专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US11831527B2 Method for detecting anomalies in time series data produced by devices of an infrastructure in a network 有权
公开(公告)号：US11831527B2
公开(公告)日：2023-11-28
申请号：US17690676
申请日：2022-03-09
申请人： Nozomi Networks Sagl
发明人： Alessandro Valente , Alessandro Zamberletti , Moreno Carullo
IPC分类号： H04L43/067 , H04L43/0823 , H04L43/0817 , H04L43/0864
CPC分类号： H04L43/0817 , H04L43/067 , H04L43/0847 , H04L43/0864
摘要： The present invention relates to a method for detecting anomalies in time series data produced by devices of an infrastructure in a network comprising, for each of the devices through computerized data processing means, retrieving a time series data for the device in the network, extracting a plurality of time series samples relating to respective time windows and having a predefined window size and a predefined stride, by sliding the time windows to overlap the time series data, supplying the time series samples as input to a Convolutional Autoencoder to define reconstructed time series values having a predefined percentile intervals, analysing the reconstructed time series values to identify anomalous behaviours of the time series data, signalling an anomaly of the device when at least one anomalous behaviour is identified.

2. 发明授权

US11671449B2 Method for automatic aggregating and enriching data from honeypots 有权
公开(公告)号：US11671449B2
公开(公告)日：2023-06-06
申请号：US17493903
申请日：2021-10-05
申请人： Nozomi Networks Sagl
发明人： Alexey Kleymenov , Alessandro Di Pinto , Moreno Carullo , Andrea Carcano
IPC分类号： H04L9/40
CPC分类号： H04L63/1491
摘要： The present invention relates to a method for automatic aggregating and enriching data from honeypots comprising defining a plurality of identified honeypots of a different type to be monitored in a network; collecting metadata and samples from said honeypots of a different type in said network, which in turn comprises defining a predefined collection model for the honeypots such as to collect homogeneous metadata and samples among the honeypots of a different type, extracting the metadata according to the collection model defining a model metadata, and extracting the samples according to the collection model defining model samples; enriching said metadata and sample collected, which in turn comprises scanning the model metadata to extract IoCs, scanning the model samples to extract IoCs, recursively scanning the model samples to generate secondary model metadata and scanning the secondary model metadata to extract IoCs, until no further IoCs can be generated, recursively obtaining secondary samples from the extracted IoCs and scanning the secondary model samples to extract IoCs, until no further secondary samples are obtained; and aggregating said metadata and samples collected and/or enriched, which in turn comprises aggregating metadata by a predefined metadata model aggregation and aggregating samples by a predefined samples model aggregation.

3. 发明授权

US11895139B2 Method for automatic retrieving and managing assets information in a network 有权
公开(公告)号：US11895139B2
公开(公告)日：2024-02-06
申请号：US17481363
申请日：2021-09-22
申请人： Nozomi Networks Sagl
发明人： Moreno Carullo , Andrea Carcano
IPC分类号： H04L29/06 , H04L9/40 , G06F21/57
CPC分类号： H04L63/1433 , G06F21/572 , H04L63/1425
摘要： Disclosed are methods for automatic retrieving and managing assets information in a network. The method includes identifying, defining, and valuing stored assets in a network. An asset is defined and identified by assigned values that include criticality values, resiliency values, granularity values, and freshness values that may be selected from a predefined set of values. The assets are valued by an overall quality score that is determined through computerized data processing and optimized by updating asset properties.

4. 发明授权

US11722504B2 Method and apparatus for detecting anomalies of a DNS traffic 有权
公开(公告)号：US11722504B2
公开(公告)日：2023-08-08
申请号：US17134336
申请日：2020-12-26
申请人： Nozomi Networks Sagl
发明人： Alessandro Di Pinto , Moreno Carullo , Andrea Carcano , Mario Marchese , Fabio Patrone , Alessandro Fausto , Giovanni Battista Gaggero
IPC分类号： H04L61/4511 , H04L9/40
CPC分类号： H04L63/1425 , H04L61/4511 , H04L63/1416 , H04L63/1441
摘要： The present invention relates to a method and an apparatus for detecting anomalies of a DNS traffic in a network comprising analysing, through a network analyser connected to said network, each data packets exchanged in the network, isolating, through the network analyser, from each of the analysed data packets the related DNS packet, evaluating, through a computerized data processing unit, each of the DNS packets generating a DNS packet status, signaling, through the computerized data processing unit, an anomaly of the DNS traffic when the DNS packet status defines a critical state, wherein the evaluating further comprises assessing, through the computerized data processing unit, each of the DNS packet by a plurality of evaluating algorithms generating a DNS packet classification for each of the evaluating algorithms, aggregating, through the computerized data processing unit, the DNS packet classifications generating the DNS packet status, and wherein the critical state is identified when the DNS packet status is comprised in a critical state database stored in a storage medium.

5. 发明授权

US11983803B2 Method for representing objects of a network in a GUI with a graph clustering 有权
公开(公告)号：US11983803B2
公开(公告)日：2024-05-14
申请号：US17591504
申请日：2022-02-02
申请人： Nozomi Networks Sagl
发明人： Paolo Di Francescantonio , Alessandro Cavallaro Corti , Moreno Carullo , Andrea Carcano
IPC分类号： G06T11/20 , H04L41/22
CPC分类号： G06T11/206 , H04L41/22 , G06T2200/24
摘要： The present invention relates to a method for representing objects of a network in a GUI with a graph clustering comprising retrieving a base graph comprising all of the objects of the network as respective nodes and links between said nodes, grouping two or more of the nodes in one or more clusters, initializing the clusters by calculating the cluster mass and the cluster radius of each of the clusters, assessing the clusters defining a visualization graph which represents the base graph as seen from a predefined distance value and positioning the visualization graph in the GUI, wherein the assessing comprises creating an empty visualization graph, calculating for each of the clusters the distance ratio as ratio between the cluster radius and the predefined distance value, evaluating the distance ratio with regard to a predefined distance ratio threshold, compressing the cluster when the distance ratio is higher than the predefined distance ratio threshold, adding in the visualization graph a single compressed cluster node for all child nodes and all child clusters arranged inside the cluster to be compressed, expanding the cluster when the distance ratio is lower than the predefined distance ratio threshold, adding in the visualization graph a plurality of nodes for all child nodes and all child clusters arranged inside the cluster to be expanded and adding in the visualization graph a link between the cluster and the node outside the cluster if the link was present between a node inside the cluster and the node outside the cluster in the base graph and a link between two of the clusters if the link was present between a node inside one of the clusters and a node inside the other of the clusters in the base graph, wherein every time a link needs to be added between the same of the cluster and of the node outside the cluster a count of a link strength is increased of an integer unit and wherein every time a link needs to be added between the same of two of the clusters a count of a link strength is increased of an integer unit.

6. 发明授权

US11388065B1 Method for representing objects of a network in a GUIs 有权
公开(公告)号：US11388065B1
公开(公告)日：2022-07-12
申请号：US17187821
申请日：2021-02-28
申请人： Nozomi Networks Sagl
发明人： Paolo Di Francescantonio , Alessandro Cavallaro Corti , Moreno Carullo , Andrea Carcano
IPC分类号： H04L41/22 , H04L43/045 , H04L41/14
摘要： The present invention relates to a method for representing objects of a network in a GUI comprising allocating all of the objects of the network as respective nodes in a two-dimensional space, assessing the gravitational forces of the nodes, and positioning the objects as graph in the GUI based on the gravitational forces of the nodes, wherein the allocating comprises enclosing all of the nodes in a single base square, dividing the single base square in a plurality of 1st-level squares, each of the 1st-level squares in a plurality of 2nd-level squares, iterating the subdividing of each of the (n)th-level squares in a plurality of (n+1)th-level squares, wherein the subdividing is made for the (n)th-level squares provided with two or more of the nodes, wherein the assessing comprises selecting as source square one of the squares starting from the highest level, selecting and as receiver square one the squares starting from the highest level, evaluating if the source square and the receiver square are distant, computing the forces acting on the receiver square from the source square, if the source square and the receiver square are evaluated as distant or if the source square and the receiver square are evaluated as not distant and have respectively no lower level squares nested, sub-selecting as source square or as receiver square one of the squares of a lower level if the source square and the receiver square are evaluated as not distant, wherein the sub-selecting is iterated for all squares at same level, wherein the assessing is iterated for all the the possible combinations of source and receiver squares at 1st level, and wherein the assessing further comprises distributing, by the computerized data processing unit, the forces acting on each of the receiver square to all of the nodes in the corresponding receiver square defining the gravitational forces of all of the nodes.

7. 发明授权

US11831671B2 Method for automatic derivation of attack paths in a network 有权
公开(公告)号：US11831671B2
公开(公告)日：2023-11-28
申请号：US17225392
申请日：2021-04-08
申请人： Nozomi Networks Sagl
发明人： Roberto Bruttomesso , Alessandro Cavallaro Corti , Moreno Carullo , Andrea Carcano
IPC分类号： H04L29/00 , H04L9/40
CPC分类号： H04L63/1433
摘要： The present invention relates to a method for automatic derivation of attack paths in a network comprising defining the topology of the network as an enriched network topology, identifying the vulnerabilities of the topology as vulnerabilities information artifacts, building the atomic attack database of the network based on the topology and the vulnerabilities, translating the enriched network topology, the vulnerabilities information artifacts and the atomic attack database into a predefined formal model, executing a predefined SMT-based model checker for the predefined formal model to seek counterexamples and deriving the attack paths from the counterexamples, wherein the defining the topology comprises running, by a computerized data processing unit operatively connected to the network, a module of deep packet inspection of the network to build a network topology based on the information derived from the deep packet inspection module, running, by the computerized data processing unit, a module of active queries of the network to add further information to the network topology based on the information derived from the active queries to build the enriched network topology, wherein the identifying the vulnerabilities comprises running, by the computerized data processing unit, a vulnerability assessment module to identify the vulnerabilities information artifacts of each node of the network based on the matching between nodes information of the enriched network topology and known vulnerabilities of a predefined vulnerabilities database and wherein the building the atomic attack database comprises finding, by the computerized data processing unit, one or more atomic attacks for the network as preconditions and actions to capture the state of the system at a given moment in time, wherein the actions are expressed in terms of a set of features of said nodes.

8. 发明授权

US11586921B2 Method for forecasting health status of distributed networks by artificial neural networks 有权
公开(公告)号：US11586921B2
公开(公告)日：2023-02-21
申请号：US16915326
申请日：2020-06-29
申请人： Nozomi Networks Sagl
发明人： Andrea Carcano , Moreno Carullo
IPC分类号： G06N3/08 , G06N3/04 , H04L9/40
摘要： The present invention relates to a method for forecasting health status of a distributed network by an artificial neural network comprising the phase of identifying one or more sites, one or more assets of the sides and the links between the identified assets in said distributed network, comprising the phase of evaluating the actual health status of each of the identified assets, the phase of evaluating the actual health status of each of said identified sites and the phase of forecasting, by the artificial neural network, the subsequent health status of each of the identified sites according to a forecasting function based on a set of values comprising the actual asset health status rank, the actual asset infection risk, the actual asset infection factor, the actual site health status rank and the actual site infection risk.

9. 发明授权

US11930033B2 Method for verifying vulnerabilities of network devices using CVE entries 有权
公开(公告)号：US11930033B2
公开(公告)日：2024-03-12
申请号：US17140906
申请日：2021-01-04
申请人： Nozomi Networks Sagl
发明人： Alessandro Cavallaro Corti , Moreno Carullo , Andrea Carcano
IPC分类号： H04L9/40 , G06F16/22 , G06F16/903 , G06F40/205 , G06F40/284
CPC分类号： H04L63/1433 , G06F16/2246 , G06F16/90344 , G06F40/205 , G06F40/284
摘要： The present invention relates to a method for verifying vulnerabilities of network device using Common Vulnerabilities and Exposures (“CVE)” entries comprising generating a CVE tree from each of the CVE entry and defining an indexed CVE entry, that identifies vulnerable configuration fields and extracts a set of vulnerable conditions comprising an operator attribute and nested CPE records. The CVE tree is provided with the operator attribute as node and with Common Platform Enumeration (“CPE”) records as leaves from the node, wherein the decoding comprises tokenizing of the decoded string in a sequence of plurality of n-grams having predefined sizes, and wherein the matching comprises a lookup of the sequence of plurality of n-grams into the CVE tree, that raises an alert when the operator attribute corresponds a match between CPE records.

10. 发明授权

US11930027B2 Method for evaluating quality of rule-based detections 有权
公开(公告)号：US11930027B2
公开(公告)日：2024-03-12
申请号：US17563106
申请日：2021-12-28
申请人： Nozomi Networks Sagl
发明人： Alexey Kleymenov , Alessandro Di Pinto , Moreno Carullo , Andrea Carcano
IPC分类号： G06F21/00 , H04L9/40
CPC分类号： H04L63/1425 , H04L63/1416 , H04L63/1466 , H04L63/20
摘要： The present invention relates to a method for evaluating quality of signature-based detections in an infrastructure provided with a plurality of sensors, comprising defining predefined rules for the rule-based detections, wherein the rules are of a silent type such that operate without generating alerts to the user of the infrastructure, collecting telemetry events at each of the sensors, storing the telemetry events of each of the sensors to respective local sensor databases operatively connected to the sensors, aggregate, at predetermined aggregating time intervals, the telemetry events from the local sensor databases to a central database, analyzing the telemetry events at the central database, by evaluating the telemetry events with respect to the rules and calculating the quality measurements of the rules, according to a plurality of predefined quality metrics in a predefined metrics time interval, wherein the quality metrics comprise precision metric, by counting the instances of false positives of the telemetry events with respect to the predefined rules, recall metric, by counting the instances of false negatives of the telemetry events with respect to the predefined rules and performance metric, by counting the instances of rules hits over predefined evaluation time interval and the ratio between the partial and full of the rules matching, wherein the method for evaluating quality of rule-based detections further comprises releasing verified rules for the rule-based detections as predefined rules having the quality measurements within a predetermined quality target range, and wherein the verified rules are of alerting type such that operate generating alerts to the user of the infrastructure.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式