专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明公开

EP4224814A1 METHOD FOR REPRESENTING OBJECTS OF A NETWORK IN A GUI WITH A GRAPH CLUSTERING 审中-实审
公开(公告)号：EP4224814A1
公开(公告)日：2023-08-09
申请号：EP23152258.2
申请日：2023-01-18
申请人： Nozomi Networks Sagl
发明人： DI FRANCESCANTONIO, Paolo , CAVALLARO CORTI, Alessandro , CARULLO, Moreno , CARCANO, Andrea
IPC分类号： H04L41/22 , H04L41/0893 , H04L41/12
摘要： The present invention relates to a method for representing objects of a network in a GUI with a graph clustering comprising retrieving a base graph comprising all of the objects of the network as respective nodes and links between said nodes, grouping two or more of the nodes in one or more clusters, initializing the clusters by calculating the cluster mass and the cluster radius of each of the clusters, assessing the clusters defining a visualization graph which represents the base graph as seen from a predefined distance value and positioning the visualization graph in the GUI, wherein the assessing comprises creating an empty visualization graph, calculating for each of the clusters the distance ratio as ratio between the cluster radius and the predefined distance value, evaluating the distance ratio with regard to a predefined distance ratio threshold, compressing the cluster when the distance ratio is higher than the predefined distance ratio threshold, adding in the visualization graph a single compressed cluster node for all child nodes and all child clusters arranged inside the cluster to be compressed, expanding the cluster when the distance ratio is lower than the predefined distance ratio threshold, adding in the visualization graph a plurality of nodes for all child nodes and all child clusters arranged inside the cluster to be expanded and adding in the visualization graph a link between the cluster and the node outside the cluster if the link was present between a node inside the cluster and the node outside the cluster in the base graph and a link between two of the clusters if the link was present between a node inside one of the clusters and a node inside the other of the clusters in the base graph, wherein every time a link needs to be added between the same of the cluster and of the node outside the cluster a count of a link strength is increased of an integer unit and wherein every time a link needs to be added between the same of two of the clusters a count of a link strength is increased of an integer unit.

2. 发明公开

EP4375858A1 METHOD FOR DETECTING ANOMALIES IN DATA TRAFFIC GENERATED BY PERIPHERAL DEVICES SIMULATING HUMANLIKE PATTERNS 审中-公开
公开(公告)号：EP4375858A1
公开(公告)日：2024-05-29
申请号：EP23200159.4
申请日：2023-09-27
申请人： Nozomi Networks Sagl
发明人： Cavallaro Corti, Alessandro , Cremona, Luca , Di Pinto, Alessandro , Valente, Alessandro , Zamberletti, Alessandro
IPC分类号： G06F21/31 , H04L41/12 , H04W12/08 , H04L9/40 , G06F21/55
CPC分类号： G06F21/316 , G06F21/552 , H04L63/1425 , H04L63/1416 , H04L63/145 , G06F21/55
摘要： The present invention relates to a method for detecting anomalies in data traffic generated by peripheral devices simulating human-like patterns retrieving all data packets sent by a peripheral device to a computer, identifying a data communication as a plurality of the data packets in a predetermined timeframe, parsing the content of each of the data packets of the data communication to extract a plurality of communication features of the data communication, classifying the communication features through a set of absolute classifiers and through a set of majority classifiers and signalling an anomaly of the data communication when at least the majority in the set of absolute classifiers or at least one in the set of absolute classifiers define the data communication as malicious.

3. 发明公开

EP4134761A1 METHOD FOR AUTOMATIC TRANSLATION OF LADDER LOGIC TO A SMT-BASED MODEL CHECKER IN A NETWORK 审中-实审
公开(公告)号：EP4134761A1
公开(公告)日：2023-02-15
申请号：EP22020388.9
申请日：2022-08-11
申请人： Nozomi Networks Sagl
发明人： Bruttomesso, Roberto , Di Pinto, Alessandro , Carullo, Moreno , Carcano, Andrea
IPC分类号： G05B19/042 , G05B19/05 , H04L9/40
摘要： The present invention relates to a method for automatic translation of ladder logic to a SMT-based model checker in a network comprising defining (10) the topology of the network as an enriched network topology based on packets exchanged in the network, extracting (20) a program from the packets relating to a PLC in the network and identifying inputs, outputs, variables and a ladder diagram of the PLC, translating (30) the inputs, outputs, variables and ladder diagram into a predefined formal model, wherein the predefined formal model is a circuit-like SMT-based model checker, and wherein the translating (30) comprises translating the set of data types of the program according to a predefined model set of data types of the circuit-like SMT-based model checker, translating the inputs of the PLC as model inputs of the circuit-like SMT-based model checker of the same type, translating the outputs of the PLC as model output latches of the circuit-like SMT-based model checker of the same type, translating the variables of the PLC as model variable latches of the circuit-like SMT-based model checker of the same type, translating comparators and arithmetic operators of the ladder diagram into a plurality of predefined model functions of the circuit-like SMT-based model checker, translating contacts and coils of the ladder diagram according to predefined model recursive procedures relating to the predefined model set of data types, the model inputs, the model output latches, the model variable latches and the plurality of predefined model functions, wherein the contacts are switches that can block or allow the flow of the current in a connection and each of the contacts is controlled by a Boolean input or variable, and wherein the coils are assignments to Boolean variables.

4. 发明公开

EP4020887A1 METHOD AND APPARATUS FOR DETECTING ANOMALIES OF A DNS TRAFFIC 审中-实审
公开(公告)号：EP4020887A1
公开(公告)日：2022-06-29
申请号：EP21217682.0
申请日：2021-12-24
申请人： Nozomi Networks Sagl
发明人： Di Pinto, Alessandro , Carullo, Moreno , Carcano, Andrea , Marchese, Mario , Patrone, Fabio , Fausto, Alessandro , Gaggero, Giovanni Battista
IPC分类号： H04L9/40 , H04L61/4511 , G06N20/20
摘要： The present invention relates to a method and an apparatus for detecting anomalies of a DNS traffic in a network comprising analysing, through a network analyser connected to said network, each data packets exchanged in the network, isolating, through the network analyser, from each of the analysed data packets the related DNS packet, evaluating, through a computerized data processing unit, each of the DNS packets generating a DNS packet status, signaling, through the computerized data processing unit, an anomaly of the DNS traffic when the DNS packet status defines a critical state, wherein the evaluating further comprises assessing, through the computerized data processing unit, each of the DNS packet by a plurality of evaluating algorithms generating a DNS packet classification for each of the evaluating algorithms, aggregating, through the computerized data processing unit, the DNS packet classifications generating the DNS packet status, and wherein the critical state is identified when the DNS packet status is comprised in a critical state database stored in a storage medium.

5. 发明公开

EP4072066A1 METHOD FOR AUTOMATIC DERIVATION OF ATTACK PATHS IN A NETWORK 审中-公开
公开(公告)号：EP4072066A1
公开(公告)日：2022-10-12
申请号：EP22167037.5
申请日：2022-04-06
申请人： Nozomi Networks Sagl
发明人： BRUTTOMESSO, Roberto , CAVALLARO CORTI, Alessandro , CARULLO, Moreno , CARCANO, Andrea
IPC分类号： H04L9/40 , H04L41/12
摘要： The present invention relates to a method for automatic derivation of attack paths in a network comprising defining the topology of the network as an enriched network topology, identifying the vulnerabilities of the topology as vulnerabilities information artifacts, building the atomic attack database of the network based on the topology and the vulnerabilities, translating the enriched network topology, the vulnerabilities information artifacts and the atomic attack database into a predefined formal model, executing a predefined SMT-based model checker for the predefined formal model to seek counterexamples and deriving the attack paths from the counterexamples, wherein the defining the topology comprises running, by a computerized data processing unit operatively connected to the network, a module of deep packet inspection of the network to build a network topology based on the information derived from the deep packet inspection module, running, by the computerized data processing unit, a module of active queries of the network to add further information to the network topology based on the information derived from the active queries to build the enriched network topology, wherein the identifying the vulnerabilities comprises running, by the computerized data processing unit, a vulnerability assessment module to identify the vulnerabilities information artifacts of each node of the network based on the matching between nodes information of the enriched network topology and known vulnerabilities of a predefined vulnerabilities database and wherein the building the atomic attack database comprises finding, by the computerized data processing unit, one or more atomic attacks for the network as preconditions and actions to capture the state of the system at a given moment in time, wherein the actions are expressed in terms of a set of features of said nodes.

6. 发明公开

EP3934202A1 METHOD FOR FORECASTING HEALTH STATUS OF DISTRIBUTED NETWORKS BY ARTIFICIAL NEURAL NETWORKS 审中-公开
公开(公告)号：EP3934202A1
公开(公告)日：2022-01-05
申请号：EP21182165.7
申请日：2021-06-28
申请人： Nozomi Networks Sagl
发明人： Carcano, Andrea , Carullo, Moreno
IPC分类号： H04L29/06 , G06N3/02
摘要： The present invention relates to a method for forecasting health status of a distributed network by an artificial neural network comprising the phase of identifying one or more sites, one or more assets of the sides and the links between the identified assets in said distributed network, comprising the phase of evaluating the actual health status of each of the identified assets, the phase of evaluating the actual health status of each of said identified sites and the phase of forecasting, by the artificial neural network, the subsequent health status of each of the identified sites according to a forecasting function based on a set of values comprising the actual asset health status rank, the actual asset infection risk, the actual asset infection factor, the actual site health status rank and the actual site infection risk.

7. 发明公开

EP4300888A1 AUTOMATIC SIGNATURES GENERATION FROM A PLURALITY OF SOURCES 审中-公开
公开(公告)号：EP4300888A1
公开(公告)日：2024-01-03
申请号：EP23177352.4
申请日：2023-06-05
申请人： Nozomi Networks Sagl
发明人： KLEYMENOV, Alexey , CARULLO, Moreno , CARCANO, Andrea
IPC分类号： H04L9/40 , G06F21/55 , G06F21/56
摘要： The present invention relates to a method for automatic signatures generation from a plurality of sources comprising collecting input samples from the sample providers and extracting raw IoCs from the input samples, verifying the input samples defining verified input samples, evaluating the reputation of each of the raw loCs according to predefined reputation rules and comparing each of the raw loCs with a database of existing signatures to define allowable raw IoCs and generating verified signatures from the verified input samples creating the verified signatures from the verified input samples corresponding to the allowable raw IoCs.

8. 发明公开

EP4024251A1 METHOD FOR VERIFYING VULNERABILITIES OF NETWORK DEVICES USING CVE ENTRIES 审中-公开
公开(公告)号：EP4024251A1
公开(公告)日：2022-07-06
申请号：EP21217679.6
申请日：2021-12-24
申请人： Nozomi Networks Sagl
发明人： Cavallaro Corti, Alessandro , Carullo, Moreno , Carcano, Andrea
IPC分类号： G06F21/55 , G06F21/57
摘要： The present invention relates to a method for verifying vulnerabilities of network device using CVE entries comprising generating a CVE tree from each of the CVE entry, defining an indexed CVE entry, wherein the generating comprises identifying the vulnerable configuration fields and extracting, for each of the vulnerable configuration field, the set of vulnerable conditions comprising the operator attribute and the nested CPE records, wherein the CVE tree is provided with the operator attribute as node and with the CPE records as leaves from the node, wherein the decoding comprises tokenizing of the decoded string in a sequence of plurality of n-grams having predefined sizes, and wherein the matching comprises a lookup of the sequence of plurality of n-grams into the CVE tree, raising an alert if, when the operator attribute corresponds to OR, a match between at least one of the CPE records is found and raising an alert if, when the operator attribute corresponds to AND, a match between all of the CPE records is found.

9. 发明公开

EP3982594A1 METHOD FOR ASSESSING THE QUALITY OF NETWORK-RELATED INDICATORS OF COMPROMISE 审中-公开
公开(公告)号：EP3982594A1
公开(公告)日：2022-04-13
申请号：EP21200911.2
申请日：2021-10-05
申请人： Nozomi Networks Sagl
发明人： Speziale, Ivan , Di Pinto, Alessandro , Carullo, Moreno , Carcano, Andrea
IPC分类号： H04L9/40
摘要： The present invention relates to a method for assessing the quality of network-related Indicators of Compromise comprising the phase of calculating, by a computerized data processing unit, a quality score for Indicators of Compromise of the IP Address type, the steps of assigning an autonomous system score of the IP Address according to a predefined range of values based on a database of autonomous system owners, assigning a subnet score of said IP Address according to a predefined range of values based on a database of subnet owners, assigning a services hosted score of the IP Address according to a predefined range of values based on known malicious services hosted by the IP Address before the phase of calculating the quality score, calculating the IP Address quality score as sum of the autonomous system score, subnet score and services hosted score and wherein the method comprises a phase of evaluating the calculated quality score comprises, for each of the Indicators of Compromise of the IP Address type, the step of assessing the Indicators of Compromise of the IP Address type as malicious when the IP Address quality score exceed a predefined IP Address quality threshold.

10. 发明公开

EP4243347A1 METHOD FOR DETECTING ANOMALIES IN TIME SERIES DATA PRODUCED BY DEVICES OF AN INFRASTRUCTURE IN A NETWORK 审中-实审
公开(公告)号：EP4243347A1
公开(公告)日：2023-09-13
申请号：EP23159255.1
申请日：2023-02-28
申请人： Nozomi Networks Sagl
发明人： Valente, Alessandro , Zamberletti, Alessandro , Carullo, Moreno
IPC分类号： H04L9/40 , G06F11/00
摘要： The present invention relates to a method for detecting anomalies in time series data produced by devices of an infrastructure in a network comprising, for each of the devices through computerized data processing means, retrieving a time series data for the device in the network, extracting a plurality of time series samples relating to respective time windows and having a predefined window size and a predefined stride, by sliding the time windows to overlap the time series data, supplying the time series samples as input to a Convolutional Autoencoder to define reconstructed time series values having a predefined percentile intervals, analysing the reconstructed time series values to identify anomalous behaviours of the time series data, signalling an anomaly of the device when at least one anomalous behaviour is identified.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式