sources using mobile IP messages |
CN101655787A (zh) * | 2009-02-24 | 2010-02-24 | 天津大学 | 加入攻击路径形式化分析的威胁建模方法 |
US20110030059A1 (en) * | 2009-07-30 | 2011-02-03 | Greenwald Lloyd G | Method for testing the security posture of a system |
CA2773461C (en) | 2009-09-08 | 2016-10-04 | Core Sdi Incorporated | System and method for probabilistic attack planning |
US8397298B2 (en) | 2009-12-08 | 2013-03-12 | At&T Intellectual Property I, L.P. | Method and system for content distribution network security |
KR20110067264A (ko) * | 2009-12-14 | 2011-06-22 | 성균관대학교산학협력단 | 네트워크 이상징후 탐지장치 및 방법 |
US8375255B2 (en) * | 2009-12-23 | 2013-02-12 | At&T Intellectual Property I, Lp | Device and method for detecting and diagnosing correlated network anomalies |
CN101778112B (zh) * | 2010-01-29 | 2013-01-23 | 中国科学院软件研究所 | 一种网络攻击检测方法 |
JP5532241B2 (ja) * | 2010-07-15 | 2014-06-25 | 日本電信電話株式会社 | 高パケットレートフロー検出装置及び高パケットレートフロー検出方法 |
US8762298B1 (en) | 2011-01-05 | 2014-06-24 | Narus, Inc. | Machine learning based botnet detection using real-time connectivity graph based traffic features |
US8621618B1 (en) | 2011-02-07 | 2013-12-31 | Dell Products, Lp | System and method for assessing whether a communication contains an attack |
US8434150B2 (en) | 2011-03-24 | 2013-04-30 | Microsoft Corporation | Using social graphs to combat malicious attacks |
US8627473B2 (en) * | 2011-06-08 | 2014-01-07 | At&T Intellectual Property I, L.P. | Peer-to-peer (P2P) botnet tracking at backbone level |
US8955133B2 (en) | 2011-06-09 | 2015-02-10 | Microsoft Corporation | Applying antimalware logic without revealing the antimalware logic to adversaries |
EP2737404A4 (en) | 2011-07-26 | 2015-04-29 | Light Cyber Ltd | METHOD FOR DETECTING AN ANALYSIS ACTION WITHIN A COMPUTER NETWORK |
US9792430B2 (en) | 2011-11-03 | 2017-10-17 | Cyphort Inc. | Systems and methods for virtualized malware detection |
US9450973B2 (en) * | 2011-11-21 | 2016-09-20 | At&T Intellectual Property I, L.P. | Method and apparatus for machine to machine network security monitoring in a communications network |
US8588764B1 (en) | 2012-01-26 | 2013-11-19 | Sprint Communications Company L.P. | Wireless network edge guardian |
WO2013184211A2 (en) | 2012-03-22 | 2013-12-12 | Los Alamos National Security, Llc | Anomaly detection to identify coordinated group attacks in computer networks |
US8863293B2 (en) | 2012-05-23 | 2014-10-14 | International Business Machines Corporation | Predicting attacks based on probabilistic game-theory |
US9710646B1 (en) | 2013-02-26 | 2017-07-18 | Palo Alto Networks, Inc. | Malware detection using clustering with malware source information |
US9185124B2 (en) | 2013-02-27 | 2015-11-10 | Sayan Chakraborty | Cyber defense systems and methods |
US9680855B2 (en) | 2014-06-30 | 2017-06-13 | Neo Prime, LLC | Probabilistic model for cyber risk forecasting |
-
2013
- 2013-03-14 WO PCT/US2013/031463 patent/WO2013184211A2/en active Application Filing
- 2013-03-14 EP EP13800081.5A patent/EP2828752B1/en active Active
- 2013-03-14 CA CA2868076A patent/CA2868076C/en not_active Expired - Fee Related
- 2013-03-14 AU AU2013272211A patent/AU2013272211B2/en not_active Ceased
- 2013-03-14 CA CA2868054A patent/CA2868054C/en not_active Expired - Fee Related
- 2013-03-14 AU AU2013272215A patent/AU2013272215B2/en not_active Ceased
- 2013-03-14 EP EP13800730.7A patent/EP2828753B1/en active Active
- 2013-03-14 US US14/382,992 patent/US9560065B2/en active Active
- 2013-03-14 WO PCT/US2013/031402 patent/WO2013184206A2/en active Application Filing
- 2013-03-14 CN CN201380026239.XA patent/CN104303153B/zh not_active Expired - Fee Related
- 2013-03-14 CN CN201380026043.0A patent/CN104303152B/zh not_active Expired - Fee Related
- 2013-03-14 JP JP2015501780A patent/JP6139656B2/ja not_active Expired - Fee Related
- 2013-03-14 US US13/826,995 patent/US9038180B2/en active Active
- 2013-03-14 US US13/826,736 patent/US9374380B2/en active Active
- 2013-03-14 JP JP2015501782A patent/JP6148323B2/ja not_active Expired - Fee Related
- 2013-03-14 EP EP19165350.0A patent/EP3522492A1/en not_active Withdrawn
-
2015
- 2015-01-30 US US14/609,836 patent/US9699206B2/en active Active
-
2016
- 2016-05-26 US US15/165,036 patent/US10122741B2/en active Active
- 2016-09-30 AU AU2016234999A patent/AU2016234999B2/en not_active Ceased
-
2017
- 2017-01-30 US US15/419,673 patent/US9825979B2/en active Active
- 2017-02-13 AU AU2017200969A patent/AU2017200969B2/en not_active Ceased
- 2017-04-27 JP JP2017088048A patent/JP6378395B2/ja not_active Expired - Fee Related
- 2017-06-29 US US15/637,475 patent/US10015183B1/en active Active
- 2017-10-30 AU AU2017254815A patent/AU2017254815B2/en not_active Ceased
- 2017-11-10 US US15/809,297 patent/US10243984B2/en active Active
-
2018
- 2018-05-15 AU AU2018203393A patent/AU2018203393B2/en not_active Ceased
- 2018-06-07 US US16/002,870 patent/US10728270B2/en active Active
- 2018-10-24 US US16/168,956 patent/US10530799B1/en not_active Expired - Fee Related
-
2019
- 2019-02-18 US US16/278,225 patent/US20190182281A1/en not_active Abandoned
- 2019-07-29 AU AU2019210493A patent/AU2019210493B2/en not_active Ceased
- 2019-08-15 AU AU2019216687A patent/AU2019216687B2/en not_active Ceased
Also Published As
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6378395B2 (ja) | 異常部分グラフの検出のための道探査及び異常/変更検出及び網状況認知のためのdns要求及びホストエージェントの使用 | |
Kumar et al. | A Distributed framework for detecting DDoS attacks in smart contract‐based Blockchain‐IoT Systems by leveraging Fog computing | |
US10091218B2 (en) | System and method to detect attacks on mobile wireless networks based on network controllability analysis | |
US20230080471A1 (en) | Endpoint agent and system | |
Di Mauro et al. | Improving SIEM capabilities through an enhanced probe for encrypted Skype traffic detection | |
Thakur et al. | Detection and prevention of botnets and malware in an enterprise network | |
Noor et al. | An intelligent context-aware threat detection and response model for smart cyber-physical systems | |
Frankowski et al. | Application of the Complex Event Processing system for anomaly detection and network monitoring | |
Abushwereb et al. | Attack based DoS attack detection using multiple classifier | |
CN107251519B (zh) | 用于检测通信网络上的假信息的攻击的系统、方法和介质 | |
Lyu et al. | PEDDA: Practical and Effective Detection of Distributed Attacks on enterprise networks via progressive multi-stage inference | |
Ma et al. | Cybersecurity Knowledge Graph Enables Targeted Data Collection for Cybersecurity Analysis | |
Javed | Design and Development of Intelligent Security Management Systems: Threat Detection and Response in Cyber-Based Infrastructures | |
Kadiravan et al. | Dynamic Network Intrusion Detection System for Virtual Machine Environment | |
Bashurov et al. | Anomaly detection in network traffic using entropy-based methods: application to various types of cyberattacks. | |
Chukkayapally | DETECTION OF UDP FLOOD ATTACKS IN WIRELESS SENSOR NETWORKS BY VISUALIZATION ON PARALLEL COORDINATE PLOT | |
Mouta et al. | SPATIO: end-uSer Protection Against ioT IntrusiOns | |
Manivannan et al. | An efficient and accurate intrusion detec-tion system to detect the network attack groups using the layer wise individual feature set | |
Al-Sadhan | Detecting Distributed Denial of Service Attacks in IPV6 by Using Artificial Intelligence Techniques |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
TRDD | Decision of grant or rejection written | ||
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20180626 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20180726 |
|
R150 | Certificate of patent or registration of utility model |
Ref document number: 6378395 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
S111 | Request for change of ownership or part of ownership |
Free format text: JAPANESE INTERMEDIATE CODE: R313113 |
|
R350 | Written notification of registration of transfer |
Free format text: JAPANESE INTERMEDIATE CODE: R350 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
LAPS | Cancellation because of no payment of annual fees |