Patents by Inventor Juneng Zheng
Juneng Zheng has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10354088Abstract: Systems and methods for preprocessing data to facilitate DLP pattern matching are provided. An input string is received by a Data Leak Prevention (DLP) system. The input string is converted by the DLP system into a fixed string pattern. The conversion is performed based on one or more of multiple class definitions, including a digit class, a letter class and a symbol class. A determination is then made by the DLP system regarding whether the input string contains potential sensitive data to which a full-match is to be applied by matching the fixed string pattern against one or more stored target strings representative of sensitive data.Type: GrantFiled: August 1, 2018Date of Patent: July 16, 2019Assignee: Fortinet, Inc.Inventor: Juneng Zheng
-
Patent number: 10291632Abstract: Systems and methods for high performance IDS/IPS with efficient metadata filtering are provided. According to one embodiment, a signature database of an IDS/IPS is configured with multiple metadata signatures. A pre-match engine identifies a candidate packet of network traffic received by the IDS/IPS for full-feature match processing by: (i) categorizing the metadata signatures based on characteristics thereof; and (ii) processing and filtering a first set of the metadata signatures that forms part of a hash key based metadata signature category. The hash key based metadata signature category represents a category resulting from the categorization and each of the first set of metadata signatures is associated with a fixed unique hash key based on which respective metadata signatures are matched with the received network traffic to identify the candidate packet.Type: GrantFiled: March 31, 2016Date of Patent: May 14, 2019Assignee: Fortinet, Inc.Inventors: Juneng Zheng, Hongbin Lu
-
Publication number: 20180373888Abstract: Systems and methods for preprocessing data to facilitate DLP pattern matching are provided. An input string is received by a Data Leak Prevention (DLP) system. The input string is converted by the DLP system into a fixed string pattern. The conversion is performed based on one or more of multiple class definitions, including a digit class, a letter class and a symbol class. A determination is then made by the DLP system regarding whether the input string contains potential sensitive data to which a full-match is to be applied by matching the fixed string pattern against one or more stored target strings representative of sensitive data.Type: ApplicationFiled: August 1, 2018Publication date: December 27, 2018Applicant: Fortinet, Inc.Inventor: Juneng Zheng
-
Patent number: 10114934Abstract: Methods and systems for determining consecutive matches are provided. According to one embodiment, a class definition and a data stream are received by a network security device. The data stream is partitioned into multiple data blocks each containing N data segments. Each data block is processed in parallel to compute: (i) a value (F) indicating whether every data segment value meets the class definition; (ii) a value (L) indicating a number of consecutive data segment values meeting the class definition starting from the left; (iii) a value (M) indicating a maximum number of consecutive data segment values meeting the class definition; and (iv) a value (R) indicating a number of consecutive data segment values meeting the class definition starting from the right. Corresponding values for each data block are then aggregated to determine a maximum number of consecutive data segment values meeting the class definition for the entire data stream.Type: GrantFiled: November 19, 2017Date of Patent: October 30, 2018Assignee: Fortinet, Inc.Inventor: Juneng Zheng
-
Patent number: 10097514Abstract: Systems and methods for filtering unsafe content by a network security device are provided. According to one embodiment, a network security device captures network traffic and extracts a media file from the network traffic. The network security device then determines the presence of a hidden data item embedded in the media file in a machine-readable form. When such a hidden data item is identified, the network security device performs one or more actions on the media file based on a predefined security policy.Type: GrantFiled: January 1, 2018Date of Patent: October 9, 2018Assignee: Fortinet, Inc.Inventors: Guoyi Yan, Juneng Zheng
-
Patent number: 10083318Abstract: Systems and methods for preprocessing data to facilitate DLP pattern matching are provided. An input string is received by a Data Leak Prevention (DLP) system. The input string is converted by the DLP system into a fixed string pattern. The conversion is performed based on multiple class definitions, including a digit class, a letter class and a symbol class. A determination is then made by the DLP system regarding whether the input string contains potential sensitive data to which a full-match is to be applied by matching the fixed string pattern against one or more stored target strings representative of sensitive data.Type: GrantFiled: December 28, 2015Date of Patent: September 25, 2018Assignee: Fortinet, Inc.Inventor: Juneng Zheng
-
Patent number: 10084803Abstract: Systems and methods for rating of signature patterns are provided. According to one embodiment, a frequency of occurrence is determined by a network security system of each of multiple patterns within a pattern database containing a set of candidate patterns from which a set of patterns or sub-patterns thereof will be selected for inclusion within a pre-match list. For each pattern, the network security device determines whether a length of the pattern exceeds a pre-defined length; and, if so, cuts the pattern to generate multiple sub-patterns having the pre-defined length. A rating for each pattern or, as the case may be, each sub-pattern is then determined by the network device based on any or a combination of the frequency of occurrence of the pattern within the pattern database, the length of the pattern or the sub-pattern and a measure of redundancy within the pattern or sub-pattern.Type: GrantFiled: December 28, 2015Date of Patent: September 25, 2018Assignee: Fortinet, Inc.Inventors: Juneng Zheng, Hongbin Lu
-
Publication number: 20180124017Abstract: Systems and methods for filtering unsafe content by a network security device are provided. According to one embodiment, a network security device captures network traffic and extracts a media file from the network traffic. The network security device then determines the presence of a hidden data item embedded in the media file in a machine-readable form. When such a hidden data item is identified, the network security device performs one or more actions on the media file based on a predefined security policy.Type: ApplicationFiled: January 1, 2018Publication date: May 3, 2018Applicant: Fortinet, Inc.Inventors: Guoyi Yan, Juneng Zheng
-
Publication number: 20180089401Abstract: Methods and systems for determining consecutive matches are provided. According to one embodiment, a class definition and a data stream are received by a network security device. The data stream is partitioned into multiple data blocks each containing N data segments. Each data block is processed in parallel to compute: (i) a value (F) indicating whether every data segment value meets the class definition; (ii) a value (L) indicating a number of consecutive data segment values meeting the class definition starting from the left; (iii) a value (M) indicating a maximum number of consecutive data segment values meeting the class definition; and (iv) a value (R) indicating a number of consecutive data segment values meeting the class definition starting from the right. Corresponding values for each data block are then aggregated to determine a maximum number of consecutive data segment values meeting the class definition for the entire data stream.Type: ApplicationFiled: November 19, 2017Publication date: March 29, 2018Applicant: Fortinet, Inc.Inventor: Juneng Zheng
-
Patent number: 9860212Abstract: Systems and methods for filtering unsafe content by a network security device are provided. According to one embodiment, a network security device captures network traffic and extracts a media file from the network traffic. The network security device then determines the presence of a hidden data item embedded in the media file in a machine-readable form. When such a hidden data item is identified, the network security device performs one or more actions on the media file based on a predefined security policy.Type: GrantFiled: May 23, 2017Date of Patent: January 2, 2018Assignee: Fortinet, Inc.Inventors: Guoyi Yan, Juneng Zheng
-
Patent number: 9824195Abstract: Methods and systems for determining consecutive matches are provided. According to one embodiment, a class definition and a data stream are received by a network security device. The data stream is partitioned into multiple data blocks each containing N data segments. Each data block is processed in parallel to compute: (i) a value (F) indicating whether every data segment value meets the class definition; (ii) a value (L) indicating a number of consecutive data segment values meeting the class definition starting from the left; (iii) a value (M) indicating a maximum number of consecutive data segment values meeting the class definition; and (iv) a value (R) indicating a number of consecutive data segment values meeting the class definition starting from the right. Corresponding values for each data block are then aggregated to determine a maximum number of consecutive data segment values meeting the class definition for the entire data stream.Type: GrantFiled: September 29, 2016Date of Patent: November 21, 2017Assignee: Fortinet, Inc.Inventor: Juneng Zheng
-
Publication number: 20170289180Abstract: Systems and methods for high performance IDS/IPS with efficient metadata filtering are provided. According to one embodiment, a signature database of an IDS/IPS is configured with multiple metadata signatures. A pre-match engine identifies a candidate packet of network traffic received by the IDS/IPS for full-feature match processing by: (i) categorizing the metadata signatures based on characteristics thereof; and (ii) processing and filtering a first set of the metadata signatures that forms part of a hash key based metadata signature category. The hash key based metadata signature category represents a category resulting from the categorization and each of the first set of metadata signatures is associated with a fixed unique hash key based on which respective metadata signatures are matched with the received network traffic to identify the candidate packet.Type: ApplicationFiled: March 31, 2016Publication date: October 5, 2017Applicant: Fortinet, Inc.Inventors: Juneng Zheng, Hongbin Lu
-
Publication number: 20170257347Abstract: Systems and methods for filtering unsafe content by a network security device are provided. According to one embodiment, a network security device captures network traffic and extracts a media file from the network traffic. The network security device then determines the presence of a hidden data item embedded in the media file in a machine-readable form. When such a hidden data item is identified, the network security device performs one or more actions on the media file based on a predefined security policy.Type: ApplicationFiled: May 23, 2017Publication date: September 7, 2017Applicant: Fortinet, Inc.Inventors: Guoyi Yan, Juneng Zheng
-
Patent number: 9729511Abstract: Systems and methods for filtering unsafe content by a network security device are provided. According to one embodiment, a network security device captures network traffic and extracts a media file from the network traffic. The network security device then determines the presence of a hidden data item embedded in the media file in a machine-readable form. When such a hidden data item is identified, the network security device performs one or more actions on the media file based on a predefined security policy.Type: GrantFiled: March 11, 2017Date of Patent: August 8, 2017Assignee: Fortinet, Inc.Inventors: Guoyi Yan, Juneng Zheng
-
Patent number: 9727307Abstract: Methods and systems for determining consecutive matches are provided. According to one embodiment, a class definition and a data stream are received by a network security device. The data stream is partitioned into multiple data blocks each containing N data segments. Each data block is processed in parallel to compute: (i) a value (F) indicating whether every data segment value meets the class definition; (ii) a value (L) indicating a number of consecutive data segment values meeting the class definition starting from the left; (iii) a value (M) indicating a maximum number of consecutive data segment values meeting the class definition; and (iv) a value (R) indicating a number of consecutive data segment values meeting the class definition starting from the right. Corresponding values for each data block are then aggregated to determine a maximum number of consecutive data segment values meeting the class definition for the entire data stream.Type: GrantFiled: June 18, 2016Date of Patent: August 8, 2017Assignee: Fortinet, Inc.Inventor: Juneng Zheng
-
Publication number: 20170187683Abstract: Systems and methods for filtering unsafe content by a network security device are provided. According to one embodiment, a network security device captures network traffic and extracts a media file from the network traffic. The network security device then determines the presence of a hidden data item embedded in the media file in a machine-readable form. When such a hidden data item is identified, the network security device performs one or more actions on the media file based on a predefined security policy.Type: ApplicationFiled: March 11, 2017Publication date: June 29, 2017Applicant: Fortinet, Inc.Inventors: Guoyi Yan, Juneng Zheng
-
Publication number: 20170185799Abstract: Systems and methods for preprocessing data to facilitate DLP pattern matching are provided. An input string is received by a Data Leak Prevention (DLP) system. The input string is converted by the DLP system into a fixed string pattern. The conversion is performed based on multiple class definitions, including a digit class, a letter class and a symbol class. A determination is then made by the DLP system regarding whether the input string contains potential sensitive data to which a full-match is to be applied by matching the fixed string pattern against one or more stored target strings representative of sensitive data.Type: ApplicationFiled: December 28, 2015Publication date: June 29, 2017Applicant: Fortinet, Inc.Inventor: Juneng Zheng
-
Publication number: 20170187735Abstract: Systems and methods for rating of signature patterns are provided. According to one embodiment, a frequency of occurrence is determined by a network security system of each of multiple patterns within a pattern database containing a set of candidate patterns from which a set of patterns or sub-patterns thereof will be selected for inclusion within a pre-match list. For each pattern, the network security device determines whether a length of the pattern exceeds a pre-defined length; and, if so, cuts the pattern to generate multiple sub-patterns having the pre-defined length. A rating for each pattern or, as the case may be, each sub-pattern is then determined by the network device based on any or a combination of the frequency of occurrence of the pattern within the pattern database, the length of the pattern or the sub-pattern and a measure of redundancy within the pattern or sub-pattern.Type: ApplicationFiled: December 28, 2015Publication date: June 29, 2017Applicant: Fortinet, Inc.Inventors: Juneng Zheng, Hongbin Lu
-
Patent number: 9660958Abstract: Systems and methods for filtering unsafe content at a network security appliance are provided. According to one embodiment, a network security appliance captures network traffic and extracts a media file from the network traffic. The network security appliance then determines the presence of a hidden data item embedded in the media file in a machine-readable form. When such a hidden data item is identified, the network security appliance performs one or more actions on the media file based on a predefined security policy.Type: GrantFiled: July 30, 2016Date of Patent: May 23, 2017Assignee: Fortinet, Inc.Inventors: Guoyi Yan, Juneng Zheng
-
Publication number: 20170126713Abstract: Methods and systems for determining consecutive matches are provided. According to one embodiment, a class definition and a data stream are received by a network security device. The data stream is partitioned into multiple data blocks each containing N data segments. Each data block is processed in parallel to compute: (i) a value (F) indicating whether every data segment value meets the class definition; (ii) a value (L) indicating a number of consecutive data segment values meeting the class definition starting from the left; (iii) a value (M) indicating a maximum number of consecutive data segment values meeting the class definition; and (iv) a value (R) indicating a number of consecutive data segment values meeting the class definition starting from the right. Corresponding values for each data block are then aggregated to determine a maximum number of consecutive data segment values meeting the class definition for the entire data stream.Type: ApplicationFiled: September 29, 2016Publication date: May 4, 2017Applicant: Fortinet, Inc.Inventor: Juneng Zheng