Patents by Inventor Ryan Permeh
Ryan Permeh has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20200259850Abstract: A system is provided for training a machine learning model to detect malicious container files. The system may include at least one processor and at least one memory. The memory may include program code which when executed by the at least one processor provides operations including: processing a container file with a trained machine learning model, wherein the trained machine learning is trained to determine a classification for the container file indicative of whether the container file includes at least one file rendering the container file malicious; and providing, as an output by the trained machine learning model, an indication of whether the container file includes the at least one file rendering the container file malicious. Related methods and articles of manufacture, including computer program products, are also disclosed.Type: ApplicationFiled: April 28, 2020Publication date: August 13, 2020Inventors: Xuan Zhao, Matthew Wolff, John Brock, Brian Michael Wallace, Andy Wortman, Jian Luan, Mahdi Azarafrooz, Andrew Davis, Michael Thomas Wojnowicz, Derek A. Soeder, David N. Beveridge, Yaroslav Oliinyk, Ryan Permeh
-
Publication number: 20200218807Abstract: In one respect, there is provided a system for training a neural network adapted for classifying one or more scripts. The system may include at least one processor and at least one memory. The memory may include program code which when executed by the at least one memory provides operations including: receiving a disassembled binary file that includes a plurality of instructions; processing the disassembled binary file with a convolutional neural network configured to detect a presence of one or more sequences of instructions amongst the plurality of instructions and determine a classification for the disassembled binary file based at least in part on the presence of the one or more sequences of instructions; and providing, as an output, the classification of the disassembled binary file. Related computer-implemented methods are also disclosed.Type: ApplicationFiled: March 20, 2020Publication date: July 9, 2020Inventors: Andrew Davis, Matthew Wolff, Derek A. Soeder, Glenn Chisholm, Ryan Permeh
-
Patent number: 10685112Abstract: In some implementations there may be provided a system. The system may include a processor and a memory. The memory may include program code which causes operations when executed by the processor. The operations may include analyzing a series of events contained in received data. The series of events may include events that occur during the execution of a data object. The series of events may be analyzed to at least extract, from the series of events, subsequences of events. A machine learning model may determine a classification for the received data. The machine learning model may classify the received data based at least on whether the subsequences of events are malicious. The classification indicative of whether the received data is malicious may be provided. Related methods and articles of manufacture, including computer program products, are also disclosed.Type: GrantFiled: May 5, 2017Date of Patent: June 16, 2020Assignee: Cylance Inc.Inventors: Xuan Zhao, Aditya Kapoor, Matthew Wolff, Andrew Davis, Derek Soeder, Ryan Permeh
-
Patent number: 10635814Abstract: In one respect, there is provided a system for training a neural network adapted for classifying one or more scripts. The system may include at least one processor and at least one memory. The memory may include program code which when executed by the at least one memory provides operations including: receiving a disassembled binary file that includes a plurality of instructions; processing the disassembled binary file with a convolutional neural network configured to detect a presence of one or more sequences of instructions amongst the plurality of instructions and determine a classification for the disassembled binary file based at least in part on the presence of the one or more sequences of instructions; and providing, as an output, the classification of the disassembled binary file. Related computer-implemented methods are also disclosed.Type: GrantFiled: November 7, 2018Date of Patent: April 28, 2020Assignee: Cylance Inc.Inventors: Andrew Davis, Matthew Wolff, Derek A. Soeder, Glenn Chisholm, Ryan Permeh
-
Patent number: 10637874Abstract: In one respect, there is provided a system for training a machine learning model to detect malicious container files. The system may include at least one processor and at least one memory. The memory may include program code which when executed by the at least one processor provides operations including: processing a container file with a trained machine learning model, wherein the trained machine learning is trained to determine a classification for the container file indicative of whether the container file includes at least one file rendering the container file malicious; and providing, as an output by the trained machine learning model, an indication of whether the container file includes the at least one file rendering the container file malicious. Related methods and articles of manufacture, including computer program products, are also disclosed.Type: GrantFiled: November 7, 2016Date of Patent: April 28, 2020Assignee: Cylance Inc.Inventors: Xuan Zhao, Matthew Wolff, John Brock, Brian Wallace, Andrew Wortman, Jian Luan, Mahdi Azarafrooz, Andrew Davis, Michael Wojnowicz, Derek Soeder, David Beveridge, Yaroslav Oliinyk, Ryan Permeh
-
Publication number: 20200057853Abstract: In one respect, there is provided a system for training a machine learning model to detect malicious container files. The system may include at least one processor and at least one memory. The at least one memory may include program code that provides operations when executed by the at least one processor. The operations may include: training, based on a training data, a machine learning model to enable the machine learning model to determine whether at least one container file includes at least one file rendering the at least one container file malicious; and providing the trained machine learning model to enable the determination of whether the at least one container file includes at least one file rendering the at least one container file malicious. Related methods and articles of manufacture, including computer program products, are also disclosed.Type: ApplicationFiled: October 24, 2019Publication date: February 20, 2020Inventors: Xuan Zhao, Matthew Wolff, John Brock, Brian Wallace, Andy Wortman, Jian Luan, Mahdi Azarafrooz, Andrew Davis, Michael Wojnowicz, Derek Soeder, David Beveridge, Yaroslav Oliinyk, Ryan Permeh
-
Patent number: 10558804Abstract: Using a recurrent neural network (RNN) that has been trained to a satisfactory level of performance, highly discriminative features can be extracted by running a sample through the RNN, and then extracting a final hidden state hi, where i is the number of instructions of the sample. This resulting feature vector may then be concatenated with the other hand-engineered features, and a larger classifier may then be trained on hand-engineered as well as automatically determined features. Related apparatus, systems, techniques and articles are also described.Type: GrantFiled: August 12, 2016Date of Patent: February 11, 2020Assignee: Cylance Inc.Inventors: Andrew Davis, Matthew Wolff, Derek A. Soeder, Glenn Chisholm, Ryan Permeh
-
Patent number: 10503901Abstract: In one respect, there is provided a system for training a machine learning model to detect malicious container files. The system may include at least one processor and at least one memory. The at least one memory may include program code that provides operations when executed by the at least one processor. The operations may include: training, based on a training data, a machine learning model to enable the machine learning model to determine whether at least one container file includes at least one file rendering the at least one container file malicious; and providing the trained machine learning model to enable the determination of whether the at least one container file includes at least one file rendering the at least one container file malicious. Related methods and articles of manufacture, including computer program products, are also disclosed.Type: GrantFiled: November 7, 2016Date of Patent: December 10, 2019Assignee: Cylance Inc.Inventors: Xuan Zhao, Matthew Wolff, John Brock, Brian Wallace, Andy Wortman, Jian Luan, Mahdi Azarafrooz, Andrew Davis, Michael Wojnowicz, Derek Soeder, David Beveridge, Yaroslav Oliinyk, Ryan Permeh
-
Publication number: 20190303570Abstract: An endpoint computer system can harvest data relating to a plurality of events occurring within an operating environment of the endpoint computer system and can add the harvested data to a local data store maintained on the endpoint computer system. A query response can be generated, for example by identifying and retrieving responsive data from the local data store. The responsive data are related to an artifact on the endpoint computer system and/or to an event of the plurality of events. In some examples, the local data store can be an audit log and/or can include one or more tamper resistant features. Systems, methods, and computer program products are described.Type: ApplicationFiled: May 30, 2019Publication date: October 3, 2019Inventors: Ryan Permeh, Matthew Wolff, Samuel John Oswald, Xuan Zhao, Mark Culley, Steven Polson
-
Publication number: 20190294789Abstract: An endpoint computer system can harvest data relating to a plurality of events occurring within an operating environment of the endpoint computer system and can add the harvested data to a local data store maintained on the endpoint computer system. In some examples, the local data store can be an audit log and/or can include one or more tamper resistant features. Systems, methods, and computer program products are described.Type: ApplicationFiled: May 29, 2019Publication date: September 26, 2019Inventors: Ryan Permeh, Matthew Wolff, Samuel John Oswald, Xuan Zhao, Mark Culley, Steve Polson
-
Publication number: 20190286819Abstract: In one respect, there is provided a system for classifying malware. The system may include a data processor and a memory. The memory may include program code that provides operations when executed by the processor. The operations may include: providing, to a display, contextual information associated with a file to at least enable a classification of the file, when a malware classifier is unable to classify the file; receiving, in response to the providing of the contextual information, the classification of the file; and updating, based at least on the received classification of the file, the malware classifier to enable the malware classifier to classify the file. Methods and articles of manufacture, including computer program products, are also provided.Type: ApplicationFiled: May 31, 2019Publication date: September 19, 2019Inventors: Matthew Maisel, Ryan Permeh, Matthew Wolff, Gabriel Acevedo, Andrew Davis, John Brock, Homer Valentine Strong, Michael Wojnowicz, Kevin Beets
-
Publication number: 20190278690Abstract: Data is received or accessed that includes a structured file encapsulating data required by an execution environment to manage executable code wrapped within the structured file. Thereafter, code and data regions are iteratively identified in the structured file. Such identification is analyzed so that at least one feature can be extracted from the structured file. Related apparatus, systems, techniques and articles are also described.Type: ApplicationFiled: May 28, 2019Publication date: September 12, 2019Inventors: Derek A. Soeder, Ryan Permeh, Gary Golomb, Matthew Wolff
-
Patent number: 10394686Abstract: Data is received or accessed that includes a structured file encapsulating data required by an execution environment to manage executable code wrapped within the structured file. Thereafter, code and data regions are iteratively identified in the structured file. Such identification is analyzed so that at least one feature can be extracted from the structured file. Related apparatus, systems, techniques and articles are also described.Type: GrantFiled: February 6, 2018Date of Patent: August 27, 2019Assignee: Cylance Inc.Inventors: Derek A. Soeder, Ryan Permeh, Gary Golomb, Matthew Wolff
-
Patent number: 10360380Abstract: In one respect, there is provided a system for classifying malware. The system may include a data processor and a memory. The memory may include program code that provides operations when executed by the processor. The operations may include: providing, to a display, contextual information associated with a file to at least enable a classification of the file, when a malware classifier is unable to classify the file; receiving, in response to the providing of the contextual information, the classification of the file; and updating, based at least on the received classification of the file, the malware classifier to enable the malware classifier to classify the file. Methods and articles of manufacture, including computer program products, are also provided.Type: GrantFiled: January 19, 2017Date of Patent: July 23, 2019Assignee: Cylance Inc.Inventors: Matthew Maisel, Ryan Permeh, Matthew Wolff, Gabriel Acevedo, Andrew Davis, John Brock, Homer Strong, Michael Wojnowicz, Kevin Beets
-
Patent number: 10354067Abstract: An endpoint computer system can harvest data relating to a plurality of events occurring within an operating environment of the endpoint computer system and can add the harvested data to a local data store maintained on the endpoint computer system. In some examples, the local data store can be an audit log and/or can include one or more tamper resistant features. Systems, methods, and computer program products are described.Type: GrantFiled: November 18, 2016Date of Patent: July 16, 2019Assignee: Cylance Inc.Inventors: Ryan Permeh, Matthew Wolff, Samuel John Oswald, Xuan Zhao, Mark Culley, Steve Polson
-
Patent number: 10354066Abstract: An endpoint computer system can harvest data relating to a plurality of events occurring within an operating environment of the endpoint computer system and can add the harvested data to a local data store maintained on the endpoint computer system. A query response can be generated, for example by identifying and retrieving responsive data from the local data store. The responsive data are related to an artifact on the endpoint computer system and/or to an event of the plurality of events. In some examples, the local data store can be an audit log and/or can include one or more tamper resistant features. Systems, methods, and computer program products are described.Type: GrantFiled: November 17, 2016Date of Patent: July 16, 2019Assignee: Cylance Inc.Inventors: Ryan Permeh, Matthew Wolff, Samuel John Oswald, Xuan Zhao, Mark Culley, Steve Polson
-
Patent number: 10339305Abstract: In one aspect there is provided a method. The method may include: determining that an executable implements a sub-execution environment, the sub-execution environment being configured to receive an input, and the input triggering at least one event at the sub-execution environment; intercepting the event at the sub-execution environment; and applying a security policy to the intercepted event, the applying of the policy comprises blocking the event, when the event is determined to be a prohibited event. Systems and articles of manufacture, including computer program products, are also provided.Type: GrantFiled: February 24, 2017Date of Patent: July 2, 2019Assignee: Cylance Inc.Inventors: Ryan Permeh, Derek Soeder, Matthew Wolff, Ming Jin, Xuan Zhao
-
Publication number: 20190188381Abstract: In some implementations there may be provided a system. The system may include a processor and a memory. The memory may include program code which causes operations when executed by the processor. The operations may include analyzing a series of events contained in received data. The series of events may include events that occur during the execution of a data object. The series of events may be analyzed to at least extract, from the series of events, subsequences of events. A machine learning model may determine a classification for the received data. The machine learning model may classify the received data based at least on whether the subsequences of events are malicious. The classification indicative of whether the received data is malicious may be provided. Related methods and articles of manufacture, including computer program products, are also disclosed.Type: ApplicationFiled: May 5, 2017Publication date: June 20, 2019Inventors: Xuan Zhao, Aditya Kapoor, Matthew Wolff, Andrew Davis, Derek Soeder, Ryan Permeh
-
Publication number: 20190188375Abstract: Described are techniques to enable computers to efficiently determine if they should run a program based on an immediate (i.e., real-time, etc.) analysis of the program. Such an approach leverages highly trained ensemble machine learning algorithms to create a real-time discernment on a combination of static and dynamic features collected from the program, the computer's current environment, and external factors. Related apparatus, systems, techniques and articles are also described.Type: ApplicationFiled: January 24, 2019Publication date: June 20, 2019Inventors: Ryan Permeh, Derek A. Soeder, Glenn Chisholm, Braden Russell, Gary Golomb, Matthew Wolff, Stuart McClure
-
Publication number: 20190156033Abstract: In one respect, there is provided a system for training a neural network adapted for classifying one or more scripts. The system may include at least one processor and at least one memory. The memory may include program code which when executed by the at least one memory provides operations including: receiving a disassembled binary file that includes a plurality of instructions; processing the disassembled binary file with a convolutional neural network configured to detect a presence of one or more sequences of instructions amongst the plurality of instructions and determine a classification for the disassembled binary file based at least in part on the presence of the one or more sequences of instructions; and providing, as an output, the classification of the disassembled binary file. Related computer-implemented methods are also disclosed.Type: ApplicationFiled: November 7, 2018Publication date: May 23, 2019Inventors: Andrew Davis, Matthew Wolff, Derek A. Soeder, Glenn Chisholm, Ryan Permeh