专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US11108787B1 Securing a network device by forecasting an attack event using a recurrent neural network 有权
公开(公告)号：US11108787B1
公开(公告)日：2021-08-31
申请号：US15940571
申请日：2018-03-29
申请人： SYMANTEC CORPORATION
发明人： Yun Shen , Pierre-Antoine Vervier
IPC分类号： G06F11/00 , H04L29/06 , G06K9/62 , G06N3/08 , G06N3/04 , G06F12/14
摘要： Securing a network device by forecasting an attack event using a recurrent neural network. In one embodiment, a method may include collecting event sequences of events that occurred on multiple network devices, generating training sequences, validation sequences, and test sequences from the event sequences, training a recurrent neural network using the training sequences, the validation sequences, and the test sequences, collecting an event sequence of the most recent events that occurred on a target network device, forecasting, using the recurrent neural network and based on the event sequence of the most recent events that occurred on the target network device, the next event that will occur on the target network device, and in response to the forecasted next event being an attack event, performing a security action to prevent harm to the target network device from the attack event.

2. 发明授权

US10277621B2 Systems and methods for detecting vulnerabilities on servers 有权
公开(公告)号：US10277621B2
公开(公告)日：2019-04-30
申请号：US15647303
申请日：2017-07-12
申请人： Symantec Corporation
发明人： Pierre-Antoine Vervier , Yun Shen
IPC分类号： H04L29/06 , G06F21/57 , G06F21/50
摘要： The disclosed computer-implemented method for detecting vulnerabilities on servers may include (i) sending requests to servers for information about services potentially executing on the servers, (ii) receiving, in response to requests, messages from the servers that comprise the information about the services, wherein the set of messages use different formats for transmitting the information, (iii) creating, by analyzing the set of the messages, at least one heuristic that is capable of automatically extracting, from a message, an identifier of a service that executes on a server that sent the message, (iv) extracting, from the message, via the heuristic, the identifier of the service executes on the server that sent the message, and (v) determining, based on the identifier of the service, that the service contributes to a vulnerability on the server that sent the message. Various other methods, systems, and computer-readable media are also disclosed.

3. 发明授权

US10225284B1 Techniques of obfuscation for enterprise data center services 有权
公开(公告)号：US10225284B1
公开(公告)日：2019-03-05
申请号：US14951800
申请日：2015-11-25
申请人： Symantec Corporation
发明人： Nathan S. Evans , Azzedine Benameur , Yun Shen
IPC分类号： G06F21/56 , H04L29/06 , G06F21/53
摘要： Techniques of obfuscation for enterprise data center services are disclosed. In one embodiment, the techniques may be realized as a system for obfuscation comprising one or more processors. The one or more processors may be configured to receive a command from at least one of a user and an application and determine whether the command is authorized. If the command is determined to be unauthorized, the one or more processors may be further configured to generate a rewritten output of the command that is different from an original output of the command and return the rewritten output in response to the command.

4. 发明授权

US10063582B1 Securing compromised network devices in a network 有权
公开(公告)号：US10063582B1
公开(公告)日：2018-08-28
申请号：US15609689
申请日：2017-05-31
申请人： SYMANTEC CORPORATION
发明人： Wangyan Feng , Shuning Wu , Yufei Han , Yun Shen
IPC分类号： H04L29/06 , G06N99/00 , G06N7/00
CPC分类号： H04L63/1433 , G06F21/554 , G06F21/575 , G06F21/577 , G06N3/04 , G06N5/003 , G06N7/005 , G06N20/00 , G06N20/10 , G06N20/20
摘要： Securing compromised network devices in a network. In one embodiment, a method may include (a) identifying a Positive Unlabeled (PU) machine learning classifier, (b) selecting labeled positive samples and unlabeled positive and negative samples as a bootstrap subset of training data from a set of training data, (c) training the PU machine learning classifier, (d) repeating (a)-(c) one or more times to create a set of trained PU machine learning classifiers, (e) predicting probabilities that a network device in a network has been compromised using each of the trained PU machine learning classifiers, (f) combining the probabilities predicted at (e) to generate a combined risk score for the network device, (g) repeating (e)-(f) one or more times to create a ranked list of combined risk scores, and (h) performing a security action on one or more of the network devices in the ranked list.

5. 发明申请

US20170180418A1 ACCURATE REAL-TIME IDENTIFICATION OF MALICIOUS BGP HIJACKS 审中-公开
公开(公告)号：US20170180418A1
公开(公告)日：2017-06-22
申请号：US14977261
申请日：2015-12-21
申请人： Symantec Corporation
发明人： Yun Shen , Yufei Han , Pierre-Antoine Vervier
IPC分类号： H04L29/06
CPC分类号： H04L63/1466 , H04L63/1408 , H04L63/1416 , H04L63/1425
摘要： A system and method for detecting malicious hijack events in real-time is provided. The method may include receiving routing data associated with a Border Gateway Protocol (BGP) event from at least one BGP router. The method may further include processing the routing data to generate a list of features representing ownership and various other details relating to origin and upstream equipment. The method may further include generating a hijack detection model using the routing data and the list of features, where a machine learning technique, such as Positive Unlabeled learning technique is employed. The machine learning technique may include at least one data input and a probability output; wherein, the data input couples to receive a set of historically confirmed BGP hijacking data and the routing data, while the probability output transmits a probability value for the malicious event which may be calculated based upon the data input. Finally, the method may include classifying the BGP event as a malicious event or a benign event using the BGP hijack model. This classification may be implemented using a threshold cut-off value and comparing this threshold with the probability generated by the machine learning technique.

6. 发明授权

US09571510B1 Systems and methods for identifying security threat sources responsible for security events 有权
标题翻译：用于识别负责安全事件的安全威胁源的系统和方法
公开(公告)号：US09571510B1
公开(公告)日：2017-02-14
申请号：US14519565
申请日：2014-10-21
申请人： Symantec Corporation
发明人： Yun Shen , Olivier Thonnard
IPC分类号： G06F21/57 , H04L29/06
CPC分类号： H04L63/1416 , H04L63/1408 , H04L63/1441 , H04L63/306
摘要： The disclosed computer-implemented method for identifying security threat sources responsible for security events may include (1) identifying security-event data collected from a plurality of security events detected over a network, (2) partitioning the security-event data into a set of single-dimensional security clusters, each grouped by a common feature, (3) determining that a subset of the single-dimensional security clusters exceed a threshold level of similarity relative to one another, (4) grouping the subset of single-dimensional clusters into a multi-dimensional security cluster corresponding to a single threat source in response to determining that the subset of single-dimensional clusters exceed the threshold level of similarity relative to one another, and then (5) determining, based at least in part on grouping the single-dimensional clusters into the multi-dimensional cluster, that the single threat source is likely responsible for some of the security events. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于识别负责安全事件的安全威胁源的公开的计算机实现的方法可以包括（1）识别从通过网络检测到的多个安全事件中收集的安全事件数据，（2）将安全事件数据分成一组（3）确定单维安全集群的子集相对于彼此超过相似度的阈值水平，（4）将一维集群的子集分成响应于确定所述单维集群的子集相对于彼此超过相似度的阈值水平，对应于单一威胁源的多维度安全集群，然后（5）至少部分地基于将单维集群进入多维集群，单个威胁源可能会对某些安全事件负责。还公开了各种其它方法，系统和计算机可读介质。

7. 发明授权

US10547623B1 Security network devices by forecasting future security incidents for a network based on past security incidents 有权
公开(公告)号：US10547623B1
公开(公告)日：2020-01-28
申请号：US15664029
申请日：2017-07-31
申请人： SYMANTEC CORPORATION
发明人： Yufei Han , Yun Shen , Leylya Yumer , Pierre-Antoine Vervier , Petros Efstathopoulos
IPC分类号： G06F21/31 , H04L29/06
摘要： Securing network devices by forecasting future security incidents for a network based on past security incidents. In one embodiment, a method may include constructing past inside-in security features for a network, constructing past outside-in security features for the network, and employing dynamic time warping to generate a similarity score for each security feature pair in the past inside-in security features, in the past outside-in security features, and between the past inside-in security features and the past outside-in security features. The method may further include generating a Coupled Gaussian Latent Variable (CGLV) model based on the similarity scores, forecasting future inside-in security features for the network using the CGLV model, and performing a security action on one or more network devices of the network based on the forecasted future inside-in security features for the network.

8. 发明授权

US10437994B1 Systems and methods for determining the reputations of unknown files 有权
公开(公告)号：US10437994B1
公开(公告)日：2019-10-08
申请号：US15163720
申请日：2016-05-25
申请人： Symantec Corporation
发明人： Yun Shen , Yufei Han , Pierre-Antoine Vervier
IPC分类号： G06F21/00 , G06F21/56 , G06F21/55
摘要： The disclosed computer-implemented method for determining the reputations of unknown files may include (1) identifying a file that was downloaded by the computing device from an external file host, (2) creating a node that represents the file in a dynamic file relationship graph, (3) connecting the node in the dynamic file relationship graph with at least one other node that represents an attribute of the external file host, and (4) labeling the node with a reputation score calculated based at least in part on a reputation score of the at least one other node that represents the attribute of the external file host. Various other methods, systems, and computer-readable media are also disclosed.

9. 发明授权

US09843594B1 Systems and methods for detecting anomalous messages in automobile networks 有权
公开(公告)号：US09843594B1
公开(公告)日：2017-12-12
申请号：US14525792
申请日：2014-10-28
申请人： Symantec Corporation
发明人： Nathan Evans , Azzedine Benameur , Yun Shen
IPC分类号： G06F21/00 , H04L29/06
CPC分类号： H04L63/1425
摘要： The disclosed computer-implemented method for detecting anomalous messages in automobile networks may include (1) receiving automobile-network messages that are expected to be broadcast over an automobile network of an automobile, (2) extracting a set of features from the automobile-network messages, and (3) using the set of features to create a model that is capable of distinguishing expected automobile-network messages from anomalous automobile-network messages. The disclosed computer-implemented method may further include (1) detecting an automobile-network message that has been broadcast over the automobile network, (2) using the model to determine that the automobile-network message is anomalous, and (3) performing a security action in response to determining that the automobile-network message is anomalous. Various other methods, systems, and computer-readable media are also disclosed.

10. 发明授权

US11025666B1 Systems and methods for preventing decentralized malware attacks 有权
公开(公告)号：US11025666B1
公开(公告)日：2021-06-01
申请号：US16207431
申请日：2018-12-03
申请人： Symantec Corporation
发明人： Yufei Han , Yuzhe Ma , Kevin Roundy , Chris Gates , Yun Shen
IPC分类号： H04L29/06 , G06N20/00
摘要： The disclosed computer-implemented method for preventing decentralized malware attacks may include (i) receiving, by a computing device, node data from a group of nodes over a network, (ii) training a machine learning model by shuffling the node data to generate a set of outputs utilized for predicting malicious data, (iii) calculating a statistical deviation for each output in the set of outputs from an aggregated output for the set of outputs, and (iv) identifying, based on the statistical deviation, an anomalous output in the set of outputs that is associated with one or more of the malicious nodes, the one or more malicious nodes hosting the malicious data. Various other methods, systems, and computer-readable media are also disclosed.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式