Method and device for detecting phishing web page
US-9218482-B2 · Dec 22, 2015 · US
System and method for automatic service discovery and protection
US10594677B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10594677-B2 |
| Application number | US-201815896327-A |
| Country | US |
| Kind code | B2 |
| Filing date | Feb 14, 2018 |
| Priority date | Mar 23, 2015 |
| Publication date | Mar 17, 2020 |
| Grant date | Mar 17, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system for automatically discovering services operating on a network including a service discovery database configured to store expected service behavioral characteristics and service identities of the services operating on the network, a set of service discovery modules configured to collect service behavioral data of the services operating on the network, and a service discovery module controller communicatively coupled to the service discovery module database and the set of service discovery modules, the service discovery module controller configured to generate service behavioral characteristics from the service behavioral data, analyze the service behavioral characteristics using the expected service behavioral characteristics, resulting in a first behavioral analysis, identify a first service identity of at least one service operating on the network from the first behavioral analysis and an association of the first service identity and the expected service behavioral characteristics.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method for discovering unknown services operating on a network and securing the network, the method comprising: collecting known service characterization data comprising characteristics of known services operating on the network, wherein known services include services identified as having an associated service identification that is known to the network; detecting one or more unknown services operating on the network, wherein unknown services include services without a service identification that is known to the network; and for each of the one or more detected unknown services: in response to detecting the unknown service operating on the network, collecting unknown service characterization data comprising characteristics of the detected unknown service operating on the network; analyzing the unknown service characterization data based on a set of expected characteristics for the unknown service, wherein analyzing the unknown service characterization data includes evaluating the unknown service characterization data using a machine learning model trained on at least the set of expected characteristics for the unknown service as a training set; generating a service identity probability value for the unknown service based on the analysis of the unknown service characterization data, wherein the service identity probability value indicates a likelihood that an unknown service to the network has a service identification that is known to the network; and in response to identifying the service identity probability value for the unknown service, applying a security measure to the unknown service based at least in part on the service identity probability value generated for the unknown service and at least one particular associated service identification that is known to the network, wherein the security measure comprises at least generating one or more security recommendations for the unknown service based at least on: the unknown service characterization data, a security measure required to be implemented by at least one service having the at least one particular associated service identification that is known to the network for the at least one service to continue operating on the network or for accessing the network at a future time, and a determination of whether the one or more security recommendations can be implemented with the unknown service. 2. The method of claim 1 , wherein: the security measure comprises at least requiring that the unknown service implements multi-factor authentication to continue operating on the network or for accessing the network at a future time. 3. The method of claim 1 , wherein generating the service identity probability value includes: determining a similarity score between each of the one or more unknown services operating on the network and the known service characterization data. 4. The method of claim 1 , wherein collecting unknown service characterization data includes: generating a list of hostnames for each of the one or more unknown services based on a domain name associated with each of the one or more unknown services, wherein generating the list of hostnames includes modifying the domain name; submitting one or more queries to a DNS server with each hostname within the list of hostnames; and collecting responses to the one or more queries to the DNS server. 5. The method of claim 4 , wherein: generating the service identity probability value for each of the one or more unknown services is based on the collected response to the one or more queries to the DNS server. 6. The method of claim 1 , wherein collecting unknown service characterization data includes: monitoring authentication attempts to an identity provider by the one or more unknown services; and collecting data associated with the authentication attempts. 7. The method of claim 1 , wherein collecting unknown service characterization data includes: monitoring authentication attempts to an identity provider by the one or more unknown services; and collecting data associated with failed authentication attempts to the identity provider. 8. The method of claim 6 , wherein: generating the service identity probability value for each of the one or more unknown services is based on the collected data associated with the authentication attempts by the one or more unknown services. 9. The method of claim 1 , wherein collecting unknown service characterization data includes: monitoring network traffic characteristics of the one or more unknown services; and collecting data associated with the network traffic characteristics. 10. The method of claim 9 , wherein: generating the service identity probability value for each of the one or more unknown services is based on the collected data associated with the network traffic characteristics of the one or more unknown services. 11. The method of claim 1 , wherein collecting unknown service characterization data includes: submitting one or more HTTP request probes to a resolved IP address of the one or more unknown services operating on the network; collecting responses to the one or more HTTP request probes. 12. The method of claim 11 , wherein: generating the service identity probability value for each of the one or more unknown services is based on the collected response to the one or more HTTP request probes to the one or more unknown services. 13. The method of claim 10 , wherein collecting data associated with the network traffic characteristics includes: generating a log of network traffic data associated with the network traffic, wherein the network traffic data comprises at least two of: packet source, packet destination, packet content, and transmission time. 14. The method of claim 10 , wherein collecting data associated with the network traffic characteristics includes: collecting data associated with a bandwidth usage of each of the one or more unknown services operating on the network. 15. One or more non-transitory computer readable storage media encoded with instructions that, when executed by a processor, cause the processor to perform a method, the method comprising: collecting known service characterization data comprising characteristics of known services operating on a network, wherein known services include services identified as having an associated service identification that is known to the network; detecting one or more unknown services operating on the network, wherein unknown services include services without a service identification that is known to the network; and for each of the one or more detected unknown services: in response to detecting the unknown service operating on the network, collecting unknown service characterization data comprising characteristics of the detected unknown service operating on the network; analyzing the unknown service characterization data based on a set of expected characteristics for the unknown service, wherein analyzing the unknown service characterization data includes evaluating the unknown service characterization data using a machine learning model trained on at least the set of expected characteristics for the unknown service as a training set; generating a service identity probability value for the unknown service based on the analysis of the unknown service characterization data, wherein the service identity probability value indicates a likelihood that an unknown service to the network has a service identification that is known to the network; and in response to identifying the service identity probability value for
Assignees
Inventors
Classifications
Auditing as a secondary aspect · CPC title
Traffic logging, e.g. anomaly detection · CPC title
at program execution time, where the protection is within the operating system · CPC title
Virtual private networks · CPC title
- H04L63/08Primary
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10594677B2 cover?
- A system for automatically discovering services operating on a network including a service discovery database configured to store expected service behavioral characteristics and service identities of the services operating on the network, a set of service discovery modules configured to collect service behavioral data of the services operating on the network, and a service discovery module cont…
- Who is the assignee on this patent?
- Duo Security Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/08. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 17 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).