Patents by Inventor Suiqiang Deng
Suiqiang Deng has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11636208Abstract: Generating models usable by data appliances to perform inline malware analysis is disclosed. A set of features, including a plurality of n-grams, extracted from a set of files is received. A reduced set of features is determined that includes at least some of the plurality of n-grams. The reduced set of features is used to generate a model usable by a data appliance to perform inline malware analysis.Type: GrantFiled: July 19, 2019Date of Patent: April 25, 2023Assignee: Palo Alto Networks, Inc.Inventors: William Redington Hewlett, II, Suiqiang Deng, Sheng Yang, Ho Yu Lam
-
Publication number: 20220217164Abstract: Detection of malicious files is disclosed. A set comprising a plurality of sample classification models is received and stored. A determination is made that n-gram analysis should be performed on a sequence of received packets associated with a received file. Performing the n-gram analysis includes using a determined filetype associated with the sequence of received packets to select at least one stored sample classification model included in the set for use in performing the n-gram analysis. A determination is made that the received file is malicious based at least in part on the n-gram analysis of the sequence of received packets. In response to determining that the file is malicious, propagation of the received file is prevented.Type: ApplicationFiled: March 23, 2022Publication date: July 7, 2022Inventors: William Redington Hewlett, II, Suiqiang Deng, Sheng Yang, Ho Yu Lam
-
Patent number: 11374946Abstract: Detection of malicious files is disclosed. A set comprising one or more sample classification models is stored on a networked device. N-gram analysis is performed on a sequence of received packets associated with a received file. Performing the n-gram analysis includes using at least one stored sample classification model. A determination is made that the received file is malicious based at least in part on the n-gram analysis of the sequence of received packets. In response to determining that the file is malicious, propagation of the received file is prevented.Type: GrantFiled: July 19, 2019Date of Patent: June 28, 2022Assignee: Palo Alto Networks, Inc.Inventors: William Redington Hewlett, II, Suiqiang Deng, Sheng Yang, Ho Yu Lam
-
Patent number: 11336664Abstract: Detection of malicious files is disclosed. A set comprising one or more sample classification models is stored on a networked device. N-gram analysis is performed on a sequence of received packets associated with a received file. Performing the n-gram analysis includes using at least one stored sample classification model. A determination is made that the received file is malicious based at least in part on the n-gram analysis of the sequence of received packets. In response to determining that the file is malicious, propagation of the received file is prevented.Type: GrantFiled: July 19, 2019Date of Patent: May 17, 2022Assignee: Palo Alto Networks, Inc.Inventors: William Redington Hewlett, II, Suiqiang Deng, Sheng Yang, Ho Yu Lam
-
Publication number: 20220070223Abstract: Techniques for a security platform with external inline processing of assembled selected traffic are disclosed. In some embodiments, a system/method/computer program product for providing a security platform with external inline processing of assembled selected traffic includes monitoring network traffic of a session at a security platform; selecting a subset of the monitored network traffic associated with the session to send to a cloud-based security service for analysis based on a security policy, wherein the selected subset of the monitored network traffic is proxied to the cloud-based security service; and receiving, from the cloud-based security service, results of the analysis based on the security policy, and performing a responsive action based on the results of the analysis based on the security policy.Type: ApplicationFiled: August 31, 2020Publication date: March 3, 2022Inventors: Suiqiang Deng, Jiangxia Liu
-
Patent number: 10965716Abstract: A request to establish a session with a first server is received from a client device. The first server is associated with a first hostname, and the request includes information identifying a second hostname purported to correspond to the first server. A Domain Name System (DNS) lookup using the second hostname is performed. A determination that the second hostname was spoofed by the client device is determined based on a response to the DNS lookup. In response to the determination being made that the request received from the client device includes the spoofed second hostname, a determination that the client device has injected or overridden at least one of an HTTP Host header and a Server Name Indicator in the request is made, and an action to take with respect to the client device is determined.Type: GrantFiled: October 30, 2019Date of Patent: March 30, 2021Assignee: Palo Alto Networks, Inc.Inventors: Martin Walter, Charles Bransi, Suiqiang Deng
-
Publication number: 20210021611Abstract: Detection of malicious files is disclosed. A set comprising one or more sample classification models is stored on a networked device. N-gram analysis is performed on a sequence of received packets associated with a received file. Performing the n-gram analysis includes using at least one stored sample classification model. A determination is made that the received file is malicious based at least in part on the n-gram analysis of the sequence of received packets. In response to determining that the file is malicious, propagation of the received file is prevented.Type: ApplicationFiled: July 19, 2019Publication date: January 21, 2021Inventors: William Redington Hewlett, II, Suiqiang Deng, Sheng Yang, Ho Yu Lam
-
Publication number: 20210019412Abstract: Generating models usable by data appliances to perform inline malware analysis is disclosed. A set of features, including a plurality of n-grams, extracted from a set of files is received. A reduced set of features is determined that includes at least some of the plurality of n-grams. The reduced set of features is used to generate a model usable by a data appliance to perform inline malware analysis.Type: ApplicationFiled: July 19, 2019Publication date: January 21, 2021Inventors: William Redington Hewlett, II, Suiqiang Deng, Sheng Yang, Ho Yu Lam
-
Patent number: 10637863Abstract: Enforcing a policy is described. A mapping between an IP address of a device and a user identity is identified at a first appliance, at least in part by correlating event information. The mapping is transmitted to a second appliance. A policy is applied by the second appliance to the device based at least in part on the user identity.Type: GrantFiled: March 31, 2017Date of Patent: April 28, 2020Assignee: Palo Alto Networks, Inc.Inventors: Song Wang, Michael Soren Jacobsen, Martin Walter, Suiqiang Deng, Zhipu Jin
-
Publication number: 20200067989Abstract: A request to establish a session with a first server is received from a client device. The first server is associated with a first hostname, and the request includes information identifying a second hostname purported to correspond to the first server. A Domain Name System (DNS) lookup using the second hostname is performed. A determination that the second hostname was spoofed by the client device is determined based on a response to the DNS lookup. In response to the determination being made that the request received from the client device includes the spoofed second hostname, a determination that the client device has injected or overridden at least one of an HTTP Host header and a Server Name Indicator in the request is made, and an action to take with respect to the client device is determined.Type: ApplicationFiled: October 30, 2019Publication date: February 27, 2020Inventors: Martin Walter, Charles Bransi, Suiqiang Deng
-
Patent number: 10505985Abstract: A request to access a network resource is received from a client device. The request includes a purported hostname of the network resource. A Domain Name System (DNS) lookup of the purported hostname is performed. A result of the lookup is used in making a determination that the request received from the client device is invalid. In response to the determination being made that the request received from the client device is invalid, an action to take with respect to the client device is determined.Type: GrantFiled: April 12, 2017Date of Patent: December 10, 2019Assignee: Palo Alto Networks, Inc.Inventors: Martin Walter, Charles Bransi, Suiqiang Deng
-
Patent number: 10425387Abstract: Techniques for credentials enforcement using a firewall are disclosed. In some embodiments, a system, process, and/or computer program product for enforcement using a firewall includes storing a plurality of user credentials at a network device; monitoring network traffic at the network device to determine if there is a match with one or more of the plurality of user credentials; and performing an action if the match is determined.Type: GrantFiled: April 4, 2018Date of Patent: September 24, 2019Assignee: Palo Alto Networks, Inc.Inventors: Robert Earle Ashley, Ho Yu Lam, Xuanyu Jin, Suiqiang Deng, Taylor Ettema, Robert Tesh
-
Patent number: 10298610Abstract: Techniques for an efficient and secure store for credentials enforcement using a firewall are disclosed. In some embodiments, a system, process, and/or computer program product for an efficient and secure store for credentials enforcement using a firewall includes receiving a space-efficient and secure data structure, such as bloom filter, from an agent executed on an authentication server, in which the bloom filter is generated by the agent based on a transformation of a plurality of user credentials extracted from the authentication server and/or intercepted at the authentication server; storing the bloom filter on the network device (e.g., in a cache on the network device); and monitoring network traffic at the network device to perform credentials enforcement using the bloom filter.Type: GrantFiled: July 9, 2018Date of Patent: May 21, 2019Assignee: Palo Alto Networks, Inc.Inventors: Robert Earle Ashley, Ho Yu Lam, Xuanyu Jin, Suiqiang Deng, Taylor Ettema, Robert Tesh
-
Publication number: 20180332079Abstract: Techniques for an efficient and secure store for credentials enforcement using a firewall are disclosed. In some embodiments, a system, process, and/or computer program product for an efficient and secure store for credentials enforcement using a firewall includes receiving a space-efficient and secure data structure, such as bloom filter, from an agent executed on an authentication server, in which the bloom filter is generated by the agent based on a transformation of a plurality of user credentials extracted from the authentication server and/or intercepted at the authentication server; storing the bloom filter on the network device (e.g., in a cache on the network device); and monitoring network traffic at the network device to perform credentials enforcement using the bloom filter.Type: ApplicationFiled: July 9, 2018Publication date: November 15, 2018Inventors: Robert Earle Ashley, Ho Yu Lam, Xuanyu Jin, Suiqiang Deng, Taylor Ettema, Robert Tesh
-
Publication number: 20180309721Abstract: Techniques for credentials enforcement using a firewall are disclosed. In some embodiments, a system, process, and/or computer program product for enforcement using a firewall includes storing a plurality of user credentials at a network device; monitoring network traffic at the network device to determine if there is a match with one or more of the plurality of user credentials; and performing an action if the match is determined.Type: ApplicationFiled: April 4, 2018Publication date: October 25, 2018Inventors: Robert Earle Ashley, Ho Yu Lam, Xuanyu Jin, Suiqiang Deng, Taylor Ettema, Robert Tesh
-
Patent number: 10051001Abstract: Techniques for an efficient and secure store for credentials enforcement using a firewall are disclosed. In some embodiments, a system, process, and/or computer program product for an efficient and secure store for credentials enforcement using a firewall includes receiving a space-efficient and secure data structure, such as bloom filter, from an agent executed on an authentication server, in which the bloom filter is generated by the agent based on a transformation of a plurality of user credentials extracted from the authentication server and/or intercepted at the authentication server; storing the bloom filter on the network device (e.g., in a cache on the network device); and monitoring network traffic at the network device to perform credentials enforcement using the bloom filter.Type: GrantFiled: July 31, 2015Date of Patent: August 14, 2018Assignee: Palo Alto Networks, Inc.Inventors: Robert Earle Ashley, Ho Yu Lam, Xuanyu Jin, Suiqiang Deng, Taylor Ettema, Robert Tesh
-
Patent number: 9967236Abstract: Techniques for credentials enforcement using a firewall are disclosed. In some embodiments, a system, process, and/or computer program product for enforcement using a firewall includes storing a plurality of user credentials at a network device; monitoring network traffic at the network device to determine if there is a match with one or more of the plurality of user credentials; and performing an action if the match is determined.Type: GrantFiled: July 31, 2015Date of Patent: May 8, 2018Assignee: Palo Alto Networks, Inc.Inventors: Robert Earle Ashley, Ho Yu Lam, Xuanyu Jin, Suiqiang Deng, Taylor Ettema, Robert Tesh
-
Patent number: 9660992Abstract: Enforcing a policy is described. A mapping between an IP address of a device and a user identity is identified at a first appliance, at least in part by correlating event information. The mapping is transmitted to a second appliance. A policy is applied by the second appliance to the device based at least in part on the user identity.Type: GrantFiled: June 22, 2012Date of Patent: May 23, 2017Assignee: Palo Alto Networks, Inc.Inventors: Song Wang, Michael Jacobsen, Martin Walter, Suiqiang Deng, Zhipu Jin
-
Patent number: 9461964Abstract: Policy enforcement is disclosed. A first identity and second notification are respectively received from a network device at different first and second times. In response to the receipt of the second identity notification, a determination is made that an IP address associated with the network advice has changed from a first IP address to a second IP address. A mapping between an identifier associated with the device and the first IP address is updated to a mapping between the identifier and the second IP address. A policy is updated based on the updated mapping.Type: GrantFiled: November 26, 2014Date of Patent: October 4, 2016Assignee: Palo Alto Networks, Inc.Inventors: Song Wang, Suiqiang Deng, Wilson Xu, Martin Walter
-
Publication number: 20150200912Abstract: Policy enforcement is disclosed. A first identity and second notification are respectively received from a network device at different first and second times. In response to the receipt of the second identity notification, a determination is made that an IP address associated with the network advice has changed from a first IP address to a second IP address. A mapping between an identifier associated with the device and the first IP address is updated to a mapping between the identifier and the second IP address. A policy is updated based on the updated mapping.Type: ApplicationFiled: November 26, 2014Publication date: July 16, 2015Inventors: Song Wang, Suiqiang Deng, Wilson Xu, Martin Walter