Leveraging user-behavior analytics for improved security event classification
Granted: February 21, 2023
Patent Number:
11588839
Systems and methods for improving security event classification by leveraging user-behavior analytics are provided. According to an embodiment, a UEBA-based security event classification service of a cloud-based security platform maintains information regarding historical user behavior of various users of an enterprise network. An endpoint protection platform running on an endpoint device that is part of the enterprise network performs an initial classification of the event, based on…
Detecting access points located within proximity of a computing device for troubleshooting of a network
Granted: February 21, 2023
Patent Number:
11588699
Systems and methods for detecting access points proximate to a mobile computing device to facilitate wireless network troubleshooting and management of the access points are provided. According to an embodiment, a mobile application, running on a mobile device that is operating within a physical environment, discovers a subset of wireless access points (APs) of various managed APs of a private network that are proximate to the mobile device by receiving short-range beacons originated by…
Malware identification using multiple artificial neural networks
Granted: February 7, 2023
Patent Number:
11574051
Systems and methods for malware detection using multiple neural networks are provided. According to one embodiment, for each training sample, a supervised learning process is performed, including: (i) generating multiple code blocks of assembly language instructions by disassembling machine language instructions contained within the training sample; (ii) extracting dynamic features corresponding to each of the code blocks by executing each of the code blocks within a virtual environment;…
Machine-learning based approach for dynamically generating incident-specific playbooks for a security orchestration, automation and response (SOAR) platform
Granted: January 24, 2023
Patent Number:
11563755
Systems and methods for a machine-learning based approach for dynamically generating incident-specific playbooks for a security orchestration and automated response (SOAR) platform are provided. The SOAR platform captures information regarding execution of a sequence of actions performed by analysts responsive to a first incident of a first type. The captured information is fed into a machine-learning model. When a second incident, observed by the SOAR platform, is similar in nature to…
Performing threat detection by synergistically combining results of static file analysis and behavior analysis
Granted: January 24, 2023
Patent Number:
11562068
Systems and methods are described for synergistically combining static file based detection and behavioral analysis to improve both threat detection time and accuracy. An endpoint security solution running on an endpoint device generates a static analysis score by performing a static file analysis on files associated with a process initiated on the endpoint device. When the static analysis score meets or exceeds a static analysis threshold, then a network security platform treats the…
Machine-learning based approach for dynamically generating incident-specific playbooks for a security orchestration, automation and response (SOAR) platform
Granted: January 24, 2023
Patent Number:
11563755
Systems and methods for a machine-learning based approach for dynamically generating incident-specific playbooks for a security orchestration and automated response (SOAR) platform are provided. The SOAR platform captures information regarding execution of a sequence of actions performed by analysts responsive to a first incident of a first type. The captured information is fed into a machine-learning model. When a second incident, observed by the SOAR platform, is similar in nature to…
Performing threat detection by synergistically combining results of static file analysis and behavior analysis
Granted: January 24, 2023
Patent Number:
11562068
Systems and methods are described for synergistically combining static file based detection and behavioral analysis to improve both threat detection time and accuracy. An endpoint security solution running on an endpoint device generates a static analysis score by performing a static file analysis on files associated with a process initiated on the endpoint device. When the static analysis score meets or exceeds a static analysis threshold, then a network security platform treats the…
Cooperative adaptive network security protection
Granted: January 10, 2023
Patent Number:
11552929
Systems and methods for improving the catch rate of attacks/malware by a cooperating group of network security devices are provided. According to one embodiment, a security management device configured in a protected network, maintains multiple dynamic IP address lists including an NGFW deep detection list, a DDoS deep detection list, a NGFW block list and a DDoS block list. The security management device, continuously updates the lists based on updates provided by a cooperating group of…
NGFW (next generation firewall) security inspection over multiple sessions of message session relay protocol (MSRP) on a data communication network
Granted: January 3, 2023
Patent Number:
11546769
One or more MSRP data packets are received from a first MSRP session and creates a first log entry. One or more MSRP data packets are also received from a second MSRP session and create a second log entry. A correlation between the first and second MSRP sessions based on MDNs can be detected, and mapped correlating information to malicious activity. The mapping includes reconstructing MSRP messages sent from a source and encapsulated in a data field of the packets, including MDNs, and…
Machine learning and artificial intelligence model-based data delivery for IoT devices co-existing with high bandwidth devices
Granted: January 3, 2023
Patent Number:
11546849
Each of the plurality of stations connected to the access point can be profiled to determine device type, and determine a listen interval for each of the plurality of stations based on the device prioritization model based on DTIM periods of the plurality of stations. Delivery of multicast packets is prioritized from the enterprise network destined for a low power device multicast group on the Wi-Fi network and to prioritize delivery of unicast packets for low power device multicast…
Automatic establishment of network tunnels by an SDWAN controller based on group and role assignments of network devices
Granted: January 3, 2023
Patent Number:
11546303
Systems and methods are described for automatically building up a VPN to facilitate full-mesh communication within a private network of an organization based on group and role settings of participating network devices. According to one embodiment, configuration information, including a group setting, indicating a group with which the particular network device is associated, and a role setting, specifying a role of the particular network device within the group as either a hub or an edge,…
Automatic establishment of network tunnels by an SDWAN controller based on group and role assignments of network devices
Granted: January 3, 2023
Patent Number:
11546302
Systems and methods for automatically building up a VPN to facilitate full-mesh communication within an enterprise based on group and role settings of the participating network devices are provided. An SDWAN controller associated with a private network receives configuration information related to group setting and role setting for various network devices of the private network. The group setting indicates a group with which a network device is associated and the role setting specifies a…
FQDN (Fully Qualified Domain Name) routes optimization in SDWAN (Software-Defined Wide Area Networking)
Granted: January 3, 2023
Patent Number:
11546291
A DNS (Domain Name Server) proxy is configured as a DNS server for clients on the enterprise network to send two or more DNS queries to collect each available IP addresses on a SDWAN member link. IP address collection can be responsive to receiving a DNS request from a client for assigning a FQDN (Fully Qualified Domain Name). Service quality can be evaluated for the service on each member link of the IP addresses. An IP address is assigned to the client based on the service quality…
Machine-learning based approach for malware sample clustering
Granted: January 3, 2023
Patent Number:
11544575
Systems and methods for a machine learning based approach for identification of malware using static analysis and a machine-learning based automatic clustering of malware are provided. According to various embodiments of the present disclosure, a processing resource of a computer system receives a potential malware sample. A plurality of feature vectors is extracted from the potential malware sample and is converted into an input vector. A byte sequence is generated by walking a…
AI-ARRP (artificial intelligence enabled automatic radio resource provisioning) for steering wireless stations on 6 GHz spectrum channels on wireless data communication networks
Granted: December 27, 2022
Patent Number:
11540142
Muted 6 GHz stations on the Wi-Fi network within the plurality of stations on a first access point within the plurality of access points are assigned to a first access point from the plurality of access points associated with a list of non-overlapping 6 GHz channels, responsive to an RSSI value between the at least one 6 GHz station and the first access point. To do so, a channel switch announcement is unicast to the at least one muted 6 GHz station. The channel switch announcement is…
Scalable multiple layer machine learning model for classification of Wi-Fi issues on a data communication network
Granted: December 27, 2022
Patent Number:
11539599
Multi-level machine learning models can be generated from the captured log events. Outcomes are predicted for input events in real-time. The captured log events are received and parsed to expose event outcome data. A first data set is generated by determining whether an outcome associated with the event outcome data was a success or a failure. Responsive to a failed event outcome, a second data set is generated by categorizing the failed event outcome, to train multiple level SVMs for…
Secure link aggregation
Granted: December 20, 2022
Patent Number:
11533617
Systems and methods are for securing link aggregation are provided. According to an embodiment, a network device in a secure domain discovers device information associated with a peer network device in an untrusted domain that is connected through a first link directly connecting a first interface of the network device to a first interface of the peer network device, and authenticates the peer while allowing at least some network traffic to continue to be transmitted through the first…
Adaptive resource provisioning for a multi-tenant distributed event data store
Granted: December 20, 2022
Patent Number:
11531570
Systems and methods for adaptively provisioning a distributed event data store of a multi-tenant architecture are provided. According to one embodiment, a managed security service provider (MSSP) maintains a distributed event data store on behalf of each tenant of the MSSP. For each tenant, the MSSP periodically determines a provisioning status for a current active partition of the distributed event data store of the tenant. Further, when the determining indicates an under-provisioning…
Systems and methods for hierarchical facial image clustering
Granted: November 29, 2022
Patent Number:
11514719
Various systems and methods for for clustering facial images in, for example, surveillance systems.
Mitigation of DDoS attacks on mobile networks using DDoS detection engine deployed in relation to an evolve node B
Granted: November 15, 2022
Patent Number:
11503471
Systems and methods for inspection of traffic between UE and the core network to mitigate DDoS attacks on mobile networks are provided. According to one embodiment, the method involves parsing SCTP packets and monitoring header anomalies to block anomalous packet floods. According to another embodiment, a memory table maintains requesting S1AP-IDs which have sent certain monitored commands and then blocking those which are sending these messages at abnormally high rates. According to yet…
