US 12,069,077 B2
Methods for detecting a cyberattack on an electronic device, method for obtaining a supervised random forest model for detecting a DDoS attack or a brute force attack, and electronic device configured to detect a cyberattack on itself
Gabriel Armelin, Stuttgart (DE); Erbin Lim, Stuttgart (DE); Francesco Cartella, Stuttgart (DE); and Gert Ceulemans, Stuttgart (DE)
Assigned to Sony Group Corporation, Tokyo (JP)
Appl. No. 17/625,350
Filed by Sony Group Corporation, Tokyo (JP)
PCT Filed Jun. 3, 2020, PCT No. PCT/EP2020/065384
§ 371(c)(1), (2) Date Jan. 7, 2022,
PCT Pub. No. WO2021/018440, PCT Pub. Date Feb. 4, 2021.
Claims priority of application No. 19188489 (EP), filed on Jul. 26, 2019.
Prior Publication US 2022/0263846 A1, Aug. 18, 2022
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/1425 (2013.01) [H04L 63/1458 (2013.01); H04L 2463/141 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for detecting a cyberattack on an electronic device, the method being performed by the electronic device, the method comprising:
collecting data at the electronic device;
classifying the collected data as regular data or malicious data using a supervised machine-learning model for the cyberattack; and
determining whether the electronic device is under the cyberattack based on the classification of the collected data, wherein
the cyberattack is a Distributed Denial-of-Service, DDoS, attack,
the collected data is data packets received by the electronic device, and wherein the collected data is classified based on a number of data packets received by the electronic device per predefined time window,
the number of data packets indicate a same source IP address,
the DDoS attack is a Simple Service Discovery Protocol, SSDP, attack,
the data packets are User Datagram Protocol, UDP, packets, and
the number of data packets comprise a M-SEARCH request with one or more predefined set flags.