Patents by Inventor Tongbo Luo
Tongbo Luo has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11861008Abstract: The use of browser context in detecting malware is disclosed. A client device requests content from a remote server. Data received by the client device from the remote server is transmitted to an external scanner for analysis by the external scanner. The external scanner is configured to use a browser executed in an instrumented virtual machine environment to analyze the data provided by the client device. The client device is configured to request the content from the remote server using a browser extension configured to retrieve data and provide the retrieved data to the external scanner without rendering the retrieved data.Type: GrantFiled: July 21, 2022Date of Patent: January 2, 2024Assignee: Palo Alto Networks, Inc.Inventors: Tongbo Luo, Xin Ouyang, Zhaoyan Xu, Xing Jin
-
Publication number: 20230342452Abstract: Execution of an application in an application-level sandbox is disclosed. A request to launch an application is received by an operating system executing on a device. A determination is made that a stored copy of the application should be executed within an application-level sandbox. The stored copy of the application is executed in the application-level sandbox.Type: ApplicationFiled: May 12, 2023Publication date: October 26, 2023Inventors: Zhi Xu, Cong Zheng, Tongbo Luo, Wenjun Hu
-
Patent number: 11720666Abstract: Execution of an application in an application-level sandbox is disclosed. A request to launch an application is received by an operating system executing on a device. A determination is made that a stored copy of the application should be executed within an application-level sandbox. The stored copy of the application is executed in the application-level sandbox.Type: GrantFiled: October 21, 2021Date of Patent: August 8, 2023Assignee: Palo Alto Networks, Inc.Inventors: Zhi Xu, Cong Zheng, Tongbo Luo, Wenjun Hu
-
Patent number: 11627160Abstract: Techniques for providing an intelligent-interaction honeypot for IoT devices in accordance with some embodiments. In some embodiments, a system/process/computer program product for providing an intelligent-interaction honeypot for IoT devices includes receiving a request from an attacker sent to an IP address that is associated with a honeypot instance for Internet of Things (IoT) devices; determining a response to the request using a data store that stores a plurality of responses and associated IoT device information, wherein the plurality of responses and associated IoT device information is generated based on automated machine learning of active probing of physical IoT devices on the Internet; and sending the response from the honeypot instance for IoT devices to the attacker, wherein the attacker is unable to detect that the response is associated with an emulated IoT device.Type: GrantFiled: February 28, 2021Date of Patent: April 11, 2023Assignee: Palo Alto Networks, Inc.Inventors: Tongbo Luo, Zhaoyan Xu, Xing Jin, Yanhui Jia, Xin Ouyang
-
Publication number: 20220358217Abstract: The use of browser context in detecting malware is disclosed. A client device requests content from a remote server. Data received by the client device from the remote server is transmitted to an external scanner for analysis by the external scanner. The external scanner is configured to use a browser executed in an instrumented virtual machine environment to analyze the data provided by the client device. The client device is configured to request the content from the remote server using a browser extension configured to retrieve data and provide the retrieved data to the external scanner without rendering the retrieved data.Type: ApplicationFiled: July 21, 2022Publication date: November 10, 2022Inventors: Tongbo Luo, Xin Ouyang, Zhaoyan Xu, Xing Jin
-
Patent number: 11436329Abstract: The use of browser context in detecting malware is disclosed. A client device requests content from a remote server. Data received by the client device from the remote server is transmitted to an external scanner for analysis by the external scanner. The external scanner is configured to use a browser executed in an instrumented virtual machine environment to analyze the data provided by the client device. The client device is configured to act as a proxy on behalf of the external scanner.Type: GrantFiled: July 13, 2020Date of Patent: September 6, 2022Assignee: Palo Alto Networks, Inc.Inventors: Tongbo Luo, Xin Ouyang, Zhaoyan Xu, Xing Jin
-
Publication number: 20220043906Abstract: Execution of an application in an application-level sandbox is disclosed. A request to launch an application is received by an operating system executing on a device. A determination is made that a stored copy of the application should be executed within an application-level sandbox. The stored copy of the application is executed in the application-level sandbox.Type: ApplicationFiled: October 21, 2021Publication date: February 10, 2022Inventors: Zhi Xu, Cong Zheng, Tongbo Luo, Wenjun Hu
-
Patent number: 11210391Abstract: Execution of an application in an application-level sandbox is disclosed. A request to launch an application is received by an operating system executing on a device. A determination is made that a stored copy of the application should be executed within an application-level sandbox. The stored copy of the application is executed in the application-level sandbox.Type: GrantFiled: November 29, 2018Date of Patent: December 28, 2021Assignee: Palo Alto Networks, Inc.Inventors: Zhi Xu, Cong Zheng, Tongbo Luo, Wenjun Hu
-
Publication number: 20210194926Abstract: Techniques for providing an intelligent-interaction honeypot for IoT devices in accordance with some embodiments. In some embodiments, a system/process/computer program product for providing an intelligent-interaction honeypot for IoT devices includes receiving a request from an attacker sent to an IP address that is associated with a honeypot instance for Internet of Things (IoT) devices; determining a response to the request using a data store that stores a plurality of responses and associated IoT device information, wherein the plurality of responses and associated IoT device information is generated based on automated machine learning of active probing of physical IoT devices on the Internet; and sending the response from the honeypot instance for IoT devices to the attacker, wherein the attacker is unable to detect that the response is associated with an emulated IoT device.Type: ApplicationFiled: February 28, 2021Publication date: June 24, 2021Inventors: Tongbo Luo, Zhaoyan Xu, Xing Jin, Yanhui Jia, Xin Ouyang
-
Patent number: 10986126Abstract: Techniques for providing an intelligent-interaction honeypot for IoT devices in accordance with some embodiments. In some embodiments, a system/process/computer program product for providing an intelligent-interaction honeypot for IoT devices includes receiving a request from an attacker sent to an IP address that is associated with a honeypot instance for Internet of Things (IoT) devices; determining a response to the request using a data store that stores a plurality of responses and associated IoT device information, wherein the plurality of responses and associated IoT device information is generated based on automated machine learning of active probing of physical IoT devices on the Internet; and sending the response from the honeypot instance for IoT devices to the attacker, wherein the attacker is unable to detect that the response is associated with an emulated IoT device.Type: GrantFiled: July 24, 2018Date of Patent: April 20, 2021Assignee: Palo Alto Networks, Inc.Inventors: Tongbo Luo, Zhaoyan Xu, Xing Jin, Yanhui Jia, Xin Ouyang
-
Publication number: 20200342103Abstract: The use of browser context in detecting malware is disclosed. A client device requests content from a remote server. Data received by the client device from the remote server is transmitted to an external scanner for analysis by the external scanner. The external scanner is configured to use a browser executed in an instrumented virtual machine environment to analyze the data provided by the client device. The client device is configured to act as a proxy on behalf of the external scanner.Type: ApplicationFiled: July 13, 2020Publication date: October 29, 2020Inventors: Tongbo Luo, Xin Ouyang, Zhaoyan Xu, Xing Jin
-
Patent number: 10785236Abstract: The technology disclosed herein enables the generation of malware traffic signatures by performing natural language processing on known malware traffic using a neural network. In a particular embodiment, a method provides generating sentences comprising first information obtained from a plurality of fields in each of a plurality of known malware data packets in a first malware family. The method further provides inputting the sentences into a first neural network for natural language processing of the sentences and generating one or more signatures for the first malware family from results of the natural language processing of the sentences.Type: GrantFiled: January 31, 2018Date of Patent: September 22, 2020Assignee: Palo Alto Networks, Inc.Inventors: Zhaoyan Xu, Tongbo Luo
-
Patent number: 10747881Abstract: The use of browser context in detecting malware is disclosed. A Uniform Resource Locator (URL) is received from a user and at a client device. The URL is used to request, at the client device, and from a remote server, content. At least a portion of data received from the remote server is provided by the client device to an external scanner. The external scanner is configured to use a browser executed in an instrumented virtual machine environment to analyze the data provided by the client device. A maliciousness verdict is received from the external scanner.Type: GrantFiled: September 15, 2017Date of Patent: August 18, 2020Assignee: Palo Alto Networks, Inc.Inventors: Tongbo Luo, Xin Ouyang, Zhaoyan Xu, Xing Jin
-
Publication number: 20200175152Abstract: Execution of an application in an application-level sandbox is disclosed. A request to launch an application is received by an operating system executing on a device. A determination is made that a stored copy of the application should be executed within an application-level sandbox. The stored copy of the application is executed in the application-level sandbox.Type: ApplicationFiled: November 29, 2018Publication date: June 4, 2020Inventors: Zhi Xu, Cong Zheng, Tongbo Luo, Wenjun Hu
-
Publication number: 20190104139Abstract: The technology disclosed herein enables the generation of malware traffic signatures by performing natural language processing on known malware traffic using a neural network. In a particular embodiment, a method provides generating sentences comprising first information obtained from a plurality of fields in each of a plurality of known malware data packets in a first malware family. The method further provides inputting the sentences into a first neural network for natural language processing of the sentences and generating one or more signatures for the first malware family from results of the natural language processing of the sentences.Type: ApplicationFiled: January 31, 2018Publication date: April 4, 2019Inventors: Zhaoyan Xu, Tongbo Luo
-
Publication number: 20190081980Abstract: Techniques for providing an intelligent-interaction honeypot for IoT devices in accordance with some embodiments. In some embodiments, a system/process/computer program product for providing an intelligent-interaction honeypot for IoT devices includes receiving a request from an attacker sent to an IP address that is associated with a honeypot instance for Internet of Things (IoT) devices; determining a response to the request using a data store that stores a plurality of responses and associated IoT device information, wherein the plurality of responses and associated IoT device information is generated based on automated machine learning of active probing of physical IoT devices on the Internet; and sending the response from the honeypot instance for IoT devices to the attacker, wherein the attacker is unable to detect that the response is associated with an emulated IoT device.Type: ApplicationFiled: July 24, 2018Publication date: March 14, 2019Inventors: Tongbo Luo, Zhaoyan Xu, Xing Jin, Yanhui Jia, Xin Ouyang