IDiyas

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 11201882 B1

PDFFull Text
Date of Patent:
Dec. 14, 2021

Filed:

Nov. 29, 2018

Detection of malicious network activity

Applicants:

Nec Corporation of America, Herzlia, IL;

B.g. Negev Technologies & Applications Ltd., AT Ben-gurion University, Beer-Sheva, IL;

Inventors:

Yisroel Avraham Mirsky, Beer-Sheva, IL;

Oleg Brodt, Beer-Sheva, IL;

Asaf Shabtai, Hulda, IL;

Yuval Elovici, Arugot, IL;

Masayuki Nakae, Herzliya, IL;

Assignees:

NEC Corporation Of America, Herzlia, IL;

B.G. Negev Technologies & Applications Ltd., at Ben-Gurion University, Beer-Sheva, IL;

Attorney:
Primary Examiner:

Simon P Kanaan

Int. Cl.
CPC ...
H04L 29/06 (2006.01); G06N 20/00 (2019.01); H04L 29/08 (2006.01); H04W 4/70 (2018.01); H04W 12/122 (2021.01);
U.S. Cl.
CPC ...
H04L 63/1425 (2013.01); G06N 20/00 (2019.01); H04L 63/1416 (2013.01); H04L 67/12 (2013.01); H04W 4/70 (2018.02); H04W 12/122 (2021.01);
Abstract

A method of monitoring network traffic in a communication network with a sentinel module to detect malicious activity is described. A gateway sentinel module receives network traffic directed through a gateway installed for a local distribution of the network, the gateway connecting the local distribution of the network to a core of the network. Malicious activity in the local distribution is detected based on a combination of: a local machine-learning model for identifying malicious activity in the local distribution, the local machine-learning model modelling network traffic from the local distribution; and a global machine-learning model. The global machine-learning model models network traffic from a plurality of local distributions of the network based training data from a plurality of local sentinel modules executed on a respective plurality of computing nodes. The computing nodes respectively receive network traffic from the plurality of location distributions. A corresponding device and system are also described.

Find Patent Forward Citations

Loading…