| CPC H04L 63/145 (2013.01) | 20 Claims |
|
1. A system comprising:
a network telescope for:
capturing a first set and a second set of unsolicited data packets sent by a first set of devices; and
probing the first set of devices for additional information;
a computer system for:
identifying a first subset of the first set of unsolicited data packets which originate from misconfigured devices of the first set of devices;
filtering out the first subset of the first set of unsolicited data packets from the first set of unsolicited data packets;
identifying a second subset of the first set of unsolicited data packets as originating from malicious devices of the first set of devices;
training a machine learning model to classify the malicious devices as Internet-of-Things (IoT) devices or non-IoT devices;
identifying a first subset of the second set of unsolicited data packets which originate from the misconfigured devices of the first set of devices;
filtering out the first subset of the second set of unsolicited data packets which originate from the misconfigured devices;
identifying a second subset of the second set of unsolicited data packets as originating from the malicious devices of the first set of devices;
applying the trained machine learning model to classify the malicious devices as IoT devices or non-IoT devices;
extracting features of the IoT devices to identify compromised IoT devices;
analyzing the compromised IoT devices and a method used to compromise the IoT devices, to generate analysis associated with the compromised IoT devices and the method used to compromise the IoT devices; and
communicating to a user the generated analysis.
|