Method for automatic aggregating and enriching data from honeypots

Method for automatic aggregating and enriching data from honeypots

The present invention relates to a method for automatic aggregating and enriching data from honeypots comprising defining a plurality of identified honeypots of a different type to be monitored in a network; collecting metadata and samples from said honeypots of a different type in said network, whi...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Kleymenov, Alexey, Di Pinto, Alessandro, Carullo, Moreno, Carcano, Andrea
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator Kleymenov, Alexey
Di Pinto, Alessandro
Carullo, Moreno
Carcano, Andrea
description The present invention relates to a method for automatic aggregating and enriching data from honeypots comprising defining a plurality of identified honeypots of a different type to be monitored in a network; collecting metadata and samples from said honeypots of a different type in said network, which in turn comprises defining a predefined collection model for the honeypots such as to collect homogeneous metadata and samples among the honeypots of a different type, extracting the metadata according to the collection model defining a model metadata, and extracting the samples according to the collection model defining model samples; enriching said metadata and sample collected, which in turn comprises scanning the model metadata to extract IoCs, scanning the model samples to extract IoCs, recursively scanning the model samples to generate secondary model metadata and scanning the secondary model metadata to extract IoCs, until no further IoCs can be generated, recursively obtaining secondary samples from the extracted IoCs and scanning the secondary model samples to extract IoCs, until no further secondary samples are obtained; and aggregating said metadata and samples collected and/or enriched, which in turn comprises aggregating metadata by a predefined metadata model aggregation and aggregating samples by a predefined samples model aggregation.
format Patent
fullrecord <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US11671449B2</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US11671449B2</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US11671449B23</originalsourceid><addsrcrecordid>eNrjZHDyTS3JyE9RSMsvUkgsLcnPTSzJTFZITE8vSk0HMvPSFRLzUhRS84oykzNAvJTEkkSFtKL8XIWM_LzUyoL8kmIeBta0xJziVF4ozc2g6OYa4uyhm1qQH59aXJCYnJqXWhIfGmxoaGZuaGJi6WRkTIwaAFTPMm8</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>Method for automatic aggregating and enriching data from honeypots</title><source>esp@cenet</source><creator>Kleymenov, Alexey ; Di Pinto, Alessandro ; Carullo, Moreno ; Carcano, Andrea</creator><creatorcontrib>Kleymenov, Alexey ; Di Pinto, Alessandro ; Carullo, Moreno ; Carcano, Andrea</creatorcontrib><description>The present invention relates to a method for automatic aggregating and enriching data from honeypots comprising defining a plurality of identified honeypots of a different type to be monitored in a network; collecting metadata and samples from said honeypots of a different type in said network, which in turn comprises defining a predefined collection model for the honeypots such as to collect homogeneous metadata and samples among the honeypots of a different type, extracting the metadata according to the collection model defining a model metadata, and extracting the samples according to the collection model defining model samples; enriching said metadata and sample collected, which in turn comprises scanning the model metadata to extract IoCs, scanning the model samples to extract IoCs, recursively scanning the model samples to generate secondary model metadata and scanning the secondary model metadata to extract IoCs, until no further IoCs can be generated, recursively obtaining secondary samples from the extracted IoCs and scanning the secondary model samples to extract IoCs, until no further secondary samples are obtained; and aggregating said metadata and samples collected and/or enriched, which in turn comprises aggregating metadata by a predefined metadata model aggregation and aggregating samples by a predefined samples model aggregation.</description><language>eng</language><subject>ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRICITY ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2023</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20230606&amp;DB=EPODOC&amp;CC=US&amp;NR=11671449B2$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,776,881,25543,76293</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20230606&amp;DB=EPODOC&amp;CC=US&amp;NR=11671449B2$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>Kleymenov, Alexey</creatorcontrib><creatorcontrib>Di Pinto, Alessandro</creatorcontrib><creatorcontrib>Carullo, Moreno</creatorcontrib><creatorcontrib>Carcano, Andrea</creatorcontrib><title>Method for automatic aggregating and enriching data from honeypots</title><description>The present invention relates to a method for automatic aggregating and enriching data from honeypots comprising defining a plurality of identified honeypots of a different type to be monitored in a network; collecting metadata and samples from said honeypots of a different type in said network, which in turn comprises defining a predefined collection model for the honeypots such as to collect homogeneous metadata and samples among the honeypots of a different type, extracting the metadata according to the collection model defining a model metadata, and extracting the samples according to the collection model defining model samples; enriching said metadata and sample collected, which in turn comprises scanning the model metadata to extract IoCs, scanning the model samples to extract IoCs, recursively scanning the model samples to generate secondary model metadata and scanning the secondary model metadata to extract IoCs, until no further IoCs can be generated, recursively obtaining secondary samples from the extracted IoCs and scanning the secondary model samples to extract IoCs, until no further secondary samples are obtained; and aggregating said metadata and samples collected and/or enriched, which in turn comprises aggregating metadata by a predefined metadata model aggregation and aggregating samples by a predefined samples model aggregation.</description><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRICITY</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2023</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNrjZHDyTS3JyE9RSMsvUkgsLcnPTSzJTFZITE8vSk0HMvPSFRLzUhRS84oykzNAvJTEkkSFtKL8XIWM_LzUyoL8kmIeBta0xJziVF4ozc2g6OYa4uyhm1qQH59aXJCYnJqXWhIfGmxoaGZuaGJi6WRkTIwaAFTPMm8</recordid><startdate>20230606</startdate><enddate>20230606</enddate><creator>Kleymenov, Alexey</creator><creator>Di Pinto, Alessandro</creator><creator>Carullo, Moreno</creator><creator>Carcano, Andrea</creator><scope>EVB</scope></search><sort><creationdate>20230606</creationdate><title>Method for automatic aggregating and enriching data from honeypots</title><author>Kleymenov, Alexey ; Di Pinto, Alessandro ; Carullo, Moreno ; Carcano, Andrea</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US11671449B23</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2023</creationdate><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRICITY</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>Kleymenov, Alexey</creatorcontrib><creatorcontrib>Di Pinto, Alessandro</creatorcontrib><creatorcontrib>Carullo, Moreno</creatorcontrib><creatorcontrib>Carcano, Andrea</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Kleymenov, Alexey</au><au>Di Pinto, Alessandro</au><au>Carullo, Moreno</au><au>Carcano, Andrea</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>Method for automatic aggregating and enriching data from honeypots</title><date>2023-06-06</date><risdate>2023</risdate><abstract>The present invention relates to a method for automatic aggregating and enriching data from honeypots comprising defining a plurality of identified honeypots of a different type to be monitored in a network; collecting metadata and samples from said honeypots of a different type in said network, which in turn comprises defining a predefined collection model for the honeypots such as to collect homogeneous metadata and samples among the honeypots of a different type, extracting the metadata according to the collection model defining a model metadata, and extracting the samples according to the collection model defining model samples; enriching said metadata and sample collected, which in turn comprises scanning the model metadata to extract IoCs, scanning the model samples to extract IoCs, recursively scanning the model samples to generate secondary model metadata and scanning the secondary model metadata to extract IoCs, until no further IoCs can be generated, recursively obtaining secondary samples from the extracted IoCs and scanning the secondary model samples to extract IoCs, until no further secondary samples are obtained; and aggregating said metadata and samples collected and/or enriched, which in turn comprises aggregating metadata by a predefined metadata model aggregation and aggregating samples by a predefined samples model aggregation.</abstract><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier
ispartof
issn
language eng
recordid cdi_epo_espacenet_US11671449B2
source esp@cenet
subjects ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
title Method for automatic aggregating and enriching data from honeypots
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-26T19%3A34%3A41IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=Kleymenov,%20Alexey&rft.date=2023-06-06&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS11671449B2%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true