Patents by Inventor Adrian M. Marinescu
Adrian M. Marinescu has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11010470Abstract: A system for operating system remediation intercepts input/output (I/O) requests to write to one or more files and stores, as file restore data, (i) a restore copy of the one or more files to the system cache prior to performing write operations of the I/O requests and (ii) identification information for one or more processes or entities making the corresponding I/O requests in the system cache. The system reverts to the restore copy of the one or more files using the file restore data and based at least on a later determination that one or more processes making the corresponding I/O requests was malware. A current version of the one or more files is thereby replaced with the restore copy of the one or more files with improved automatic remediation support and a greater likelihood that data can be restored from the cache in the case of malware attacks.Type: GrantFiled: December 15, 2017Date of Patent: May 18, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Gowtham R. Animireddygari, Karthik Selvaraj, Adrian M. Marinescu, Catalin D. Sandu
-
Patent number: 10963566Abstract: Implementations described herein disclose a malware sequence detection system for detecting presence of malware in a plurality of events. An implementation of the malware sequence detection includes receiving a sequence of a plurality of events, and detecting presence of a sequence of malware commands within the sequence of a plurality of events by dividing the sequence of plurality of events into a plurality of subsequences, performing sequential subsequence learning on one or more of the plurality of subsequences, and generating a probability of one or more of the plurality of subsequences being a malware based on the output of the sequential subsequence.Type: GrantFiled: January 25, 2018Date of Patent: March 30, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Rakshit Agrawal, Jack Wilson Stokes, III, Karthik Selvaraj, Adrian M. Marinescu
-
Patent number: 10938840Abstract: Enhanced neural network architectures that enable the determination and employment of association-based or attention-based “interrelatedness” of various portions of the input data are provided. A method of employing an architecture includes receiving a first input data element, a second input element, and a third input element. A first interrelated metric that indicates a degree of interrelatedness between the first input data element and the second input data element is determined. A second interrelated metric is determined. The second interrelated metric indicates a degree of interrelatedness between the first input data element and the third input data element. An interrelated vector is generated based on the first interrelated metric and the second interrelated metric. The neural network is employed to generate an output vector that corresponds to the first input vector and is based on a combination of the first input vector and the interrelated vector.Type: GrantFiled: October 15, 2018Date of Patent: March 2, 2021Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Jack Wilson Stokes, III, Rakshit Agrawal, Karthik Selvaraj, Adrian M. Marinescu
-
Publication number: 20200120110Abstract: Enhanced neural network architectures that enable the determination and employment of association-based or attention-based “interrelatedness” of various portions of the input data are provided. A method of employing an architecture includes receiving a first input data element, a second input element, and a third input element. A first interrelated metric that indicates a degree of interrelatedness between the first input data element and the second input data element is determined. A second interrelated metric is determined. The second interrelated metric indicates a degree of interrelatedness between the first input data element and the third input data element. An interrelated vector is generated based on the first interrelated metric and the second interrelated metric. The neural network is employed to generate an output vector that corresponds to the first input vector and is based on a combination of the first input vector and the interrelated vector.Type: ApplicationFiled: October 15, 2018Publication date: April 16, 2020Inventors: Jack Wilson STOKES, III, Rakshit AGRAWAL, Karthik SELVARAJ, Adrian M. MARINESCU
-
Patent number: 10515213Abstract: Described herein are various technologies pertaining detecting malware by monitoring execution of an instrumented process. An anti-malware engine can observe code obfuscation, suspicious patterns and/or behavior upon scanning a computer file. Based upon this observation, evidence can be submitted to a service (e.g., cloud-based service) and, in response, configuration setting(s) for restraining, containing and/or instrumenting a process for executing the file and/or instrumenting a process into which the file is loaded can be received. The configured process can be monitored. Based upon this monitoring, an action can be taken including determining the file to comprise malware and terminating the process. Upon detecting malware, a detection report, and a copy of the computer file, can be sent to a service (e.g., cloud-based). The service can independently verify that the reported file is malicious, and can protect other machines from executing or loading the same malicious file.Type: GrantFiled: August 27, 2016Date of Patent: December 24, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Adrian Emil Stepan, Adrian M. Marinescu
-
Publication number: 20190228154Abstract: Implementations described herein disclose a malware sequence detection system for detecting presence of malware in a plurality of events. An implementation of the malware sequence detection includes receiving a sequence of a plurality of events, and detecting presence of a sequence of malware commands within the sequence of a plurality of events by dividing the sequence of plurality of events into a plurality of subsequences, performing sequential subsequence learning on one or more of the plurality of subsequences, and generating a probability of one or more of the plurality of subsequences being a malware based on the output of the sequential subsequence.Type: ApplicationFiled: January 25, 2018Publication date: July 25, 2019Inventors: Rakshit AGRAWAL, Jack Wilson STOKES, III, Karthik SELVARAJ, Adrian M. MARINESCU
-
Publication number: 20190188380Abstract: A system for operating system remediation intercepts input/output (I/O) requests to write to one or more files and stores, as file restore data, (i) a restore copy of the one or more files to the system cache prior to performing write operations of the I/O requests and (ii) identification information for one or more processes or entities making the corresponding I/O requests in the system cache. The system reverts to the restore copy of the one or more files using the file restore data and based at least on a later determination that one or more processes making the corresponding I/O requests was malware. A current version of the one or more files is thereby replaced with the restore copy of the one or more files with improved automatic remediation support and a greater likelihood that data can be restored from the cache in the case of malware attacks.Type: ApplicationFiled: December 15, 2017Publication date: June 20, 2019Inventors: Gowtham R. ANIMIREDDYGARI, Karthik SELVARAJ, Adrian M. MARINESCU, Catalin D. SANDU
-
Patent number: 10204113Abstract: The present invention extends to methods, systems, and computer program products for reverse replication to rollback corrupted files. When a computer system detects that a copy of a file includes inappropriate content, the computer system can coordinate with other computer systems (e.g., in replicated storage system) to determine that a viable (e.g., clean) copy of the file exists. The computer system can access the viable copy and replace the copy that includes the inappropriate content with the viable copy. As such, a computer system can “reverse replicate” a file rather than break a synchronization relationship. Reverse replication can be used to rollback a copy of an infected file to another (possibly earlier) copy of the file that is not infected. Embodiments of the invention can be used to rollback data files, such as, for example, pictures, videos, documents, etc.Type: GrantFiled: December 13, 2016Date of Patent: February 12, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Marc E. Seinfeld, Daron Spektor, William M. Zintel, Adrian M. Marinescu
-
Publication number: 20180060579Abstract: Described herein are various technologies pertaining detecting malware by monitoring execution of an instrumented process. An anti-malware engine can observe code obfuscation, suspicious patterns and/or behavior upon scanning a computer file. Based upon this observation, evidence can be submitted to a service (e.g., cloud-based service) and, in response, configuration setting(s) for restraining, containing and/or instrumenting a process for executing the file and/or instrumenting a process into which the file is loaded can be received. The configured process can be monitored. Based upon this monitoring, an action can be taken including determining the file to comprise malware and terminating the process. Upon detecting malware, a detection report, and a copy of the computer file, can be sent to a service (e.g., cloud-based). The service can independently verify that the reported file is malicious, and can protect other machines from executing or loading the same malicious file.Type: ApplicationFiled: August 27, 2016Publication date: March 1, 2018Applicant: Microsoft Technology Licensing, LLCInventors: Adrian Emil Stepan, Adrian M. Marinescu
-
Patent number: 9781142Abstract: The present invention extends to methods, systems, and computer program products for scanning files for inappropriate content during file synchronization. Embodiments of the invention are mindful of the order of operations when scanning files for inappropriate content and in subsequent file processing. In some embodiments, during synchronization, an intermediary server scans a file for inappropriate content. The file is not permitted to be fully downloaded to a client device until the scan determines that the file does not contain inappropriate content. In other embodiments, during synchronization, a client device scans a newer version of a file for inappropriate content. An older version of the file is not deleted until the scan determines that the newer version of the file does not contain inappropriate content. In further embodiments, server side scanning and client side scanning are both used to enhance capabilities for detecting inappropriate content.Type: GrantFiled: June 3, 2016Date of Patent: October 3, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Marc E. Seinfeld, Daron Spektor, William M. Zintel, Adrian M. Marinescu
-
Publication number: 20170091219Abstract: The present invention extends to methods, systems, and computer program products for reverse replication to rollback corrupted files. When a computer system detects that a copy of a file includes inappropriate content, the computer system can coordinate with other computer systems (e.g., in replicated storage system) to determine that a viable (e.g., clean) copy of the file exists. The computer system can access the viable copy and replace the copy that includes the inappropriate content with the viable copy. As such, a computer system can “reverse replicate” a file rather than break a synchronization relationship. Reverse replication can be used to rollback a copy of an infected file to another (possibly earlier) copy of the file that is not infected. Embodiments of the invention can be used to rollback data files, such as, for example, pictures, videos, documents, etc.Type: ApplicationFiled: December 13, 2016Publication date: March 30, 2017Inventors: Marc E. Seinfeld, Daron Spektor, William M. Zintel, Adrian M. Marinescu
-
Publication number: 20160285900Abstract: The present invention extends to methods, systems, and computer program products for scanning files for inappropriate content during file synchronization. Embodiments of the invention are mindful of the order of operations when scanning files for inappropriate content and in subsequent file processing. In some embodiments, during synchronization, an intermediary server scans a file for inappropriate content. The file is not permitted to be fully downloaded to a client device until the scan determines that the file does not contain inappropriate content. In other embodiments, during synchronization, a client device scans a newer version of a file for inappropriate content. An older version of the file is not deleted until the scan determines that the newer version of the file does not contain inappropriate content. In further embodiments, server side scanning and client side scanning are both used to enhance capabilities for detecting inappropriate content.Type: ApplicationFiled: June 3, 2016Publication date: September 29, 2016Inventors: Marc E. Seinfeld, Daron Spektor, William M. Zintel, Adrian M. Marinescu
-
Patent number: 9436826Abstract: The subject disclosure is directed towards detecting malware or possible malware in an input file by allowing the input file to be opened, and by monitoring for one or more behaviors corresponding to the open file that likely indicate malware. Only certain executable files and/or file types opened thereby may be monitored, with various collected event data used for antimalware purposes when improper behavior is observed. Example behaviors include writing of a file to storage, generation of network traffic, injection of a process, running of script, and/or writing system registry data. Telemetry data and/or a sample of the file may be sent to an antimalware service, and malware remediation may be performed. Data (e.g., the collected events) may be distributed to other nodes for use in antimalware detection, e.g., to block execution of a similar file.Type: GrantFiled: June 16, 2011Date of Patent: September 6, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Vishal Kapoor, Jonathan Mark Keller, Ajith Kumar, Adrian M. Marinescu, Marc E. Seinfeld, Anil Francis Thomas, Michael Sean Jarrett, Joseph J. Johnson, Joseph L. Faulhaber
-
Patent number: 9378370Abstract: The present invention extends to methods, systems, and computer program products for scanning files for inappropriate content during file synchronization. Embodiments of the invention are mindful of the order of operations when scanning files for inappropriate content and in subsequent file processing. In some embodiments, during synchronization, an intermediary server scans a file for inappropriate content. The file is not permitted to be fully downloaded to a client device until the scan determines that the file does not contain inappropriate content. In other embodiments, during synchronization, a client device scans a newer version of a file for inappropriate content. An older version of the file is not deleted until the scan determines that the newer version of the file does not contain inappropriate content. In further embodiments, server side scanning and client side scanning are both used to enhance capabilities for detecting inappropriate content.Type: GrantFiled: June 17, 2013Date of Patent: June 28, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Marc E. Seinfeld, Daron Spektor, William M. Zintel, Adrian M. Marinescu
-
Patent number: 9021590Abstract: A system and method that facilitates and effectuates detection of malware secreted and/or hidden in plain sight on a machine. The system and method in order to achieve its aims generates a list of all loaded modules, identifies from the list a set of modules common to more than a threshold number of processes, and eliminates from the list those modules included in an authentication list. The resultant list is prioritized based, in one instance, on the number of occurrences a particular module makes in the resultant list, and thereafter the list is distributed analyst workstations.Type: GrantFiled: February 28, 2007Date of Patent: April 28, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Cormac E. Herley, Brian W. Keogh, Aaron Michael Hulett, Adrian M. Marinescu, Jeffrey S. Williams, Stanislav Nurilov
-
Patent number: 8973135Abstract: Techniques are described herein that are capable of selectively scanning objects for infection by malware (i.e., to determine whether one or more of the objects are infected by malware). For instance, metadata that is associated with the objects may be reviewed to determine whether update(s) have been made with regard to the objects since a determination was made that the objects were not infected by malware. An update may involve increasing a number of the objects, modifying one of the objects, etc. Objects that have been updated (e.g., added and/or modified) since the determination may be scanned. Objects that have not been updated since the determination need not necessarily be scanned. For instance, an allowance may be made to perform operations with respect to the objects that have not been updated since the determination without first scanning the objects for infection by malware.Type: GrantFiled: September 29, 2011Date of Patent: March 3, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Anil Francis Thomas, Adrian M. Marinescu, Ajith Kumar, Jonathan M. Keller, Omer Ben Bassat
-
Patent number: 8955133Abstract: The subject disclosure is directed towards a technology by which antimalware detection logic is maintained and operated at a backend service, with which a customer frontend machine communicates (queries) for purposes of malware detection. In this way, some antimalware techniques are maintained at the backend service rather than revealed to antimalware authors. The backend antimalware detection logic may be based upon feature selection, and may be updated rapidly, in a manner that is faster than malware authors can track. Noise may be added to the results to make it difficult for malware authors to deduce the logic behind the results. The backend may return results indicating malware or not malware, or return inconclusive results. The backend service may also detect probing-related queries that are part of an attempt to deduce the unrevealed antimalware detection logic, with noisy results returned in response and/or other actions taken to foil the attempt.Type: GrantFiled: June 9, 2011Date of Patent: February 10, 2015Assignee: Microsoft CorporationInventors: Ajith Kumar, Timothy Jon Fraser, Adrian M. Marinescu, Marc E. Seinfeld, Jack Wilson Stokes, III, Anil Francis Thomas
-
Publication number: 20140379637Abstract: The present invention extends to methods, systems, and computer program products for reverse replication to rollback corrupted files. When a computer system detects that a copy of a file includes inappropriate content, the computer system can coordinate with other computer systems (e.g., in replicated storage system) to determine that a viable (e.g., clean) copy of the file exists. The computer system can access the viable copy and replace the copy that includes the inappropriate content with the viable copy. As such, a computer system can “reverse replicate” a file rather than break a synchronization relationship. Reverse replication can be used to rollback a copy of an infected file to another (possibly earlier) copy of the file that is not infected. Embodiments of the invention can be used to rollback data files, such as, for example, pictures, videos, documents, etc.Type: ApplicationFiled: June 25, 2013Publication date: December 25, 2014Inventors: Marc E. Seinfeld, Daron Spektor, William M. Zintel, Adrian M. Marinescu
-
Publication number: 20140373147Abstract: The present invention extends to methods, systems, and computer program products for scanning files for inappropriate content during file synchronization. Embodiments of the invention are mindful of the order of operations when scanning files for inappropriate content and in subsequent file processing. In some embodiments, during synchronization, an intermediary server scans a file for inappropriate content. The file is not permitted to be fully downloaded to a client device until the scan determines that the file does not contain inappropriate content. In other embodiments, during synchronization, a client device scans a newer version of a file for inappropriate content. An older version of the file is not deleted until the scan determines that the newer version of the file does not contain inappropriate content. In further embodiments, server side scanning and client side scanning are both used to enhance capabilities for detecting inappropriate content.Type: ApplicationFiled: June 17, 2013Publication date: December 18, 2014Inventors: Marc E. Seinfeld, Daron Spektor, William M. Zintel, Adrian M. Marinescu
-
Patent number: 8799190Abstract: A reliable automated malware classification approach with substantially low false positive rates is provided. Graph-based local and/or global file relationships are used to improve malware classification along with a feature selection algorithm. File relationships such as containing, creating, copying, downloading, modifying, etc. are used to assign malware probabilities and simultaneously reduce the false positive and false negative rates on executable files.Type: GrantFiled: June 17, 2011Date of Patent: August 5, 2014Assignee: Microsoft CorporationInventors: Jack W. Stokes, Nikos Karampatziakis, John C. Platt, Anil Francis Thomas, Adrian M. Marinescu