To provide a log analysis system which is capable of detecting unauthorized access, an analysis device, an analysis method and a storage medium on which an analysis program is stored, a client terminal communicates with an external communication device. A relay device relays communications between the external communication device and the client terminal, in accordance with a request from the client terminal. An analysis device analyzes the content of communications by the client terminal. Then, the client terminal stores program information indicating a program that handled communications with the external communication device. The relay device stores a relay log that indicates each request, made by the client terminal, to communicate with the external communication device. In addition, the analysis device compares the program information and the relay log.

Techniques for Domain Generation Algorithm (DGA) behavior detection are provided. In some embodiments, a system, process, and/or computer program product for DGA behavior detection includes receiving passive Domain Name System (DNS) data that comprises a plurality of DNS responses at a security device; and applying a signature to the passive DNS data to detect DGA behavior, in which applying the signature to the passive DNS data to detect DGA behavior further comprises: parsing each of the plurality of DNS responses to determine whether one or more of the plurality of DNS responses correspond to a non-existent domain (NXDOMAIN) response.

A method and system for controlling access to a protected entity. The method includes receiving a redirected client request to access the protected entity that the protected entity denied; granting, in response to the received redirected request, access tokens of a first type to a client; identifying a conversion transaction identifying a request to convert the first type of access tokens with access tokens of a second type, the transaction designating the protected entity; determining a conversion value for converting first-type access tokens into second-type of access tokens, the conversion value being based on at least one access parameter; converting, using the conversion value, a first sum of the first-type access tokens into a second sum of second-type access tokens; and granting the client access to the protected entity when the sum of second-type of access tokens is received as a payment from the protected entity.

A method and system for blockchain-based access to a protected entity are provided. The method includes granting access tokens of a first-type to a client; identifying, in a blockchain network, a conversion transaction identifying a request to convert the first-type of access tokens with access tokens of a second-type, wherein the transaction designates at least the protected entity; determining a conversion value for converting the first-type of access tokens into the second-type of access tokens, wherein the conversion value is determined based on at least one access parameter; converting, based on the determined conversion value, a first sum of the first-type of access tokens into a second sum of the second-type of access-tokens; and granting the client access to the protected entity when the sum of the second-type of access tokens is received as a payment from the protected entity.

An innovative method is implemented to determine a robocall and blocks the incoming communication deemed to be a robocall. The method leverages blockchain's shared storage, memory, and ability to transact all information across a network and independently verified and stored on the immutable blockchain. The method takes advantage high-speed cellular network to process each communication with high-speed. Further, the method integrates blockchain encryption, swarm intelligence (SI), artificial intelligence (AI) and machine learning (ML) algorithms, a telecommunication expert knowledge graph (TEKG), and real-time parsing of records to block robocalls and reduce connection delays. All modules can evolve and update themselves with each use of the present invention through various SI, AI, and ML technologies. Additionally, the method includes a localized call-filtering feature based on state and federal laws to ensure the blocking of calls that are prohibited by either federal or state governments thereby facilitating recovery of damages.

A system and computer-implemented method of monitoring a network is provided. The method includes receiving a packet of network traffic, wherein the packet has an associated source and destination address pair, where this pair constitutes a connection pair. The method further includes comparing the packet to a plurality of patterns and/or compare a source or destination address of the packet to known malicious addresses, and upon determining that the packet matches a pattern of the plurality of patterns or the source or destination address of the packet matches a known malicious address. The method further includes deploying a honeypot in a container for the pattern matching the packet, if not yet deployed, and forwarding all network traffic for the connection pair to the honeypot.

A cloud based implemented method (and apparatus) includes receiving input data including bipartite graph data in a format of source MAC (Media Access Control) address data versus destination IP (Internet Protocol) data and timestamp information, and providing the input bipartite graph data into a first processing to detect malicious beaconing activities using a lockstep detection module on the input bipartite graph data, as executed in a cloud environment, to detect possible synchronized attacks against a targeted infrastructure.

Systems and methods for providing a threat intelligence system include a system provider device that downloads, through communication over a network and from one or more targeted websites, a plurality of images of a first environment. Based on an OCR process, the system provider device may extract a set of textual data corresponding to a subset of images of the plurality of images, where the subset of images depict text. The system provider device stores the set of textual data in an indexed and searchable database. The system provider device assigns a threat assessment score to each image based on the set of textual data, and the threat assessment score may be updated based on comparison of the set of textual data with other sets of textual data. Based on the threat assessment score being greater than a threshold value, the system provider device may generate a security alert.

The present invention relates to a method and a detection device for detecting a DGA domain generation algorithm in a computer communication network (106) comprising at least one server (104) for resolving DNS requests from at least one client terminal (102). The computer communication network (106) further includes a detection module (108) coupled to the resolution server (104) and configured to analyse DNS queries according to the following steps: for each DNS request, associate the requested domain name and the identity of the requesting client terminal to form a tuple; combine tuples into homogeneous partitions according to the tuple community detection technique; and deduce for each homogeneous partition all the client terminals using a same DGA.

Various embodiments provide an approach to detect intrusion of connected IoT devices. In operation, features associated with behavioral attributes as well as volumetric attributes of network data patterns of different IoT devices is analyzed by means of statistical analysis to determine deviation from normal operation data traffic patterns to detect anomalous operations and possible intrusions. Data from multiple networks and devices is combined in the cloud to provide for improved base models for statistical analysis.