中科微点-全球专利检索

  1. Login
  2. Sign Up

Search Results

9 records (took 0.016 seconds)

    DETECTING VOLUMETRIC ATTACKS
    2.
    发明申请
    DETECTING VOLUMETRIC ATTACKS 有权

    公开(公告)号:US20170359372A1

    公开(公告)日:2017-12-14

    申请号:US15182331

    申请日:2016-06-14

    Applicant: Microsoft Technology Licensing, LLC.

    Inventor: Royi Ronen Hani Neuvirth-Telem Shai Baruch Nahum Yuri Gabaev Oleg Yanovsky Vlad Korsunsky Tomer Teller Hanan Shteingart

    IPC: H04L29/06

    Abstract: Detecting a volumetric attack on a computer network with fewer false positives and while also requiring fewer processing resources is provided. The systems and methods described herein use observations taken at the network level to observe network traffic to form a predictive model for future traffic. When the network's future traffic sufficiently exceeds the predictive model, the monitoring systems and methods will indicate to the network to take security measures. The traffic to the network may be observed in subsets, corresponding to various groupings of sources, destinations, and protocols so that security measures may be targeted to that subset without affecting other machines in the network.

    DETECTION OF ABNORMAL RESOURCE USAGE IN A DATA CENTER
    4.
    发明申请
    DETECTION OF ABNORMAL RESOURCE USAGE IN A DATA CENTER 有权
    检测数据中心异常资源使用情况

    公开(公告)号:US20160350198A1

    公开(公告)日:2016-12-01

    申请号:US14721777

    申请日:2015-05-26

    Applicant: Microsoft Technology Licensing, LLC

    Inventor: Hani Neuvirth-Telem Amit Hilbuch Shay Baruch Nahum Yehuda Finkelstein Daniel Alon Elad Yom-Tov

    IPC: G06F11/34 G06F11/30

    CPC classification number: G06F11/006 G06F11/00 G06F11/3051 G06F11/3447 G06F11/3452 G06F2201/86 G06N5/04 G06N99/005

    Abstract: A system for identifying abnormal resource usage in a data center is provided. In some embodiments, the system employs a prediction model for each of a plurality of resources and an abnormal resource usage criterion. For each of a plurality of resources of the data center, the system retrieves current resource usage data for a current time and past resource usage data for that resource. The system then extracts features from the past resource usage data for that resource, predicts using the prediction model for that resource usage data for the current time based on the extracted features, and determines an error between the predicted resource usage data and the current resource usage data. After determining the error data for the resources, the system determines whether errors satisfy the abnormal resource usage criterion. If so, the system indicates that an abnormal resource usage has occurred.

    Abstract translation: 提供了用于识别数据中心中的异常资源使用的系统。 在一些实施例中,系统针对多个资源中的每个资源和异常资源使用准则采用预测模型。 对于数据中心的多个资源中的每一个,系统检索当前时间的当前资源使用数据和该资源的过去资源使用数据。 系统然后从该资源的过去资源使用数据中提取特征,基于所提取的特征,预测当前时间使用该资源使用数据的预测模型,并且确定预测资源使用数据与当前资源使用之间的误差 数据。 在确定资源的错误数据后,系统确定错误是否满足异常资源使用准则。 如果是这样,系统表示资源使用异常。

    SYSTEMS AND METHODS FOR DETECTING AN ATTACK ON AN AUTO-GENERATED WEBSITE BY A VIRTUAL MACHINE
    6.
    发明申请
    SYSTEMS AND METHODS FOR DETECTING AN ATTACK ON AN AUTO-GENERATED WEBSITE BY A VIRTUAL MACHINE 审中-公开

    公开(公告)号:US20180139215A1

    公开(公告)日:2018-05-17

    申请号:US15352714

    申请日:2016-11-16

    Applicant: Microsoft Technology Licensing, LLC

    Inventor: Hani Neuvirth-Telem Elad Yom-Tov Royi Ronen Daniel Alon Hilevich

    IPC: H04L29/06 G06F17/30 H04L29/08

    CPC classification number: H04L63/1416 G06F17/30864 G06F21/577 H04L63/1425 H04L63/1441 H04L67/02 H04L67/146

    Abstract: A system for detecting an attack by a virtual or physical machine on one or more auto-generated websites is provided. The system includes a processor, a memory, and an application. The application is stored in the memory and includes instructions, which are executable by the processor. The instructions are configured to: access an index of a search engine server computer and determine uniform resource locators (URLs) of auto-generated websites, where the auto-generated websites include the one or more auto-generated websites; and access Internet protocol (IP) address-URL entries stored in a domain name system server computer. The instructions are also configured to: determine a first feature based on the URLs of the auto-generated websites and the IP address-URL entries; collect header data of packets transmitted to or received from the virtual or physical machine; determine a second feature based on the first feature and the header data; based on the second feature, generate a value indicative of whether the first virtual or physical machine has attacked the one or more auto-generated websites; and perform a countermeasure based on the value.

    Detection of abnormal resource usage in a data center
    7.
    发明授权
    Detection of abnormal resource usage in a data center 有权

    公开(公告)号:US10402244B2

    公开(公告)日:2019-09-03

    申请号:US15385718

    申请日:2016-12-20

    Applicant: Microsoft Technology Licensing, LLC

    Inventor: Hani Neuvirth-Telem Amit Hilbuch Shay Baruch Nahum Yehuda Finkelstein Daniel Alon Elad Yom-Tov

    IPC: G06F11/00 G06F11/34 G06F11/30 G06N20/00 G06N5/04

    Abstract: A system for identifying abnormal resource usage in a data center is provided. In some embodiments, the system employs a prediction model for each of a plurality of resources and an abnormal resource usage criterion. For each of a plurality of resources of the data center, the system retrieves current resource usage data for a current time and past resource usage data for that resource. The system then extracts features from the past resource usage data for that resource, predicts using the prediction model for that resource usage data for the current time based on the extracted features, and determines an error between the predicted resource usage data and the current resource usage data. After determining the error data for the resources, the system determines whether errors satisfy the abnormal resource usage criterion. If so, the system indicates that an abnormal resource usage has occurred.

    Systems and methods for detecting an attack on an auto-generated website by a virtual machine
    8.
    发明授权
    Systems and methods for detecting an attack on an auto-generated website by a virtual machine 有权

    公开(公告)号:US10320817B2

    公开(公告)日:2019-06-11

    申请号:US15352714

    申请日:2016-11-16

    Applicant: Microsoft Technology Licensing, LLC

    Inventor: Hani Neuvirth-Telem Elad Yom-Tov Royi Ronen Daniel Alon Hilevich

    IPC: G06F21/50 H04L29/06 G06F16/951 H04L29/08 G06F21/57

    Abstract: A system for detecting an attack by a virtual or physical machine on one or more auto-generated websites is provided. The system includes a processor, a memory, and an application. The application is stored in the memory and includes instructions, which are executable by the processor. The instructions are configured to: access an index of a search engine server computer and determine uniform resource locators (URLs) of auto-generated websites, where the auto-generated websites include the one or more auto-generated websites; and access Internet protocol (IP) address-URL entries stored in a domain name system server computer. The instructions are also configured to: determine a first feature based on the URLs of the auto-generated websites and the IP address-URL entries; collect header data of packets transmitted to or received from the virtual or physical machine; determine a second feature based on the first feature and the header data; based on the second feature, generate a value indicative of whether the first virtual or physical machine has attacked the one or more auto-generated websites; and perform a countermeasure based on the value.

Patent Agency Ranking