Virus Detection Patents (Class 726/24)
  • Patent number: 11928206
    Abstract: Examples of the present disclosure describe systems and methods for selective export address table filtering. In aspects, the relative virtual address (RVA) of exported function names may be modified to point to a protected memory location. An exception handler may be registered to process exceptions relating to access violations of the protected memory location. If an exception is detected that indicates an attempt to access the protected memory location, the instruction pointer of the exception may be compared to an allowed range of memory addresses. If the instruction pointer address is outside the boundaries, remedial action may occur.
    Type: Grant
    Filed: April 20, 2023
    Date of Patent: March 12, 2024
    Assignee: Open Text Inc.
    Inventors: Eric Klonowski, Ira Strawser
  • Patent number: 11930019
    Abstract: In one embodiment, a malware analysis method includes receiving a file on a virtual machine (VM). The VM includes, a web debugging proxy, a system resource monitor, and a file analysis tool. The method also includes performing, with the file analysis tool, a static analysis on the file. The static analysis includes determining a set of file properties of the file, and storing the determined file properties in a repository. The method further includes performing, with the web debugging proxy and the system resource monitor, a dynamic analysis on the file, the dynamic analysis. The dynamic analysis includes running the file on the VM, determining, with the web debugging proxy, web traffic of the virtual machine, determining, with the system resource monitor, executed commands and modifications to system resources of the VM originating from the file, and storing the determined traffic and executed commands in the repository.
    Type: Grant
    Filed: April 21, 2021
    Date of Patent: March 12, 2024
    Assignee: Saudi Arabian Oil Company
    Inventors: Reem Abdullah Algarawi, Majed Ali Hakami
  • Patent number: 11928631
    Abstract: A computer model is created for automatically evaluating the business value of computing objects such as files and databases on an endpoint. This can be used to assess the potential business impact of a security compromise to an endpoint, or a process executing on an endpoint, in order to prioritize potential threats within an enterprise for human review and intervention.
    Type: Grant
    Filed: March 1, 2021
    Date of Patent: March 12, 2024
    Assignee: Sophos Limited
    Inventors: Russell Humphries, Andrew J. Thomas
  • Patent number: 11922199
    Abstract: An in-guest agent in a virtual machine (VM) operates in conjunction with a replication module. The replication module performs continuous data protection (CDP) by saving images of the VM as checkpoints at a disaster recovery site over time. Concurrently, the in-guest agent monitors for behavior in the VM that may be indicative of the presence of malicious code. If the in-guest agent identifies behavior (at a particular point in time) at the VM that may be indicative of the presence of malicious code, the replication module can tag a checkpoint that corresponds to the same particular point in time as a security risk. One or more checkpoints generated prior to the particular time may be determined to be secure checkpoints that are usable for restoration of the VM.
    Type: Grant
    Filed: March 2, 2020
    Date of Patent: March 5, 2024
    Assignee: VMware, Inc.
    Inventors: Sunil Hasbe, Shirish Vijayvargiya
  • Patent number: 11916930
    Abstract: A system and method are disclosed for performing non-invasive scan of a target device. The system is configured for: i) loading an endpoint protection agent to a target device; ii) providing a remote direct memory access of the target device to the remote security server for reading a memory of the target device; iii) scanning, by a second memory scan engine of the remote security server, the memory of the target device upon the violation of the security policy; iv) identifying, by the second memory scan engine of the remote security server, a threat on the target device; and v) sending, by the remote security server, a security response action to the endpoint protection agent on the target device in accordance with the security policy.
    Type: Grant
    Filed: June 29, 2021
    Date of Patent: February 27, 2024
    Assignee: Acronis International GmbH
    Inventors: Alexander Tormasov, Serguei Beloussov, Stanislav Protasov
  • Patent number: 11907658
    Abstract: Systems and methods for user-agent anomaly detection are disclosed. In one embodiment, a user-agent string may be embedded into a numerical data vector representation using a sentence embedding algorithm (e.g., FastText). A predictive score may be calculated based on the numerical data vector representation and using a probability distribution function model that models a likelihood of occurrence of the observed user-agent based on patterns learned from historic payload data (e.g., a Gaussian Mixture Model). The predictive score may be compared to a threshold and, based on the comparison, it may be determined whether the user-agent is fraudulent.
    Type: Grant
    Filed: May 5, 2021
    Date of Patent: February 20, 2024
    Assignee: PayPal, Inc.
    Inventors: Zhe Chen, Hewen Wang, Yuzhen Zhuo, Solomon kok how Teo, Shanshan Peng, Quan Jin Ferdinand Tang, Serafin Trujillo, Kenneth Bradley Snyder, Mandar Ganaba Gaonkar, Omkumar Mahalingam
  • Patent number: 11909761
    Abstract: Systems and methods for mitigating the impact of malware by reversing malware related modifications in a computing device are provided. According to an embodiment, a sandbox service running within a network security platform protecting an enterprise network receives a file containing malware and associated contextual information from an endpoint security solution running on an endpoint device, which has been infected by the malware. The sandbox service captures information regarding a first series of actions performed by the malware and based on the first series of actions generates a remediation script specifying a second series of actions that are configured to restore the endpoint device to a pre-infected state. The network security platform causes the endpoint device to be returned to the pre-infected state by causing the endpoint security solution to execute the remediation script on the endpoint device.
    Type: Grant
    Filed: February 2, 2022
    Date of Patent: February 20, 2024
    Assignee: Fortinet, Inc.
    Inventors: Udi Yavo, Roy Katmor, Ido Kelson
  • Patent number: 11895131
    Abstract: Methods, computer-readable media, software, and apparatuses may assist a consumer in keeping track of a consumer's accounts in order to prevent unauthorized access or use of the consumer's identified subscriptions and financial accounts. The identified subscriptions and financial accounts may be displayed to the consumer along with recommendations and assistance for closing unused or unwanted financial accounts and subscriptions to prevent unauthorized access or use.
    Type: Grant
    Filed: November 1, 2022
    Date of Patent: February 6, 2024
    Assignee: Allstate Insurance Company
    Inventors: Jason D. Park, John S. Parkinson
  • Patent number: 11886583
    Abstract: Disclosed is a description-entropy-based intelligent detection method for a big data mobile software similarity. The method comprises the following steps: acquiring a path of mobile software, and reading a file of the mobile software according to the path; performing preliminary reverse engineering decompilation on the file of the mobile software to obtain function characteristics of each piece of mobile software; counting distribution of description entropy of each piece of mobile software by means of description entropy in the function characteristics; further integrating description entropy of each piece of mobile software, after integration, comparing description entropy distribution conditions among the mobile software, and carrying out similarity score calculation to obtain similarity scores among the mobile software; and outputting the similarity scores of all mobile software to obtain a mobile software similarity result.
    Type: Grant
    Filed: April 22, 2020
    Date of Patent: January 30, 2024
    Inventors: Quanlong Guan, Weiqi Luo, Chuying Liu, Huanming Zhang, Lin Cui, Zhefu Li, Rongjun Li
  • Patent number: 11882145
    Abstract: A method, apparatus, and computer program are disclosed. The method may be performed by one or more processors and may comprise receiving first data representing an infrastructure of a computer network, the first data comprising an indication of hosts which form at least part of the computer network and one or more software resources on respective hosts. The method may also comprise receiving second data from a vulnerability scanning software, the second data comprising an indication of one or more vulnerabilities detected in the one or more software resources provided on at least some of the hosts of the computer network. Using a combination of the first data and the second data, output data may be generated representing a risk profile of the computer network infrastructure, the output data indicating one or more subsets of hosts, determined as being at risk of being affected by the detected vulnerabilities by virtue of the software resources they provide for output on a user interface.
    Type: Grant
    Filed: June 21, 2022
    Date of Patent: January 23, 2024
    Assignee: Palantir Technologies Inc.
    Inventors: Elliot Colquhoun, Abhishek Agarwal, Andrew Eggleton, Brandon Helms, Carl Ambroselli, Cem Zorlular, Daniel Kelly, Gautam Punukollu, Jeffrey Tsui, Morten Kromann, Nikhil Seetharaman, Raj Krishnan, Samuel Jones, Tareq Alkhatib, Dayang Shi
  • Patent number: 11876789
    Abstract: A gateway device between a first and second communication network outside the gateway device handles communication between a first device in the first network and a second device in the second network. When the gateway receives a communication request from the first device, directed to the second device, for performing a first cryptographic data communication protocol, the gateway determines whether the first cryptographic data communication protocol is registered as unsafe in the gateway device, and/or registered as safe, in particular whether it is safe against key reconstruction by a quantum computer. When the first cryptographic data communication protocol is not registered as unsafe in the gateway device, and/or registered as safe, the gateway device forwards messages exchanged as part of execution of the first cryptographic data communication protocol between the first and second device.
    Type: Grant
    Filed: May 25, 2020
    Date of Patent: January 16, 2024
    Assignee: Nederlandse Organisatie voor toegepast-natuurwetenschappelijk onderzoek TNO
    Inventors: Nicolaas Leonardus Maria Van Adrichem, Maran Paula Petronella Van Heesch, Piotr Wojciech Zuraniewski, Jeffrey Jermain Panneman
  • Patent number: 11874921
    Abstract: The present disclosure relates to a system and method for performing anti-malware scanning of data files that is data-centric rather than device-centric. In the example, a plurality of computing devices are connected via a network. An originating device creates or first receives data, and scans the data for malware. After scanning the data, the originating device creates and attaches to the data a metadata record including the results of the malware scan. The originating device may also scan the data for malware contextually-relevant to a second device.
    Type: Grant
    Filed: May 11, 2022
    Date of Patent: January 16, 2024
    Assignee: McAfee, LLC
    Inventors: Dattatraya Kulkarni, Srikanth Nalluri, Kamlesh Halder, Venkatasubrahmanyam Krishnapur, Sailaja K. Shankar, Kaushal Kumar Dhruw
  • Patent number: 11869035
    Abstract: An advertisement distribution system, method, and computer readable medium (collectively, the “System”) is provided. The System may request posts containing a subject tag from social media operators. The posts may be made by merchants having a relationship with the System. The System may filter the posts based on filters, geographic data, and member preferences. The System may distribute the posts to members having a relationship with the System.
    Type: Grant
    Filed: January 17, 2020
    Date of Patent: January 9, 2024
    Assignee: AMERICAN EXPRESS TRAVEL RELATED SERVICES COMPANY, INC.
    Inventors: Jonathan J. Carroll, Hans-Jurgen Greiner, Padmaja Kodavanti, Gopinath Kondapally, Kevin H. Ringger, James Jerome Smart-Foster, Arun Swamy
  • Patent number: 11868471
    Abstract: A method of particle-based threat scanning may include obtaining a sample from a sample source, generating a plurality of particles from the sample, wherein each particle from the plurality of particles is an array of unique bytes generated based on one or more particle properties, and determining whether the sample is associated with a known threat by comparing the plurality of particles to particle threat signatures in a threat database.
    Type: Grant
    Filed: January 27, 2021
    Date of Patent: January 9, 2024
    Assignee: Amazon Technologies, Inc.
    Inventor: Mircea Ciubotariu
  • Patent number: 11861006
    Abstract: A reference file set having high-confidence malware severity classification is generated by selecting a subset of files from a group of files first observed during a recent observation period and including them in the subset. A plurality of other antivirus providers are polled for their third-party classification of the files in the subset and for their third-party classification of a plurality of files from the group of files not in the subset. A malware severity classification is determined for the files in the subset by aggregating the polled classifications from the other antivirus providers for the files in the subset after a stabilization period of time, and one or more files having a third-party classification from at least one of the polled other antivirus providers that changed during the stabilization period to the subset are added to the subset.
    Type: Grant
    Filed: January 18, 2021
    Date of Patent: January 2, 2024
    Assignee: Avast Software s.r.o.
    Inventors: Martin Bálek, Fabrizio Biondi, Dmitry Kuznetsov, Olga Petrova
  • Patent number: 11863568
    Abstract: In one embodiment, a method comprises training at least one model based at least in part on interactions between one or more users and electronic messages sent to addresses associated with the one or more users, receiving a first electronic message sent to a first address associated with a first user, analyzing the first electronic message to generate first feature data, determining one or more characteristics of the first user to generate second feature data, inputting, to the at least one model, the first feature data and the second feature data, and receiving, as output of the at least one model, data indicating whether to output, to the first user, a warning regarding the first electronic message.
    Type: Grant
    Filed: March 22, 2021
    Date of Patent: January 2, 2024
    Assignees: Cisco Technology, Inc., University of Florida Research Foundation, Inc.
    Inventors: Nikolaos Sapountzis, Fabio R. Maino, Madhuri Kolli, Daniela Alvim Seabra De Oliveira
  • Patent number: 11847218
    Abstract: A virus scanning router may manages a local network, including routing network traffic between devices on the network and routing network traffic being sent to and from such devices via an external communication system. The virus scanning router remotely scans for viruses the files stored on one or more such devices on the network. The virus scanning router may be a device trusted by the other devices on local network to facilitate the virus scanning router reading and scanning one or more files stored on such devices for viruses. The virus scanning router also takes corrective actions such as isolating the infected device or isolating an affected network zone to which the remote device belongs.
    Type: Grant
    Filed: February 22, 2021
    Date of Patent: December 19, 2023
    Assignee: DISH TECHNOLOGIES L.L.C.
    Inventor: William Michael Beals
  • Patent number: 11841947
    Abstract: Apparatus and methods describe herein, for example, a process that can include receiving a potentially malicious file, and dividing the potentially malicious file into a set of byte windows. The process can include calculating at least one attribute associated with each byte window from the set of byte windows for the potentially malicious file. In such an instance, the at least one attribute is not dependent on an order of bytes in the potentially malicious file. The process can further include identifying a probability that the potentially malicious file is malicious, based at least in part on the at least one attribute and a trained threat model.
    Type: Grant
    Filed: December 8, 2020
    Date of Patent: December 12, 2023
    Assignee: Invincea, Inc.
    Inventors: Joshua Daniel Saxe, Konstantin Berlin
  • Patent number: 11829469
    Abstract: This disclosure relates to systems and methods generating and distributing protected software applications. In certain embodiments, integrity checking mechanisms may be implemented using integrity checking code in software code prior to compilation into machine code. Following compilation and execution of the application, the introduced code may check the integrity of the application by determining whether the application behaves and/or otherwise functions as expected. By introducing integrity checking in this manner, integrity checking techniques may be injected into the application prior to compilation into machine code and/or independent of the particular manner in which the application is compiled.
    Type: Grant
    Filed: December 9, 2022
    Date of Patent: November 28, 2023
    Assignee: Intertrust Technologies Corporation
    Inventor: Marko Caklovic
  • Patent number: 11822654
    Abstract: Embodiments described herein enable the detection, analysis and signature determination of obfuscated malicious code. Such malicious code comprises a deobfuscation portion that deobfuscates the obfuscated portion during runtime to generate deobfuscated malicious code. The techniques described herein deterministically detect and suspend the deobfuscated malicious code when it attempts to access memory resources that have been morphed in accordance with embodiments described herein. This advantageously enables the deobfuscated malicious code to be suspended at its initial phase. By doing so, the malicious code is not given the opportunity to delete its traces in memory regions it accesses, thereby enabling the automated exploration of such memory regions to locate and extract runtime memory characteristics associated with the malicious code.
    Type: Grant
    Filed: April 20, 2018
    Date of Patent: November 21, 2023
    Assignee: Morphisec Information Security 2014 Ltd.
    Inventors: Evgeny Goldstein, Michael Gorelik, Mordechai Guri, Ronen Yehoshua
  • Patent number: 11822435
    Abstract: Embodiments of the present invention provide a system for identifying occurrence of events and performing one or more actions to mitigate the impacts of the events. The system is configured for gathering data from one or more data sources of an entity, generating dataflows using the data gathered from the one or more data sources, identifying an anomaly based on one or more indicators and the dataflows, determining occurrence of an event and generating one or more propagation models associated with the event, performing event impact analysis based on the one or more propagation models, perform one or more actions to contain the event based on the one or more propagation models, identifying a last good copy of data based on the data gathered from the one or more data sources, retrieving the last good copy of data, and restoring the last good copy of data.
    Type: Grant
    Filed: July 6, 2021
    Date of Patent: November 21, 2023
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Christopher Emmanuel Huntley, Musa Ajakaiye, Prasad V. Annadata, Dnyanesh P. Ballikar, Sina Bauer, Jason Kenneth Bellew, Timothy John Bendel, David Alan Beumer, Michelle Andrea Boston, Lisa Julia Brown, Robin J. Buck, Brian C. Busch, Salvatore Michael Certo, Ramesh Naidu Chatta, Lisa Michelle Cook, Joseph Corbett, Joseph Seth Cushing, Steven Paul Davidson, Shailesh Deshpande, Sevara Ergasheva, Maria Ervin, James Wilson Foy, Jr., Noel Mary Fuller, Benjamin Judson Gaines, III, Candace Gordon, Jesse Antonio Hernandez, Christine Hoagland, Robert Charles Hoard, Michael Spiro Karafotis, Wesley Keville, Sandip Kumar, Terri Dorinda Lail, Mukesh Maraj, Wyatt Edward Maxey, Dari Ann Mckenzie, Ashley Meadows, Heather Newell, Conor Mitchell Liam Nodzak, Kenyell Javon Ollie, Jayshree G. Patel, David John Perro, Nivetha Raghavan, Nikhil Ram, Tara Michel Ramirez, Laurie Readhead, Mary Kathleen Riley, Elizabeth Rachel Rock, Angela Dawn Roose, Sanjay Singeetham, Kyle S. Sorensen, Shreyas Srinivas, Constance Jones Suarez, Viresh Taskar, Linda Trent, Sachin Varule, Bradley Walton, Christie M. Weekley, Yvette Alston, Ravindra Bandaru, Carmen R. Barnhill, Jamie Gilchrist, Namrata Kaushik, Fernando A. Maisonett
  • Patent number: 11822658
    Abstract: A sample is analyzed to determine a set of events that should be selected for performing by a dynamic analyzer executing the sample in an instrumented, emulated environment. The set of selected events is performed. In some cases, at least one emulator detection resistance action is performed. A maliciousness verdict is determined for the sample based at least in part on one or more responses taken by the sample in response to the set of selected events being performed by the dynamic analyzer.
    Type: Grant
    Filed: November 21, 2022
    Date of Patent: November 21, 2023
    Assignee: Palo Alto Networks, Inc.
    Inventors: Cong Zheng, Wenjun Hu, Zhi Xu
  • Patent number: 11816215
    Abstract: Systems and methods for archive scanning are provided herein. In some embodiments, a method includes: selecting an archive; reading a metadata representing a plurality of files within the archive; reading a plurality of hash strings from the archive; comparing the plurality of hash strings with a database of hash strings; and determining, based on the comparing, if the plurality of files within the archive represent a security threat based on the plurality of hash strings.
    Type: Grant
    Filed: February 16, 2022
    Date of Patent: November 14, 2023
    Assignee: UAB 360 IT
    Inventors: Mohamed Adly Amer Elgaafary, Aleksandr Sevcenko
  • Patent number: 11811821
    Abstract: Example techniques described herein determine a validation dataset, determine a computational model using the validation dataset, or determine a signature or classification of a data stream such as a file. The classification can indicate whether the data stream is associated with malware. A processing unit can determine signatures of individual training data streams. The processing unit can determine, based at least in part on the signatures and a predetermined difference criterion, a training set and a validation set of the training data streams. The processing unit can determine a computational model based at least in part on the training set. The processing unit can then operate the computational model based at least in part on a trial data stream to provide a trial model output. Some examples include determining the validation set based at least in part on the training set and the predetermined criterion for difference between data streams.
    Type: Grant
    Filed: November 2, 2020
    Date of Patent: November 7, 2023
    Assignee: CrowdStrike, Inc.
    Inventors: Sven Krasser, David Elkind, Brett Meyer, Patrick Crenshaw
  • Patent number: 11799878
    Abstract: The disclosed embodiments include a software-defined security (SDS) service that can monitor runtime behavior of a network of nodes of a wireless network and detect anomalous activity indicating contamination of the network of nodes, where the contamination includes unauthorized instructions designed to damage or interrupt a function of the network of nodes. The SDS service can dynamically coordinate a blacklist and a whitelist, where the blacklist includes an indication of contaminated assets and the whitelist includes an indication of non-contaminated assets. The contaminated assets are isolated with a cleanroom environment, where the security resources sanitize the contaminated assets. Then, indications of the decontaminated assets are moved from the blacklist to the whitelist, and the use of the security resources are dynamically adjusted according to a load ratio between the whitelist and the blacklist.
    Type: Grant
    Filed: April 15, 2020
    Date of Patent: October 24, 2023
    Assignee: T-Mobile USA, Inc.
    Inventors: Venson Shaw, Sunil Lingayat, Gaviphat Lekutai
  • Patent number: 11790083
    Abstract: Techniques are provided for detecting a malicious script in a web page. Instrumentation code is provided for serving to a client computing device with a web page. The instrumentation code is configured to monitor web code execution at the client computing device when a script referenced by the web page is processed. Script activity data generated by the instrumentation code is received. The script activity data describes one or more script actions detected by the instrumentation code at the client computing device. Prior script activity data generated by a prior instance of the instrumentation code is obtained. A malicious change in the script is detected based on comparing the script activity data and the prior script activity data. In response to detecting the malicious change in the script, a threat response action is performed.
    Type: Grant
    Filed: June 26, 2020
    Date of Patent: October 17, 2023
    Assignee: SHAPE SECURITY, INC.
    Inventors: Tim Disney, Madhukar Kedlaya, Claire Schlenker Schlenker, Nitish Khadke
  • Patent number: 11790416
    Abstract: Systems and methods for in-store purchases are provided. An exemplary method may include receiving by a customer device associated with a customer, customer data including customer preference data. The method may include storing the received customer data and identifying a merchant at a location of the customer. The method may also include determining a customer order for the identified merchant based on the customer preference data. Further, the method may include transmitting a notification to a merchant device associated with the identified merchant, the notification including the determined customer order.
    Type: Grant
    Filed: April 28, 2021
    Date of Patent: October 17, 2023
    Assignee: Capital One Services, LLC
    Inventors: Adam Koeppel, Robert Perry
  • Patent number: 11785044
    Abstract: System and method of detecting malicious interactions in a computer network, the method including generating, by a processor, at least one decoy segment, broadcasting, by the processor, the generated at least one decoy segment in a public database, monitoring, by the processor, communication within the computer network to identify interactions associated with the generated at least one decoy segment, determining, by the processor, at least one indicator of compromise (IOC) for the identified interactions, and blocking communication between the computer network and any computer associated with the determined at least one IOC.
    Type: Grant
    Filed: February 3, 2023
    Date of Patent: October 10, 2023
    Assignee: IntSights Cyber Intelligence Ltd.
    Inventors: Gal Ben David, Amir Hozez
  • Patent number: 11775919
    Abstract: Drone-based systems and methods are described for providing an airborne relocatable communication hub within a delivery vehicle for broadcast-enabled devices maintained within the delivery vehicle. Such a method has an aerial communication drone paired with the delivery vehicle transitioning to an active power state, uncoupling from a secured position on an internal docking station fixed within the delivery vehicle and then moving to a first deployed airborne position within the delivery vehicle. At a first position, the method has the aerial communication drone establishing a first wireless data communication path to a first broadcast-enabled device within the delivery vehicle, then establishing a second wireless data communication path to a second broadcast-enabled device within the delivery vehicle. The drone then couples the first and second wireless data communication paths it established operating as the airborne relocatable communication hub for the devices.
    Type: Grant
    Filed: November 17, 2020
    Date of Patent: October 3, 2023
    Assignee: Federal Express Corporation
    Inventors: Reuben F. Burch, V., David A. Doyle, Brian D. Popp
  • Patent number: 11775640
    Abstract: Systems and methods are described for detecting and preventing execution of malware on an on-demand code execution system. An on-demand code execution system may execute user-submitted code on virtual machine instances, which may be provisioned with various computing resources (memory, storage, processors, network bandwidth, etc.). These resources may be utilized in varying amounts or at varying rates during execution of the user-submitted code. The user-submitted code may also be unavailable for inspection for security or other reasons. A malware detection system may thus identify user-submitted code that corresponds to malware by monitoring resource utilization during execution of the code and generating a resource utilization signature, which enables comparison between the signature of the user-submitted code and resource utilization signatures of codes previously identified as malware.
    Type: Grant
    Filed: March 30, 2020
    Date of Patent: October 3, 2023
    Assignee: Amazon Technologies, Inc.
    Inventors: Mihir Sathe, Niall Mullen
  • Patent number: 11770405
    Abstract: A method of automated filtering includes receiving a network traffic snapshot having packets with data stored in respective fields, generating a statistical data structure storing each potential unique combination of data stored in respective fields with an associated counter that is incremented for each occurrence that the combination matches one of the packets of the network traffic snapshot and one or more observation timestamps. Determining an observed vector from the statistical data structure, wherein the observed vector has associated attribute/value pairs and counters that satisfy a predetermined criterion. The observed vector's attribute/value pairs are compared to known attribute/value pairs associated with known DDoS attack vectors of an attack vector database.
    Type: Grant
    Filed: September 10, 2020
    Date of Patent: September 26, 2023
    Assignee: ARBOR NETWORKS, INC.
    Inventors: Steinthor Bjarnason, Brian St. Pierre
  • Patent number: 11762990
    Abstract: The technology described herein identifies malicious URLs using a classifier that is both accurate and fast. Aspects of the technology are particularly well adapted for use as a real-time URL security analysis tool because the technology is able to quickly process a URL and produce a warning when a malicious URL is identified. The rapid processing speed of the technology described herein is produced, in part, by use of only a single input signal, which is the URL itself. The high accuracy produced by the technology described herein is achieved by analyzing the unstructured text on both a character-by-character level and a word-by-word level. The technology described herein uses both character-level and word-level information from the incoming URL.
    Type: Grant
    Filed: June 30, 2020
    Date of Patent: September 19, 2023
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Arunkumar Gururajan, Jack Wilson Stokes, III, Farid Tajaddodianfar
  • Patent number: 11762959
    Abstract: Many areas of investigation require searching through data that may be of interest. In a first method step, a digital content element is provided. The digital content element may have any suitable format or data structure of interest to a searching entity. The digital content element may be a particular data file that is of interest to a searching entity. In a second step, the digital content element is compared with a first set of data provided by a combination of a second set of data and a third set of data. The first set of data is a collection of known digital content elements that are of interest to a searching entity, for example contraband digital content elements or digital content elements owned by or represented by the searching entity. In a third method step, the digital content element is identified as known if the digital content element is detected within the first set of data.
    Type: Grant
    Filed: March 12, 2018
    Date of Patent: September 19, 2023
    Assignee: CYACOMB LIMITED
    Inventors: William Johnston Buchanan, Owen Chin Wai Lo, Philip Penrose, Richard MacFarlane, Ian Stevenson, Bruce Ramsay
  • Patent number: 11757907
    Abstract: A cybersecurity system is provided for automated cybersecurity insights, remediation recommendations, and service provisioning. The cybersecurity system can generate threat insights and/or generate remediation recommendations using machine learning models and cybersecurity data obtained from target networks, partners, and the like. To provision cybersecurity services, cybersecurity system may collect metadata regarding the network connections and use cases desired for one or more services. Once the metadata has been collected, the cybersecurity assessment system automatically provisions the selected services based on the provided data, such as duration of time elected, service metrics, and the like.
    Type: Grant
    Filed: June 18, 2020
    Date of Patent: September 12, 2023
    Assignee: Cytellix Corporation
    Inventors: Brian Douglas Berger, Howard Chen Lin, Tanner Joseph Sirota
  • Patent number: 11755728
    Abstract: Mechanisms for analyzing a structured file for malicious content are provided, comprising: parsing the structured file into a plurality of portions; selecting a selected portion of the portions; checking the selected portion to determine if at least one pre-condition is met; and in response to determining that the at least one pre-condition is met: decoding the selected portion to form a decoded portion; and checking the decoded portion to determine if it is malicious. In some embodiments: the at least one pre-condition can be changed; the structured file is a MICROSOFT OFFICE XML file; the selected portion is a file; the at least one pre-condition checks at least one attribute of the selected portion; decoding the selected portion comprises decompressing the selected portion; and/or checking the decoded portion to determine if it is malicious comprises checking whether a previously decoded portion of the structure file meets at least one condition.
    Type: Grant
    Filed: February 4, 2021
    Date of Patent: September 12, 2023
    Assignee: McAfee, LLC
    Inventors: Qiang Liu, Chong Xu, Praveen Kumar Amritaluru, Mayank Bhatnagar
  • Patent number: 11741222
    Abstract: Attachments or other documents can be transmitted to a sandbox environment where they can be concurrently opened for remote preview from an endpoint and scanned for possible malware. A gateway or other intermediate network element may enforce this process by replacing attachments, for example, in incoming electronic mail communications, with links to a document preview hosted in the sandbox environment.
    Type: Grant
    Filed: December 15, 2020
    Date of Patent: August 29, 2023
    Assignee: Sophos Limited
    Inventors: Ross McKerchar, John Edward Tyrone Shaw, Andrew J. Thomas, Russell Humphries, Kenneth D. Ray, Daniel Salvatore Schiappa
  • Patent number: 11741065
    Abstract: Aspects of the invention include detecting an anomaly in a database of hardware, firmware, and software events. An exemplary method includes determining whether a previously addressed anomaly is a duplicate of the anomaly, addressing the anomaly according to a state of the previously addressed anomaly based on the previously addressed anomaly being a duplicate of the anomaly, and addressing the anomaly according to machine learning based on the previously addressed anomaly not being the duplicate of the anomaly.
    Type: Grant
    Filed: February 4, 2020
    Date of Patent: August 29, 2023
    Assignee: International Business Machines Corporation
    Inventors: Edward C. McCain, Jeffrey Nettey, Barin Bhattacharya, Jeffrey Willoughby
  • Patent number: 11741253
    Abstract: A technique includes, in response to an exception occurring in the execution of a process on a computer, invoking an operating system service. The operating system service is used to sanitize data that is associated with the process and is stored in a memory of the computer. The data is associated with sensitive information.
    Type: Grant
    Filed: January 31, 2019
    Date of Patent: August 29, 2023
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Sridhar Bandi, Suhas Shivanna
  • Patent number: 11729183
    Abstract: A system and a method of providing security to an in-vehicle network are provided. The method efficiently operates multiple detection techniques to reduce the required system resources while maintaining robustness against malicious message detection.
    Type: Grant
    Filed: December 19, 2018
    Date of Patent: August 15, 2023
    Assignees: Hyundai Motor Company, Kia Motors Corporation
    Inventors: Seung Wook Park, Seil Kim, Aram Cho
  • Patent number: 11720675
    Abstract: The present disclosure relates to a method for integrity verification of a software stack or part of a software stack resident on a host machine. A management entity generates a measurement log for a disk image associated with the software stack or the part of a software stack. A verifier entity retrieves the generated measurement log and compares the generated measurement log with a reference measurement of a verification profile previously assigned by the verifier entity to the software stack or the part of a software stack to verify the software stack or the part of a software stack.
    Type: Grant
    Filed: April 15, 2022
    Date of Patent: August 8, 2023
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Sidnei Roberto Selzler Franco, Ludovic Emmanuel Paul Noel Jacquin, Jonathan Meller, Guilherme De Campos Magalhaes
  • Patent number: 11716263
    Abstract: A network monitoring device may receive flow-tap information that identifies a traffic flow characteristic and a signed URL associated with a signed URL platform from a mediation device. The network device may map the traffic flow characteristic to the signed URL in an entry of a flow-tap filter that is maintained within a data structure of the network device. The network device may analyze, using the flow-tap filter, network traffic of the network to detect a traffic flow that is associated with the traffic flow characteristic. The network device may generate, based on detecting the traffic flow in the network traffic, a traffic flow copy that is associated with the traffic flow. The network device may provide, based on the signed URL, the traffic flow copy to the signed URL platform, wherein the traffic flow copy is to be accessible to an authorized user device via the signed URL.
    Type: Grant
    Filed: January 26, 2022
    Date of Patent: August 1, 2023
    Assignee: Juniper Networks, Inc.
    Inventor: Sheeja J S
  • Patent number: 11706198
    Abstract: A communication server, interacting with an organization system having users that wish to communicate securely, provides secure communication capability to the users, without the communication server itself having access to unencrypted content of the user communications or to cryptographic keys that would allow the communication server to derive the unencrypted content. Thus, the communication server that provides the secure communication capability need not itself be trusted by the users with access to communicated content. To achieve this, the various entities communicate to exchange cryptographic keys in such a manner that the communication server never obtains usable copies of the cryptographic keys.
    Type: Grant
    Filed: May 8, 2020
    Date of Patent: July 18, 2023
    Assignee: SYMPHONY COMMUNICATION SERVICES HOLDINGS LLC
    Inventors: Serkan Mulayin, David M'Raihi, Tim Casey, Michael Harmon, Jon McLachlan
  • Patent number: 11704410
    Abstract: A system for detecting malicious software, comprising at least one hardware processor adapted to: execute a tested software object in a plurality of computing environments each configured according to a different hardware and software configuration; monitor a plurality of computer actions performed in each of the plurality of computing environments when executing the tested software object; identify at least one difference between the plurality of computer actions performed in a first of the plurality of computing environments and the plurality of computer actions performed in a second of the plurality of computing environments; and instruct a presentation of an indication of the identified at least one difference on a hardware presentation unit.
    Type: Grant
    Filed: May 19, 2021
    Date of Patent: July 18, 2023
    Assignee: NEC Corporation Of America
    Inventors: Tsvi Lev, Yaacov Hoch
  • Patent number: 11706015
    Abstract: A method for side-channel attack mitigation in streaming encryption includes reading an input stream into a decryption process, extracting an encryption envelope having a wrapped key, a cipher text, and a first message authentication code (MAC) from the input stream, generating a second MAC using the wrapped key of the encryption envelope, and performing decryption of the cipher text in constant time by determining whether the encryption envelope is authentic by comparing the first MAC extracted from the encryption envelope and the second MAC generated using the wrapped key.
    Type: Grant
    Filed: October 27, 2021
    Date of Patent: July 18, 2023
    Assignee: Google LLC
    Inventor: Adam Markowitz
  • Patent number: 11687651
    Abstract: Systems, methods and apparatus for malware detection to detect and stop the distribution of malware and other undesirable content before such content reaches computing systems. A Malware Detection Service (MDS) including a processor and memory storing computer program instructions that when executed cause the processor to receive one of content or a signature of a file, responsive to receiving a signature of a file, determine a status of the file as trusted, untrusted, or unknown for malware based on the signature, responsive to receiving content of a file, generate a signature of the file and scan the content to identify the status of the content as trusted or untrusted.
    Type: Grant
    Filed: March 7, 2022
    Date of Patent: June 27, 2023
    Assignee: Zscaler, Inc.
    Inventors: Kailash Kailash, Robert L. Voit, Jose Raphel
  • Patent number: 11689562
    Abstract: An apparatus, including systems and methods, for detecting ransomware is disclosed herein. For example, in some embodiments, an apparatus includes a memory element operable to store instructions; and a processor operable to execute the instructions, such that the apparatus is configured to receive data identifying a process and a plurality of files accessed by the process; identify an access indicator associated with each of the plurality of files accessed by the process, wherein the access indicator includes file type; determine whether the access indicator exceeds a threshold; interrupt, based on a determination that the access indicator exceeds a threshold, the process; and prompt a user to allow or disallow the process to proceed.
    Type: Grant
    Filed: June 17, 2020
    Date of Patent: June 27, 2023
    Assignee: McAfee, LLC
    Inventors: Oliver G. Devane, Abhishek Karnik, Sriram P
  • Patent number: 11677764
    Abstract: The automatic generation of malware family signatures is disclosed. A set of metadata associated with a plurality of samples is received. The samples are clustered. For members of a first cluster, a set of similarities shared among at least a portion of the members of the first cluster is determined. The similarities are evaluated for suitability as a malware family signature. Suitability is evaluated based on how well the similarities uniquely identify the members of the first cluster. In the event the similarities are determined to be suitable as a malware family signature, a signature is generated.
    Type: Grant
    Filed: June 1, 2021
    Date of Patent: June 13, 2023
    Assignee: Palo Alto Networks, Inc.
    Inventors: Zhi Xu, Jiajie Wang, Xiao Zhang, Wenjun Hu
  • Patent number: 11663363
    Abstract: A method for detecting a false positive outcome in classification of files includes, analyzing a file to determine whether or not the file is to be recognized as being malicious, analyzing a file to determine whether a digital signature certificate is present for the file, in response to recognizing the file as being malicious; comparing the digital certificate of the file with one or more digital certificates stored in a database of trusted files, in response to determining that the digital signature certificate is present for the file; and detecting a false positive outcome if the digital certificate of the file is found in the database of trusted files, when the false positive outcome is detected, excluding the file from further determination of whether the file is malicious and calculating a flexible hash value of the file.
    Type: Grant
    Filed: February 15, 2022
    Date of Patent: May 30, 2023
    Assignee: AO Kaspersky Lab
    Inventors: Sergey V. Prokudin, Alexander S. Chistyakov, Alexey M. Romanenko
  • Patent number: 11663082
    Abstract: Systems and methods for virtual disk image testing. An example method may comprise uploading a virtual disk image, by a requestor, to a cloud. Deploying a temporary instance of the uploaded virtual disk. Determining whether deployment of the temporary instance of the uploaded virtual disk image in the cloud is successful. Responsive to determining that the deployment of the temporary instance of the uploaded virtual disk image in the cloud is unsuccessful, flagging the uploaded virtual disk image as unbootable. Responsive to flagging the uploaded virtual disk image as unbootable, notifying the requestor that the uploaded virtual disk image is not submitted to a repository of the cloud.
    Type: Grant
    Filed: August 27, 2021
    Date of Patent: May 30, 2023
    Assignee: Red Hat, Inc.
    Inventors: Arie Bregman, Ilan Gersht
  • Patent number: RE49684
    Abstract: In one embodiment, a traffic analysis service receives captured traffic data regarding a Transport Layer Security (TLS) connection between a client and a server. The traffic analysis service applies a first machine learning-based classifier to TLS records from the traffic data, to identify a set of the TLS records that include Hypertext Transfer Protocol (HTTP) header information. The traffic analysis service estimates one or more HTTP transaction labels for the connection by applying a second machine learning-based classifier to the identified set of TLS records that include HTTP header information. The traffic analysis service augments the captured traffic data with the one or more HTTP transaction labels. The traffic analysis service causes performance of a network security function based on the augmented traffic data.
    Type: Grant
    Filed: August 31, 2021
    Date of Patent: October 3, 2023
    Assignee: Cisco Technology, Inc.
    Inventors: Blake Harrell Anderson, David McGrew