Patents by Inventor Gunter Ollmann
Gunter Ollmann has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10257212Abstract: A system and method of analysis. NX domain names are collected from an asset in a real network. The NX domain names are domain names that are not registered. The real network NX domain names are utilized to create testing vectors. The testing vectors are classified as benign vectors or malicious vectors based on training vectors. The asset is then classified as infected if the NX testing vector created from the real network NX domain names is classified as a malicious vector.Type: GrantFiled: December 19, 2016Date of Patent: April 9, 2019Assignee: Help/Systems, LLCInventors: Emmanouil Antonakakis, Robert Perdisci, Wenke Lee, Gunter Ollmann
-
Patent number: 9948671Abstract: A computerized system and method for performing behavioral clustering of malware samples, comprising: executing malware samples in a controlled computer environment for a predetermined time to obtain Hypertext Transfer Protocol. HTTP traffic; clustering the malware samples into at least one cluster based on network behavioral information from the HTTP traffic; and extracting, using the at least one processor, network signatures from the HTTP traffic information for each cluster, the network signatures being indicative of malware infection.Type: GrantFiled: June 27, 2014Date of Patent: April 17, 2018Assignee: Damballa, Inc.Inventors: Roberto Perdisci, Wenke Lee, Gunter Ollmann
-
Publication number: 20170201536Abstract: A system and method of analysis. NX domain names are collected from an asset in a real network. The NX domain names are domain names that are not registered. The real network NX domain names are utilized to create testing vectors. The testing vectors are classified as benign vectors or malicious vectors based on training vectors. The asset is then classified as infected if the NX testing vector created from the real network NX domain names is classified as a malicious vector.Type: ApplicationFiled: December 19, 2016Publication date: July 13, 2017Applicant: DAMBALLA, INC.Inventors: Emmanouil ANTONAKAKIS, Robert PERDISCI, Wenke LEE, Gunter OLLMANN
-
Patent number: 9525699Abstract: A system and method of analysis. NX domain names are collected from an asset in a real network. The NX domain names are domain names that are not registered. The real network NX domain names are utilized to create testing vectors. The testing vectors are classified as benign vectors or malicious vectors based on training vectors. The asset is then classified as infected if the NX testing vector created from the real network NX domain names is classified as a malicious vector.Type: GrantFiled: September 30, 2013Date of Patent: December 20, 2016Assignee: Damballa, Inc.Inventors: Emmanouil Antonakakis, Robert Perdisci, Wenke Lee, Gunter Ollmann
-
Publication number: 20150026808Abstract: A computerized system and method for performing behavioral clustering of malware samples, comprising: executing malware samples in a controlled computer environment for a predetermined time to obtain HTTP traffic; clustering the malware samples into at least one cluster based on network behavioral information from the HTTP traffic; and extracting, using the at least one processor, network signatures from the HTTP traffic information for each cluster, the network signatures being indicative of malware infection.Type: ApplicationFiled: June 27, 2014Publication date: January 22, 2015Inventors: Roberto PERDISCI, Wenke LEE, Gunter OLLMANN
-
Patent number: 8931096Abstract: A method, apparatus, and computer program product for identifying malware is disclosed. The method identifies processes in a running process list on a host computer system. The method identifies ports assigned to the processes in the running process list on the host computer system. The method determines whether any one of ports that is currently in use in the host computer system is not assigned to any of the processes in the running process list. The method then makes a record that a hidden, running process is present as a characteristic of an attack in response to a determination that one of the ports is currently in use but is not assigned to any of the processes in the running process list in the host computer system.Type: GrantFiled: December 9, 2011Date of Patent: January 6, 2015Assignee: International Business Machines CorporationInventors: Robert G. Freeman, Gunter Ollmann
-
Patent number: 8826438Abstract: A computerized system and method for performing behavioral clustering of malware samples, comprising: executing malware samples in a controlled computer environment for a predetermined time to obtain HTTP traffic; clustering the malware samples into at least one cluster based on network behavioral information from the HTTP traffic; and extracting, using the at least one processor, network signatures from the HTTP traffic information for each cluster, the network signatures being indicative of malware infection.Type: GrantFiled: January 18, 2011Date of Patent: September 2, 2014Assignee: Damballa, Inc.Inventors: Roberto Perdisci, Wenke Lee, Gunter Ollmann
-
Publication number: 20140101759Abstract: A system and method of analysis. NX domain names are collected from an asset in a real network. The NX domain names are domain names that are not registered. The real network NX domain names are utilized to create testing vectors. The testing vectors are classified as benign vectors or malicious vectors based on training vectors. The asset is then classified as infected if the NX testing vector created from the real network NX domain names is classified as a malicious vector.Type: ApplicationFiled: September 30, 2013Publication date: April 10, 2014Applicant: DAMBALLA, INC.Inventors: Emmanouil ANTONAKAKIS, Robert PERDISCI, Wenke LEE, Gunter OLLMANN
-
Patent number: 8578497Abstract: A system and method of analysis. NX domain names are collected from an asset in a real network. The NX domain names are domain names that are not registered. The real network NX domain names are utilized to create testing vectors. The testing vectors are classified as benign vectors or malicious vectors based on training vectors. The asset is then classified as infected if the NX testing vector created from the real network NX domain names is classified as a malicious vector.Type: GrantFiled: January 5, 2011Date of Patent: November 5, 2013Assignee: Damballa, Inc.Inventors: Emmanouil Antonakakis, Roberto Perdisci, Wenke Lee, Gunter Ollmann
-
Publication number: 20120084862Abstract: A method, apparatus, and computer program product for identifying malware is disclosed. The method identifies processes in a running process list on a host computer system. The method identifies ports assigned to the processes in the running process list on the host computer system. The method determines whether any one of ports that is currently in use in the host computer system is not assigned to any of the processes in the running process list. The method then makes a record that a hidden, running process is present as a characteristic of an attack in response to a determination that one of the ports is currently in use but is not assigned to any of the processes in the running process list in the host computer system.Type: ApplicationFiled: December 9, 2011Publication date: April 5, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Robert G. Freeman, Gunter Ollmann
-
Publication number: 20110283361Abstract: A computerized system and method for performing behavioral clustering of malware samples, comprising: executing malware samples in a controlled computer environment fbr a predetermined time to obtain HTTP traffic; clustering the malware samples into at least one cluster based on network behavioral information from the HTTP traffic; and extracting, using the at least one processor, network signatures from the HTTP traffic information for each cluster, the network signatures being indicative of malware infection.Type: ApplicationFiled: January 18, 2011Publication date: November 17, 2011Applicant: DAMBALLA, INC.Inventors: Roberto Perdisci, Wenke Lee, Gunter Ollmann
-
Publication number: 20110167495Abstract: A system and method of analysis. NX domain names are collected from an asset in a real network. The NX domain names are domain names that are not registered. The real network NX domain names are utilized to create testing vectors. The testing vectors are classified as benign vectors or malicious vectors based on training vectors. The asset is then classified as infected if the NX testing vector created from the real network NX domain names is classified as a malicious vector.Type: ApplicationFiled: January 5, 2011Publication date: July 7, 2011Inventors: Emmanouil ANTONAKAKIS, Roberto PERDISCI, Wenke LEE, Gunter OLLMANN
-
Publication number: 20100107257Abstract: A system, method and program product for detecting presence of malicious software running on a computer system. The method includes locally querying the system to enumerate a local inventory of tasks and network services running on the system for detecting presence of malicious software running on the system and remotely querying the system from a remote system via a network to enumerate a remote inventory of tasks and network services running on the system for detecting presence of malicious software running on the system, where the local inventory enumerates ports in use on the system and where the remote inventory enumerates ports in use on the system. Further, the method includes collecting the local inventory and the remote inventory and comparing the local inventory with the remote inventory to identify any discrepancies between the local and the remote inventories for detecting presence of malicious software running on the system.Type: ApplicationFiled: October 29, 2008Publication date: April 29, 2010Applicant: International Business Machines CorporationInventor: Gunter Ollmann