What technology area does this patent fall under?

Primary CPC classification G06F16/951. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Apr 01 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Cybersecurity analysis and protection using distributed systems

US12267369B2 · US · B2

Patent metadata
Field	Value
Publication number	US-12267369-B2
Application number	US-202418622996-A
Country	US
Kind code	B2
Filing date	Mar 31, 2024
Priority date	Oct 28, 2015
Publication date	Apr 1, 2025
Grant date	Apr 1, 2025

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Cybersecurity reconnaissance, analysis, and scoring uses distributed, cloud or edge-based pools of computing services to provide sufficient scalability for analysis of IT/OT networks using only publicly available characterizations. An in-memory associative array manages a queue of configuration and vulnerability search tasks through at least one public-facing proxy network which uses configurable search nodes to approach the target network with search tools in a desired manner to control certain aspects of the search in order to obtain the desired results, especially when target network behavior adjusts based on counterparty characteristics. A data packet modifier reveals IP addresses of threat actors behind port scans and subsequently block the threat actors.

First claim

Opening claim text (preview).

What is claimed is: 1. A system for cybersecurity analysis and protection employing a cyber decision platform, comprising one or more computers with executable instructions that, when executed, cause the system to: execute a plurality of Internet search tasks for a domain name comprising searches for, and receipt of search results for, one or more domain name system records; identify Internet protocol addresses associated with the domain name from the one or more domain name system records; execute a first plurality of Internet protocol address scanning tasks comprising an open port scan for each Internet protocol address identified and a vulnerability scan for each open port; receive a list of open ports, associated vulnerabilities, and a baseline and service fingerprint profile for the domain name; execute a second plurality of Internet protocol address scanning tasks comprising a port scan detection task for each Internet protocol address identified; and store the received search results and the results of the first and second pluralities of Internet protocol address scanning tasks; receive a cybersecurity scoring model, the cybersecurity scoring model comprising category weights for the one or more domain name system records, the list of open ports, and associated vulnerabilities and further comprising an algorithm for combining the categories using the category weights; compute a cybersecurity score by applying the algorithm to the weighted categories; and generate a cybersecurity portion of a baseline and service fingerprint profile for the domain name based on the cybersecurity score. 2. The system of claim 1 , wherein the executable instructions, when executed, further cause the system to: receive a data packet associated with a detected port scan; generate and send a reply data packet with a modified header, the modified header comprising a flag and a bad sequence number to compel a sniffing machine to return a response data packet, the response data packet revealing the sniffing machine's Internet protocol address; and block the sniffing machine's Internet protocol address. 3. A computing system for cybersecurity analysis and protection employing a cyber decision platform, the computing system comprising: one or more hardware processors configured for: executing a plurality of Internet search tasks for a domain name comprising searches for, and receipt of search results for, one or more domain name system records; identifying Internet protocol addresses associated with the domain name from the one or more domain name system records; executing a first plurality of Internet protocol address scanning tasks comprising an open port scan for each Internet protocol address identified and a vulnerability scan for each open port; receiving a list of open ports, associated vulnerabilities, and a baseline and service fingerprint profile for the domain name; executing a second plurality of Internet protocol address scanning tasks comprising a port scan detection task for each Internet protocol address identified; and storing the received search results and the results of the first and second pluralities of Internet protocol address scanning tasks; receiving a cybersecurity scoring model, the cybersecurity scoring model comprising category weights for the one or more domain name system records, the list of open ports, and associated vulnerabilities and further comprising an algorithm for combining the categories using the category weights; computing a cybersecurity score by applying the algorithm to the weighted categories; and generating a cybersecurity portion of a baseline and service fingerprint profile for the domain name based on the cybersecurity score. 4. The computing system of claim 3 , wherein the one or more hardware processors are further configured for: receiving a data packet associated with a detected port scan; generating and send a reply data packet with a modified header, the modified header comprising a flag and a bad sequence number to compel a sniffing machine to return a response data packet, the response data packet revealing the sniffing machine's Internet protocol address; and blocking the sniffing machine's Internet protocol address. 5. A method for cybersecurity analysis and protection using distributed computing services, comprising the steps of: executing a plurality of Internet search tasks for a domain name comprising searches for, and receipt of search results for, one or more domain name system records; identifying Internet protocol addresses associated with the domain name from the one or more domain name system records; executing a first plurality of Internet protocol address scanning tasks comprising an open port scan for each Internet protocol address identified and a vulnerability scan for each open port; receiving a list of open ports, associated vulnerabilities, and a baseline and service fingerprint profile for the domain name; executing a second plurality of Internet protocol address scanning tasks comprising a port scan detection task for each Internet protocol address identified; and storing the received search results and the results of the first and second pluralities of Internet protocol address scanning tasks; receiving a cybersecurity scoring model, the cybersecurity scoring model comprising category weights for the one or more domain name system records, the list of open ports, and associated vulnerabilities and further comprising an algorithm for combining the categories using the category weights; computing a cybersecurity score by applying the algorithm to the weighted categories; and generating a cybersecurity portion of a baseline and service fingerprint profile for the domain name based on the cybersecurity score. 6. The method of claim 5 , further comprising the steps of: receiving a data packet associated with a detected port scan; generating and send a reply data packet with a modified header, the modified header comprising a flag and a bad sequence number to compel a sniffing machine to return a response data packet, the response data packet revealing the sniffing machine's Internet protocol address; and blocking the sniffing machine's Internet protocol address. 7. Non-transitory, computer-readable storage media having computer-executable instructions embodied thereon that, when executed by one or more processors of a computing system employing a cyber decision platform for detection and mitigation of cyberattacks, cause the computing system to: execute a plurality of Internet search tasks for a domain name comprising searches for, and receipt of search results for, one or more domain name system records; identify Internet protocol addresses associated with the domain name from the one or more domain name system records; execute a first plurality of Internet protocol address scanning tasks comprising an open port scan for each Internet protocol address identified and a vulnerability scan for each open port; receive a list of open ports, associated vulnerabilities, and a baseline and service fingerprint profile for the domain name; execute a second plurality of Internet protocol address scanning tasks comprising a port scan detection task for each Internet protocol address identified; and store the received search results and the results of the first and second pluralities of Internet protocol address scanning tasks; receive a cybersecurity scoring model, the cybersecurity scoring model comprising category weights for the one or more domain name system records, the list of open ports, and associated vulnerabilities and further comprising an algorithm for combining the categories using the category weights; compute a cybersecurity score by applying the algorithm to

Assignees

Qomplx Llc

Inventors

Classifications

H04L63/0281
Proxies · CPC title
H04L63/1416
Event detection, e.g. attack signature detection · CPC title
H04L63/1433
Vulnerability analysis · CPC title
H04L63/1475
Passive attacks, e.g. eavesdropping or listening without modification of the traffic monitored · CPC title
H04L63/0236
Filtering by address, protocol, port number or service, e.g. IP-address or URL · CPC title

Patent family

Related publications grouped by family.

View patent family 82405475

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US12267369B2 cover?: Cybersecurity reconnaissance, analysis, and scoring uses distributed, cloud or edge-based pools of computing services to provide sufficient scalability for analysis of IT/OT networks using only publicly available characterizations. An in-memory associative array manages a queue of configuration and vulnerability search tasks through at least one public-facing proxy network which uses configurab…
Who is the assignee on this patent?: Qomplx Llc
What technology area does this patent fall under?: Primary CPC classification G06F16/951. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Apr 01 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).