专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US10075461B2 Detection of anomalous administrative actions 有权
公开(公告)号：US10075461B2
公开(公告)日：2018-09-11
申请号：US14726539
申请日：2015-05-31
申请人： Light Cyber Ltd.
发明人： Michael Mumcuoglu , Giora Engel , Yaron Neuman , Eyal Firstenberg
IPC分类号： H04L29/06
CPC分类号： H04L63/1425 , H04L63/1408 , H04L63/1441 , H04L63/145 , H04L2463/146
摘要： A method for monitoring includes defining a plurality of different types of administrative activities in a computer system. Each administrative activity in the plurality includes an action performed by one of the computers in the system that can be invoked only by a user having an elevated level of privileges in the system. The administrative activities performed by at least a group of the computers in the system are tracked automatically. Upon detecting that a given computer in the system has performed an anomalous combination of at least two of the different types of administrative activities, an action is initiated to inhibit malicious exploitation of the given computer.

2. 发明申请

US20180069883A1 Detection of Known and Unknown Malicious Domains 审中-公开
公开(公告)号：US20180069883A1
公开(公告)日：2018-03-08
申请号：US15694890
申请日：2017-09-04
申请人： LIGHT CYBER LTD.
发明人： Yinnon Meshi , Jonathan Allon , Eyal Firstenberg , Yaron Neuman , Dekel Paz , Idan Amit
IPC分类号： H04L29/06 , G06N99/00
摘要： A method, including collecting information on data transmitted at respective times between multiple endpoints and multiple Internet sites having respective domains, and acquiring, from one or more external or internal sources, maliciousness information for the domains. An access time profile is generated based on the times of the transmissions to the domains, and a popularity profile is generated based on the transmissions to the domains. A malicious domain profile is generated based on the acquired maliciousness information, and the collected information is modeled using the access time profile, the popularity profile and the malicious domain profile. Based on their respective modeled collected information, one or more of the domains is predicted to be suspicious, and an alert is generated for the one or more identified domains.

3. 发明申请

US20150358344A1 Automated forensics of computer systems using behavioral intelligence 有权
标题翻译：使用行为智能的计算机系统的自动取证
公开(公告)号：US20150358344A1
公开(公告)日：2015-12-10
申请号：US14758966
申请日：2014-01-15
申请人： LIGHT CYBER LTD.
发明人： Michael Mumcuoglu , Giora Engel , Eyal Firstenberg
IPC分类号： H04L29/06
CPC分类号： H04L63/1425 , G06F21/552 , G06F21/566 , H04L61/1511 , H04L63/0227 , H04L63/1416 , H04L63/1441 , H04L2463/121
摘要： A method for computer system forensics includes receiving an identification of at least one host computer (26) that has exhibited an anomalous behavior, in a computer network (24) comprising multiple host computers. Respective images (68) of the host computers in the network are assembled using image information collected with regard to the host computers. A comparison is made between at least one positive image of the at least one host computer, assembled using the image information collected following occurrence of the anomalous behavior, and one or more negative images assembled using the image information collected with respect to one or more of the host computers not exhibiting the anomalous behavior. Based on the comparison, a forensic indicator of the anomalous behavior is extracted from the positive and negative images.
摘要翻译：一种用于计算机系统取证的方法包括在包括多个主计算机的计算机网络（24）中接收表现出异常行为的至少一个主计算机（26）的标识。使用关于主计算机收集的图像信息来组装网络中的主计算机的相应图像（68）。在使用在异常行为发生之后收集的图像信息组装的至少一个主计算机的至少一个正像之间进行比较，并且使用使用相对于一个或多个主机不显示异常行为。根据比较，从正负图像中提取异常行为的法医指标。

4. 发明申请

US20180069884A1 Identifying Bulletproof Autonomous Systems 审中-公开
公开(公告)号：US20180069884A1
公开(公告)日：2018-03-08
申请号：US15694892
申请日：2017-09-04
申请人： LIGHT CYBER LTD.
发明人： Eyal Firstenberg , Yinnon Meshi , Idan Amit , Jonathan Allon , Keren Mizinski
IPC分类号： H04L29/06 , H04L12/26 , G06N5/02
摘要： A method, including collecting data transmitted from endpoints to Internet sites having respective domains and respective IP addresses, and transmissions to IP addresses of ASN numbers or ASN names included in a list of ASNs. An ASN data traffic model is generated by modeling, for each given ASN, data transmitted to any of the IP address of the given ASN based on the data, and for each given ASN and a set of keywords, multiple web searches are performed, each of the web searches including a given keyword and an ASN name or a number for the given ASN. Based on the web searches, a model of relationships between the keywords and the ASNs is generated, and one or more of the ASNs are predicted to be suspicious based on their respective modeled data transmissions and their respective modeled relationships between the keywords and the one or more ASNs.

5. 发明申请

US20170054744A1 DETECTION OF ANOMALOUS ADMINISTRATIVE ACTIONS 审中-公开
标题翻译：检测异常行政行为
公开(公告)号：US20170054744A1
公开(公告)日：2017-02-23
申请号：US14726539
申请日：2015-05-31
申请人： Light Cyber Ltd.
发明人： Michael Mumcuoglu , Giora Engel , Yaron Neuman , Eyal Firstenberg
IPC分类号： H04L29/06
CPC分类号： H04L63/1425 , H04L63/1408 , H04L63/1441 , H04L63/145 , H04L2463/146
摘要： A method for monitoring includes defining a plurality of different types of administrative activities in a computer system. Each administrative activity in the plurality includes an action performed by one of the computers in the system that can be invoked only by a user having an elevated level of privileges in the system. The administrative activities performed by at least a group of the computers in the system are tracked automatically. Upon detecting that a given computer in the system has performed an anomalous combination of at least two of the different types of administrative activities, an action is initiated to inhibit malicious exploitation of the given computer.
摘要翻译：一种用于监视的方法包括在计算机系统中定义多种不同类型的管理活动。多个中的每个管理活动包括由系统中的一个计算机执行的动作，该动作只能由系统中具有较高权限级别的用户调用。系统中至少一组计算机执行的管理活动将自动跟踪。在检测到系统中的给定计算机已经执行了至少两种不同类型的管理活动的异常组合时，启动动作以禁止给定计算机的恶意利用。

6. 发明授权

US09979739B2 Automated forensics of computer systems using behavioral intelligence 有权
公开(公告)号：US09979739B2
公开(公告)日：2018-05-22
申请号：US14758966
申请日：2014-01-15
申请人： LIGHT CYBER LTD.
发明人： Michael Mumcuoglu , Giora Engel , Eyal Firstenberg
IPC分类号： H04L29/06 , H04L29/12 , G06F21/55 , G06F21/56
CPC分类号： H04L63/1425 , G06F21/552 , G06F21/566 , H04L61/1511 , H04L63/0227 , H04L63/1416 , H04L63/1441 , H04L2463/121
摘要： A method for computer system forensics includes receiving an identification of at least one host computer (26) that has exhibited an anomalous behavior, in a computer network (24) comprising multiple host computers. Respective images (68) of the host computers in the network are assembled using image information collected with regard to the host computers. A comparison is made between at least one positive image of the at least one host computer, assembled using the image information collected following occurrence of the anomalous behavior, and one or more negative images assembled using the image information collected with respect to one or more of the host computers not exhibiting the anomalous behavior. Based on the comparison, a forensic indicator of the anomalous behavior is extracted from the positive and negative images.

7. 发明申请

US20170026398A1 Identifying anomalous messages 有权
标题翻译：识别异常消息
公开(公告)号：US20170026398A1
公开(公告)日：2017-01-26
申请号：US15286643
申请日：2016-10-06
申请人： Light Cyber Ltd.
发明人： Michael Mumcuoglu , Giora Engel , Eyal Firstenberg
IPC分类号： H04L29/06 , H04L29/12
CPC分类号： H04L63/1425 , G06F21/552 , G06F21/566 , H04L61/1511 , H04L63/0227 , H04L63/1416 , H04L63/1441 , H04L2463/121
摘要： A method for computer system forensics includes receiving an identification of an anomalous message transmitted by a host computer in a computer network comprising multiple host computers. Messages transmitted by the host computers are monitored so as to detect, for each monitored message, a respective process that initiated the message. Responsively to the identification, a forensic indicator is extracted of the respective process that initiated the anomalous message.
摘要翻译：一种用于计算机系统取证的方法包括在包括多个主计算机的计算机网络中接收由主计算机发送的异常消息的标识。监视由主计算机发送的消息，以便为每个被监视的消息检测发起消息的相应进程。响应于识别，提取发起异常消息的相应过程的取证指示符。

8. 发明申请

US20160234167A1 DETECTING ANOMALY ACTION WITHIN A COMPUTER NETWORK 审中-公开
标题翻译：检测计算机网络中的异常行为
公开(公告)号：US20160234167A1
公开(公告)日：2016-08-11
申请号：US15075343
申请日：2016-03-21
申请人： LIGHT CYBER LTD.
发明人： Giora Engel , Michael Mumcuoglu
IPC分类号： H04L29/06 , H04L12/26
CPC分类号： H04L63/1408 , H04L43/106
摘要： A method for network monitoring includes intercepting, in an anomaly detection module, a first data packet transmitted over a network in accordance with a predefined protocol to or from an entity on the network. Both a network address that is assigned to the entity and a strong identity, which is incorporated in the first data packet in accordance with the predefined protocol, of the entity are extracted from the intercepted first data packet. An association is recorded between the network address and the strong identity. Second data packets transmitted over the network are intercepted, containing the network address. Responsively to the recorded association and the network address, the second data packets are associated with the strong identity. The associated second data packets are analyzed in order to detect anomalous behavior and to attribute the anomalous behavior to the entity.
摘要翻译：一种用于网络监控的方法包括在异常检测模块中拦截根据来自网络上的实体的预定义协议通过网络传输的第一数据分组。从截获的第一数据包中提取分配给该实体的一个网络地址和一个与实体相关联的根据预定义协议的第一数据包中的强身份。在网络地址和强身份之间记录关联。通过网络传输的第二个数据包被拦截，包含网络地址。响应于记录的关联和网络地址，第二数据分组与强身份相关联。分析相关的第二数据包以便检测异常行为并将异常行为归因于实体。

9. 发明授权

US09979742B2 Identifying anomalous messages 有权
公开(公告)号：US09979742B2
公开(公告)日：2018-05-22
申请号：US15286643
申请日：2016-10-06
申请人： Light Cyber Ltd.
发明人： Michael Mumcuoglu , Giora Engel , Eyal Firstenberg
IPC分类号： H04L29/06 , H04L29/12 , G06F21/55 , G06F21/56
CPC分类号： H04L63/1425 , G06F21/552 , G06F21/566 , H04L61/1511 , H04L63/0227 , H04L63/1416 , H04L63/1441 , H04L2463/121
摘要： A method for computer system forensics includes receiving an identification of an anomalous message transmitted by a host computer in a computer network comprising multiple host computers. Messages transmitted by the host computers are monitored so as to detect, for each monitored message, a respective process that initiated the message. Responsively to the identification, a forensic indicator is extracted of the respective process that initiated the anomalous message.

10. 发明申请

US20180069893A1 Identifying Changes in Use of User Credentials 审中-公开
公开(公告)号：US20180069893A1
公开(公告)日：2018-03-08
申请号：US15694891
申请日：2017-09-04
申请人： LIGHT CYBER LTD.
发明人： Idan Amit , Eyal Firstenberg , Jonathan Allon , Yaron Neuman
IPC分类号： H04L29/06 , G06N99/00 , G06N5/04
CPC分类号： H04L63/1441 , G06F21/552 , G06F21/554 , G06N5/04 , G06N20/00 , H04L63/0245 , H04L63/1416 , H04L63/1425
摘要： A method including extracting, from initial data transmitted on a network, multiple events, each of the events including a user accessing a resource. First and second sets of records are created, each first set record including a sub-group of the events of a user, each second set record including a sub-group of the events of a multiple users during respective sub-periods of a training period. Safe labels are assigned to the first set records and suspicious labels are assigned to the second set records. An analysis fits, to the first and the second set records and their respective labels, a model for predicting the label for a given record. The model filters subsequent network data to identify, in the subsequent data, sequences of events predicted to be labeled suspicious by the model, and upon detecting a given sequence of events predicted as suspicious by the model, an alert is generated.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式