Virus Detection Patents (Class 726/24)
-
Patent number: 11928206Abstract: Examples of the present disclosure describe systems and methods for selective export address table filtering. In aspects, the relative virtual address (RVA) of exported function names may be modified to point to a protected memory location. An exception handler may be registered to process exceptions relating to access violations of the protected memory location. If an exception is detected that indicates an attempt to access the protected memory location, the instruction pointer of the exception may be compared to an allowed range of memory addresses. If the instruction pointer address is outside the boundaries, remedial action may occur.Type: GrantFiled: April 20, 2023Date of Patent: March 12, 2024Assignee: Open Text Inc.Inventors: Eric Klonowski, Ira Strawser
-
Patent number: 11930019Abstract: In one embodiment, a malware analysis method includes receiving a file on a virtual machine (VM). The VM includes, a web debugging proxy, a system resource monitor, and a file analysis tool. The method also includes performing, with the file analysis tool, a static analysis on the file. The static analysis includes determining a set of file properties of the file, and storing the determined file properties in a repository. The method further includes performing, with the web debugging proxy and the system resource monitor, a dynamic analysis on the file, the dynamic analysis. The dynamic analysis includes running the file on the VM, determining, with the web debugging proxy, web traffic of the virtual machine, determining, with the system resource monitor, executed commands and modifications to system resources of the VM originating from the file, and storing the determined traffic and executed commands in the repository.Type: GrantFiled: April 21, 2021Date of Patent: March 12, 2024Assignee: Saudi Arabian Oil CompanyInventors: Reem Abdullah Algarawi, Majed Ali Hakami
-
Patent number: 11928631Abstract: A computer model is created for automatically evaluating the business value of computing objects such as files and databases on an endpoint. This can be used to assess the potential business impact of a security compromise to an endpoint, or a process executing on an endpoint, in order to prioritize potential threats within an enterprise for human review and intervention.Type: GrantFiled: March 1, 2021Date of Patent: March 12, 2024Assignee: Sophos LimitedInventors: Russell Humphries, Andrew J. Thomas
-
Patent number: 11922199Abstract: An in-guest agent in a virtual machine (VM) operates in conjunction with a replication module. The replication module performs continuous data protection (CDP) by saving images of the VM as checkpoints at a disaster recovery site over time. Concurrently, the in-guest agent monitors for behavior in the VM that may be indicative of the presence of malicious code. If the in-guest agent identifies behavior (at a particular point in time) at the VM that may be indicative of the presence of malicious code, the replication module can tag a checkpoint that corresponds to the same particular point in time as a security risk. One or more checkpoints generated prior to the particular time may be determined to be secure checkpoints that are usable for restoration of the VM.Type: GrantFiled: March 2, 2020Date of Patent: March 5, 2024Assignee: VMware, Inc.Inventors: Sunil Hasbe, Shirish Vijayvargiya
-
Patent number: 11916930Abstract: A system and method are disclosed for performing non-invasive scan of a target device. The system is configured for: i) loading an endpoint protection agent to a target device; ii) providing a remote direct memory access of the target device to the remote security server for reading a memory of the target device; iii) scanning, by a second memory scan engine of the remote security server, the memory of the target device upon the violation of the security policy; iv) identifying, by the second memory scan engine of the remote security server, a threat on the target device; and v) sending, by the remote security server, a security response action to the endpoint protection agent on the target device in accordance with the security policy.Type: GrantFiled: June 29, 2021Date of Patent: February 27, 2024Assignee: Acronis International GmbHInventors: Alexander Tormasov, Serguei Beloussov, Stanislav Protasov
-
Patent number: 11907658Abstract: Systems and methods for user-agent anomaly detection are disclosed. In one embodiment, a user-agent string may be embedded into a numerical data vector representation using a sentence embedding algorithm (e.g., FastText). A predictive score may be calculated based on the numerical data vector representation and using a probability distribution function model that models a likelihood of occurrence of the observed user-agent based on patterns learned from historic payload data (e.g., a Gaussian Mixture Model). The predictive score may be compared to a threshold and, based on the comparison, it may be determined whether the user-agent is fraudulent.Type: GrantFiled: May 5, 2021Date of Patent: February 20, 2024Assignee: PayPal, Inc.Inventors: Zhe Chen, Hewen Wang, Yuzhen Zhuo, Solomon kok how Teo, Shanshan Peng, Quan Jin Ferdinand Tang, Serafin Trujillo, Kenneth Bradley Snyder, Mandar Ganaba Gaonkar, Omkumar Mahalingam
-
Patent number: 11909761Abstract: Systems and methods for mitigating the impact of malware by reversing malware related modifications in a computing device are provided. According to an embodiment, a sandbox service running within a network security platform protecting an enterprise network receives a file containing malware and associated contextual information from an endpoint security solution running on an endpoint device, which has been infected by the malware. The sandbox service captures information regarding a first series of actions performed by the malware and based on the first series of actions generates a remediation script specifying a second series of actions that are configured to restore the endpoint device to a pre-infected state. The network security platform causes the endpoint device to be returned to the pre-infected state by causing the endpoint security solution to execute the remediation script on the endpoint device.Type: GrantFiled: February 2, 2022Date of Patent: February 20, 2024Assignee: Fortinet, Inc.Inventors: Udi Yavo, Roy Katmor, Ido Kelson
-
Patent number: 11895131Abstract: Methods, computer-readable media, software, and apparatuses may assist a consumer in keeping track of a consumer's accounts in order to prevent unauthorized access or use of the consumer's identified subscriptions and financial accounts. The identified subscriptions and financial accounts may be displayed to the consumer along with recommendations and assistance for closing unused or unwanted financial accounts and subscriptions to prevent unauthorized access or use.Type: GrantFiled: November 1, 2022Date of Patent: February 6, 2024Assignee: Allstate Insurance CompanyInventors: Jason D. Park, John S. Parkinson
-
Patent number: 11886583Abstract: Disclosed is a description-entropy-based intelligent detection method for a big data mobile software similarity. The method comprises the following steps: acquiring a path of mobile software, and reading a file of the mobile software according to the path; performing preliminary reverse engineering decompilation on the file of the mobile software to obtain function characteristics of each piece of mobile software; counting distribution of description entropy of each piece of mobile software by means of description entropy in the function characteristics; further integrating description entropy of each piece of mobile software, after integration, comparing description entropy distribution conditions among the mobile software, and carrying out similarity score calculation to obtain similarity scores among the mobile software; and outputting the similarity scores of all mobile software to obtain a mobile software similarity result.Type: GrantFiled: April 22, 2020Date of Patent: January 30, 2024Inventors: Quanlong Guan, Weiqi Luo, Chuying Liu, Huanming Zhang, Lin Cui, Zhefu Li, Rongjun Li
-
Patent number: 11882145Abstract: A method, apparatus, and computer program are disclosed. The method may be performed by one or more processors and may comprise receiving first data representing an infrastructure of a computer network, the first data comprising an indication of hosts which form at least part of the computer network and one or more software resources on respective hosts. The method may also comprise receiving second data from a vulnerability scanning software, the second data comprising an indication of one or more vulnerabilities detected in the one or more software resources provided on at least some of the hosts of the computer network. Using a combination of the first data and the second data, output data may be generated representing a risk profile of the computer network infrastructure, the output data indicating one or more subsets of hosts, determined as being at risk of being affected by the detected vulnerabilities by virtue of the software resources they provide for output on a user interface.Type: GrantFiled: June 21, 2022Date of Patent: January 23, 2024Assignee: Palantir Technologies Inc.Inventors: Elliot Colquhoun, Abhishek Agarwal, Andrew Eggleton, Brandon Helms, Carl Ambroselli, Cem Zorlular, Daniel Kelly, Gautam Punukollu, Jeffrey Tsui, Morten Kromann, Nikhil Seetharaman, Raj Krishnan, Samuel Jones, Tareq Alkhatib, Dayang Shi
-
Patent number: 11876789Abstract: A gateway device between a first and second communication network outside the gateway device handles communication between a first device in the first network and a second device in the second network. When the gateway receives a communication request from the first device, directed to the second device, for performing a first cryptographic data communication protocol, the gateway determines whether the first cryptographic data communication protocol is registered as unsafe in the gateway device, and/or registered as safe, in particular whether it is safe against key reconstruction by a quantum computer. When the first cryptographic data communication protocol is not registered as unsafe in the gateway device, and/or registered as safe, the gateway device forwards messages exchanged as part of execution of the first cryptographic data communication protocol between the first and second device.Type: GrantFiled: May 25, 2020Date of Patent: January 16, 2024Assignee: Nederlandse Organisatie voor toegepast-natuurwetenschappelijk onderzoek TNOInventors: Nicolaas Leonardus Maria Van Adrichem, Maran Paula Petronella Van Heesch, Piotr Wojciech Zuraniewski, Jeffrey Jermain Panneman
-
Patent number: 11874921Abstract: The present disclosure relates to a system and method for performing anti-malware scanning of data files that is data-centric rather than device-centric. In the example, a plurality of computing devices are connected via a network. An originating device creates or first receives data, and scans the data for malware. After scanning the data, the originating device creates and attaches to the data a metadata record including the results of the malware scan. The originating device may also scan the data for malware contextually-relevant to a second device.Type: GrantFiled: May 11, 2022Date of Patent: January 16, 2024Assignee: McAfee, LLCInventors: Dattatraya Kulkarni, Srikanth Nalluri, Kamlesh Halder, Venkatasubrahmanyam Krishnapur, Sailaja K. Shankar, Kaushal Kumar Dhruw
-
Patent number: 11869035Abstract: An advertisement distribution system, method, and computer readable medium (collectively, the “System”) is provided. The System may request posts containing a subject tag from social media operators. The posts may be made by merchants having a relationship with the System. The System may filter the posts based on filters, geographic data, and member preferences. The System may distribute the posts to members having a relationship with the System.Type: GrantFiled: January 17, 2020Date of Patent: January 9, 2024Assignee: AMERICAN EXPRESS TRAVEL RELATED SERVICES COMPANY, INC.Inventors: Jonathan J. Carroll, Hans-Jurgen Greiner, Padmaja Kodavanti, Gopinath Kondapally, Kevin H. Ringger, James Jerome Smart-Foster, Arun Swamy
-
Patent number: 11868471Abstract: A method of particle-based threat scanning may include obtaining a sample from a sample source, generating a plurality of particles from the sample, wherein each particle from the plurality of particles is an array of unique bytes generated based on one or more particle properties, and determining whether the sample is associated with a known threat by comparing the plurality of particles to particle threat signatures in a threat database.Type: GrantFiled: January 27, 2021Date of Patent: January 9, 2024Assignee: Amazon Technologies, Inc.Inventor: Mircea Ciubotariu
-
Patent number: 11861006Abstract: A reference file set having high-confidence malware severity classification is generated by selecting a subset of files from a group of files first observed during a recent observation period and including them in the subset. A plurality of other antivirus providers are polled for their third-party classification of the files in the subset and for their third-party classification of a plurality of files from the group of files not in the subset. A malware severity classification is determined for the files in the subset by aggregating the polled classifications from the other antivirus providers for the files in the subset after a stabilization period of time, and one or more files having a third-party classification from at least one of the polled other antivirus providers that changed during the stabilization period to the subset are added to the subset.Type: GrantFiled: January 18, 2021Date of Patent: January 2, 2024Assignee: Avast Software s.r.o.Inventors: Martin Bálek, Fabrizio Biondi, Dmitry Kuznetsov, Olga Petrova
-
Patent number: 11863568Abstract: In one embodiment, a method comprises training at least one model based at least in part on interactions between one or more users and electronic messages sent to addresses associated with the one or more users, receiving a first electronic message sent to a first address associated with a first user, analyzing the first electronic message to generate first feature data, determining one or more characteristics of the first user to generate second feature data, inputting, to the at least one model, the first feature data and the second feature data, and receiving, as output of the at least one model, data indicating whether to output, to the first user, a warning regarding the first electronic message.Type: GrantFiled: March 22, 2021Date of Patent: January 2, 2024Assignees: Cisco Technology, Inc., University of Florida Research Foundation, Inc.Inventors: Nikolaos Sapountzis, Fabio R. Maino, Madhuri Kolli, Daniela Alvim Seabra De Oliveira
-
Patent number: 11847218Abstract: A virus scanning router may manages a local network, including routing network traffic between devices on the network and routing network traffic being sent to and from such devices via an external communication system. The virus scanning router remotely scans for viruses the files stored on one or more such devices on the network. The virus scanning router may be a device trusted by the other devices on local network to facilitate the virus scanning router reading and scanning one or more files stored on such devices for viruses. The virus scanning router also takes corrective actions such as isolating the infected device or isolating an affected network zone to which the remote device belongs.Type: GrantFiled: February 22, 2021Date of Patent: December 19, 2023Assignee: DISH TECHNOLOGIES L.L.C.Inventor: William Michael Beals
-
Patent number: 11841947Abstract: Apparatus and methods describe herein, for example, a process that can include receiving a potentially malicious file, and dividing the potentially malicious file into a set of byte windows. The process can include calculating at least one attribute associated with each byte window from the set of byte windows for the potentially malicious file. In such an instance, the at least one attribute is not dependent on an order of bytes in the potentially malicious file. The process can further include identifying a probability that the potentially malicious file is malicious, based at least in part on the at least one attribute and a trained threat model.Type: GrantFiled: December 8, 2020Date of Patent: December 12, 2023Assignee: Invincea, Inc.Inventors: Joshua Daniel Saxe, Konstantin Berlin
-
Patent number: 11829469Abstract: This disclosure relates to systems and methods generating and distributing protected software applications. In certain embodiments, integrity checking mechanisms may be implemented using integrity checking code in software code prior to compilation into machine code. Following compilation and execution of the application, the introduced code may check the integrity of the application by determining whether the application behaves and/or otherwise functions as expected. By introducing integrity checking in this manner, integrity checking techniques may be injected into the application prior to compilation into machine code and/or independent of the particular manner in which the application is compiled.Type: GrantFiled: December 9, 2022Date of Patent: November 28, 2023Assignee: Intertrust Technologies CorporationInventor: Marko Caklovic
-
Patent number: 11822654Abstract: Embodiments described herein enable the detection, analysis and signature determination of obfuscated malicious code. Such malicious code comprises a deobfuscation portion that deobfuscates the obfuscated portion during runtime to generate deobfuscated malicious code. The techniques described herein deterministically detect and suspend the deobfuscated malicious code when it attempts to access memory resources that have been morphed in accordance with embodiments described herein. This advantageously enables the deobfuscated malicious code to be suspended at its initial phase. By doing so, the malicious code is not given the opportunity to delete its traces in memory regions it accesses, thereby enabling the automated exploration of such memory regions to locate and extract runtime memory characteristics associated with the malicious code.Type: GrantFiled: April 20, 2018Date of Patent: November 21, 2023Assignee: Morphisec Information Security 2014 Ltd.Inventors: Evgeny Goldstein, Michael Gorelik, Mordechai Guri, Ronen Yehoshua
-
Patent number: 11822435Abstract: Embodiments of the present invention provide a system for identifying occurrence of events and performing one or more actions to mitigate the impacts of the events. The system is configured for gathering data from one or more data sources of an entity, generating dataflows using the data gathered from the one or more data sources, identifying an anomaly based on one or more indicators and the dataflows, determining occurrence of an event and generating one or more propagation models associated with the event, performing event impact analysis based on the one or more propagation models, perform one or more actions to contain the event based on the one or more propagation models, identifying a last good copy of data based on the data gathered from the one or more data sources, retrieving the last good copy of data, and restoring the last good copy of data.Type: GrantFiled: July 6, 2021Date of Patent: November 21, 2023Assignee: BANK OF AMERICA CORPORATIONInventors: Christopher Emmanuel Huntley, Musa Ajakaiye, Prasad V. Annadata, Dnyanesh P. Ballikar, Sina Bauer, Jason Kenneth Bellew, Timothy John Bendel, David Alan Beumer, Michelle Andrea Boston, Lisa Julia Brown, Robin J. Buck, Brian C. Busch, Salvatore Michael Certo, Ramesh Naidu Chatta, Lisa Michelle Cook, Joseph Corbett, Joseph Seth Cushing, Steven Paul Davidson, Shailesh Deshpande, Sevara Ergasheva, Maria Ervin, James Wilson Foy, Jr., Noel Mary Fuller, Benjamin Judson Gaines, III, Candace Gordon, Jesse Antonio Hernandez, Christine Hoagland, Robert Charles Hoard, Michael Spiro Karafotis, Wesley Keville, Sandip Kumar, Terri Dorinda Lail, Mukesh Maraj, Wyatt Edward Maxey, Dari Ann Mckenzie, Ashley Meadows, Heather Newell, Conor Mitchell Liam Nodzak, Kenyell Javon Ollie, Jayshree G. Patel, David John Perro, Nivetha Raghavan, Nikhil Ram, Tara Michel Ramirez, Laurie Readhead, Mary Kathleen Riley, Elizabeth Rachel Rock, Angela Dawn Roose, Sanjay Singeetham, Kyle S. Sorensen, Shreyas Srinivas, Constance Jones Suarez, Viresh Taskar, Linda Trent, Sachin Varule, Bradley Walton, Christie M. Weekley, Yvette Alston, Ravindra Bandaru, Carmen R. Barnhill, Jamie Gilchrist, Namrata Kaushik, Fernando A. Maisonett
-
Patent number: 11822658Abstract: A sample is analyzed to determine a set of events that should be selected for performing by a dynamic analyzer executing the sample in an instrumented, emulated environment. The set of selected events is performed. In some cases, at least one emulator detection resistance action is performed. A maliciousness verdict is determined for the sample based at least in part on one or more responses taken by the sample in response to the set of selected events being performed by the dynamic analyzer.Type: GrantFiled: November 21, 2022Date of Patent: November 21, 2023Assignee: Palo Alto Networks, Inc.Inventors: Cong Zheng, Wenjun Hu, Zhi Xu
-
Patent number: 11816215Abstract: Systems and methods for archive scanning are provided herein. In some embodiments, a method includes: selecting an archive; reading a metadata representing a plurality of files within the archive; reading a plurality of hash strings from the archive; comparing the plurality of hash strings with a database of hash strings; and determining, based on the comparing, if the plurality of files within the archive represent a security threat based on the plurality of hash strings.Type: GrantFiled: February 16, 2022Date of Patent: November 14, 2023Assignee: UAB 360 ITInventors: Mohamed Adly Amer Elgaafary, Aleksandr Sevcenko
-
Patent number: 11811821Abstract: Example techniques described herein determine a validation dataset, determine a computational model using the validation dataset, or determine a signature or classification of a data stream such as a file. The classification can indicate whether the data stream is associated with malware. A processing unit can determine signatures of individual training data streams. The processing unit can determine, based at least in part on the signatures and a predetermined difference criterion, a training set and a validation set of the training data streams. The processing unit can determine a computational model based at least in part on the training set. The processing unit can then operate the computational model based at least in part on a trial data stream to provide a trial model output. Some examples include determining the validation set based at least in part on the training set and the predetermined criterion for difference between data streams.Type: GrantFiled: November 2, 2020Date of Patent: November 7, 2023Assignee: CrowdStrike, Inc.Inventors: Sven Krasser, David Elkind, Brett Meyer, Patrick Crenshaw
-
Patent number: 11799878Abstract: The disclosed embodiments include a software-defined security (SDS) service that can monitor runtime behavior of a network of nodes of a wireless network and detect anomalous activity indicating contamination of the network of nodes, where the contamination includes unauthorized instructions designed to damage or interrupt a function of the network of nodes. The SDS service can dynamically coordinate a blacklist and a whitelist, where the blacklist includes an indication of contaminated assets and the whitelist includes an indication of non-contaminated assets. The contaminated assets are isolated with a cleanroom environment, where the security resources sanitize the contaminated assets. Then, indications of the decontaminated assets are moved from the blacklist to the whitelist, and the use of the security resources are dynamically adjusted according to a load ratio between the whitelist and the blacklist.Type: GrantFiled: April 15, 2020Date of Patent: October 24, 2023Assignee: T-Mobile USA, Inc.Inventors: Venson Shaw, Sunil Lingayat, Gaviphat Lekutai
-
Patent number: 11790083Abstract: Techniques are provided for detecting a malicious script in a web page. Instrumentation code is provided for serving to a client computing device with a web page. The instrumentation code is configured to monitor web code execution at the client computing device when a script referenced by the web page is processed. Script activity data generated by the instrumentation code is received. The script activity data describes one or more script actions detected by the instrumentation code at the client computing device. Prior script activity data generated by a prior instance of the instrumentation code is obtained. A malicious change in the script is detected based on comparing the script activity data and the prior script activity data. In response to detecting the malicious change in the script, a threat response action is performed.Type: GrantFiled: June 26, 2020Date of Patent: October 17, 2023Assignee: SHAPE SECURITY, INC.Inventors: Tim Disney, Madhukar Kedlaya, Claire Schlenker Schlenker, Nitish Khadke
-
Patent number: 11790416Abstract: Systems and methods for in-store purchases are provided. An exemplary method may include receiving by a customer device associated with a customer, customer data including customer preference data. The method may include storing the received customer data and identifying a merchant at a location of the customer. The method may also include determining a customer order for the identified merchant based on the customer preference data. Further, the method may include transmitting a notification to a merchant device associated with the identified merchant, the notification including the determined customer order.Type: GrantFiled: April 28, 2021Date of Patent: October 17, 2023Assignee: Capital One Services, LLCInventors: Adam Koeppel, Robert Perry
-
Patent number: 11785044Abstract: System and method of detecting malicious interactions in a computer network, the method including generating, by a processor, at least one decoy segment, broadcasting, by the processor, the generated at least one decoy segment in a public database, monitoring, by the processor, communication within the computer network to identify interactions associated with the generated at least one decoy segment, determining, by the processor, at least one indicator of compromise (IOC) for the identified interactions, and blocking communication between the computer network and any computer associated with the determined at least one IOC.Type: GrantFiled: February 3, 2023Date of Patent: October 10, 2023Assignee: IntSights Cyber Intelligence Ltd.Inventors: Gal Ben David, Amir Hozez
-
Patent number: 11775919Abstract: Drone-based systems and methods are described for providing an airborne relocatable communication hub within a delivery vehicle for broadcast-enabled devices maintained within the delivery vehicle. Such a method has an aerial communication drone paired with the delivery vehicle transitioning to an active power state, uncoupling from a secured position on an internal docking station fixed within the delivery vehicle and then moving to a first deployed airborne position within the delivery vehicle. At a first position, the method has the aerial communication drone establishing a first wireless data communication path to a first broadcast-enabled device within the delivery vehicle, then establishing a second wireless data communication path to a second broadcast-enabled device within the delivery vehicle. The drone then couples the first and second wireless data communication paths it established operating as the airborne relocatable communication hub for the devices.Type: GrantFiled: November 17, 2020Date of Patent: October 3, 2023Assignee: Federal Express CorporationInventors: Reuben F. Burch, V., David A. Doyle, Brian D. Popp
-
Patent number: 11775640Abstract: Systems and methods are described for detecting and preventing execution of malware on an on-demand code execution system. An on-demand code execution system may execute user-submitted code on virtual machine instances, which may be provisioned with various computing resources (memory, storage, processors, network bandwidth, etc.). These resources may be utilized in varying amounts or at varying rates during execution of the user-submitted code. The user-submitted code may also be unavailable for inspection for security or other reasons. A malware detection system may thus identify user-submitted code that corresponds to malware by monitoring resource utilization during execution of the code and generating a resource utilization signature, which enables comparison between the signature of the user-submitted code and resource utilization signatures of codes previously identified as malware.Type: GrantFiled: March 30, 2020Date of Patent: October 3, 2023Assignee: Amazon Technologies, Inc.Inventors: Mihir Sathe, Niall Mullen
-
Patent number: 11770405Abstract: A method of automated filtering includes receiving a network traffic snapshot having packets with data stored in respective fields, generating a statistical data structure storing each potential unique combination of data stored in respective fields with an associated counter that is incremented for each occurrence that the combination matches one of the packets of the network traffic snapshot and one or more observation timestamps. Determining an observed vector from the statistical data structure, wherein the observed vector has associated attribute/value pairs and counters that satisfy a predetermined criterion. The observed vector's attribute/value pairs are compared to known attribute/value pairs associated with known DDoS attack vectors of an attack vector database.Type: GrantFiled: September 10, 2020Date of Patent: September 26, 2023Assignee: ARBOR NETWORKS, INC.Inventors: Steinthor Bjarnason, Brian St. Pierre
-
Patent number: 11762990Abstract: The technology described herein identifies malicious URLs using a classifier that is both accurate and fast. Aspects of the technology are particularly well adapted for use as a real-time URL security analysis tool because the technology is able to quickly process a URL and produce a warning when a malicious URL is identified. The rapid processing speed of the technology described herein is produced, in part, by use of only a single input signal, which is the URL itself. The high accuracy produced by the technology described herein is achieved by analyzing the unstructured text on both a character-by-character level and a word-by-word level. The technology described herein uses both character-level and word-level information from the incoming URL.Type: GrantFiled: June 30, 2020Date of Patent: September 19, 2023Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Arunkumar Gururajan, Jack Wilson Stokes, III, Farid Tajaddodianfar
-
Patent number: 11762959Abstract: Many areas of investigation require searching through data that may be of interest. In a first method step, a digital content element is provided. The digital content element may have any suitable format or data structure of interest to a searching entity. The digital content element may be a particular data file that is of interest to a searching entity. In a second step, the digital content element is compared with a first set of data provided by a combination of a second set of data and a third set of data. The first set of data is a collection of known digital content elements that are of interest to a searching entity, for example contraband digital content elements or digital content elements owned by or represented by the searching entity. In a third method step, the digital content element is identified as known if the digital content element is detected within the first set of data.Type: GrantFiled: March 12, 2018Date of Patent: September 19, 2023Assignee: CYACOMB LIMITEDInventors: William Johnston Buchanan, Owen Chin Wai Lo, Philip Penrose, Richard MacFarlane, Ian Stevenson, Bruce Ramsay
-
Patent number: 11757907Abstract: A cybersecurity system is provided for automated cybersecurity insights, remediation recommendations, and service provisioning. The cybersecurity system can generate threat insights and/or generate remediation recommendations using machine learning models and cybersecurity data obtained from target networks, partners, and the like. To provision cybersecurity services, cybersecurity system may collect metadata regarding the network connections and use cases desired for one or more services. Once the metadata has been collected, the cybersecurity assessment system automatically provisions the selected services based on the provided data, such as duration of time elected, service metrics, and the like.Type: GrantFiled: June 18, 2020Date of Patent: September 12, 2023Assignee: Cytellix CorporationInventors: Brian Douglas Berger, Howard Chen Lin, Tanner Joseph Sirota
-
Patent number: 11755728Abstract: Mechanisms for analyzing a structured file for malicious content are provided, comprising: parsing the structured file into a plurality of portions; selecting a selected portion of the portions; checking the selected portion to determine if at least one pre-condition is met; and in response to determining that the at least one pre-condition is met: decoding the selected portion to form a decoded portion; and checking the decoded portion to determine if it is malicious. In some embodiments: the at least one pre-condition can be changed; the structured file is a MICROSOFT OFFICE XML file; the selected portion is a file; the at least one pre-condition checks at least one attribute of the selected portion; decoding the selected portion comprises decompressing the selected portion; and/or checking the decoded portion to determine if it is malicious comprises checking whether a previously decoded portion of the structure file meets at least one condition.Type: GrantFiled: February 4, 2021Date of Patent: September 12, 2023Assignee: McAfee, LLCInventors: Qiang Liu, Chong Xu, Praveen Kumar Amritaluru, Mayank Bhatnagar
-
Patent number: 11741222Abstract: Attachments or other documents can be transmitted to a sandbox environment where they can be concurrently opened for remote preview from an endpoint and scanned for possible malware. A gateway or other intermediate network element may enforce this process by replacing attachments, for example, in incoming electronic mail communications, with links to a document preview hosted in the sandbox environment.Type: GrantFiled: December 15, 2020Date of Patent: August 29, 2023Assignee: Sophos LimitedInventors: Ross McKerchar, John Edward Tyrone Shaw, Andrew J. Thomas, Russell Humphries, Kenneth D. Ray, Daniel Salvatore Schiappa
-
Patent number: 11741065Abstract: Aspects of the invention include detecting an anomaly in a database of hardware, firmware, and software events. An exemplary method includes determining whether a previously addressed anomaly is a duplicate of the anomaly, addressing the anomaly according to a state of the previously addressed anomaly based on the previously addressed anomaly being a duplicate of the anomaly, and addressing the anomaly according to machine learning based on the previously addressed anomaly not being the duplicate of the anomaly.Type: GrantFiled: February 4, 2020Date of Patent: August 29, 2023Assignee: International Business Machines CorporationInventors: Edward C. McCain, Jeffrey Nettey, Barin Bhattacharya, Jeffrey Willoughby
-
Patent number: 11741253Abstract: A technique includes, in response to an exception occurring in the execution of a process on a computer, invoking an operating system service. The operating system service is used to sanitize data that is associated with the process and is stored in a memory of the computer. The data is associated with sensitive information.Type: GrantFiled: January 31, 2019Date of Patent: August 29, 2023Assignee: Hewlett Packard Enterprise Development LPInventors: Sridhar Bandi, Suhas Shivanna
-
Patent number: 11729183Abstract: A system and a method of providing security to an in-vehicle network are provided. The method efficiently operates multiple detection techniques to reduce the required system resources while maintaining robustness against malicious message detection.Type: GrantFiled: December 19, 2018Date of Patent: August 15, 2023Assignees: Hyundai Motor Company, Kia Motors CorporationInventors: Seung Wook Park, Seil Kim, Aram Cho
-
Patent number: 11720675Abstract: The present disclosure relates to a method for integrity verification of a software stack or part of a software stack resident on a host machine. A management entity generates a measurement log for a disk image associated with the software stack or the part of a software stack. A verifier entity retrieves the generated measurement log and compares the generated measurement log with a reference measurement of a verification profile previously assigned by the verifier entity to the software stack or the part of a software stack to verify the software stack or the part of a software stack.Type: GrantFiled: April 15, 2022Date of Patent: August 8, 2023Assignee: Hewlett Packard Enterprise Development LPInventors: Sidnei Roberto Selzler Franco, Ludovic Emmanuel Paul Noel Jacquin, Jonathan Meller, Guilherme De Campos Magalhaes
-
Patent number: 11716263Abstract: A network monitoring device may receive flow-tap information that identifies a traffic flow characteristic and a signed URL associated with a signed URL platform from a mediation device. The network device may map the traffic flow characteristic to the signed URL in an entry of a flow-tap filter that is maintained within a data structure of the network device. The network device may analyze, using the flow-tap filter, network traffic of the network to detect a traffic flow that is associated with the traffic flow characteristic. The network device may generate, based on detecting the traffic flow in the network traffic, a traffic flow copy that is associated with the traffic flow. The network device may provide, based on the signed URL, the traffic flow copy to the signed URL platform, wherein the traffic flow copy is to be accessible to an authorized user device via the signed URL.Type: GrantFiled: January 26, 2022Date of Patent: August 1, 2023Assignee: Juniper Networks, Inc.Inventor: Sheeja J S
-
Patent number: 11706198Abstract: A communication server, interacting with an organization system having users that wish to communicate securely, provides secure communication capability to the users, without the communication server itself having access to unencrypted content of the user communications or to cryptographic keys that would allow the communication server to derive the unencrypted content. Thus, the communication server that provides the secure communication capability need not itself be trusted by the users with access to communicated content. To achieve this, the various entities communicate to exchange cryptographic keys in such a manner that the communication server never obtains usable copies of the cryptographic keys.Type: GrantFiled: May 8, 2020Date of Patent: July 18, 2023Assignee: SYMPHONY COMMUNICATION SERVICES HOLDINGS LLCInventors: Serkan Mulayin, David M'Raihi, Tim Casey, Michael Harmon, Jon McLachlan
-
Patent number: 11704410Abstract: A system for detecting malicious software, comprising at least one hardware processor adapted to: execute a tested software object in a plurality of computing environments each configured according to a different hardware and software configuration; monitor a plurality of computer actions performed in each of the plurality of computing environments when executing the tested software object; identify at least one difference between the plurality of computer actions performed in a first of the plurality of computing environments and the plurality of computer actions performed in a second of the plurality of computing environments; and instruct a presentation of an indication of the identified at least one difference on a hardware presentation unit.Type: GrantFiled: May 19, 2021Date of Patent: July 18, 2023Assignee: NEC Corporation Of AmericaInventors: Tsvi Lev, Yaacov Hoch
-
Patent number: 11706015Abstract: A method for side-channel attack mitigation in streaming encryption includes reading an input stream into a decryption process, extracting an encryption envelope having a wrapped key, a cipher text, and a first message authentication code (MAC) from the input stream, generating a second MAC using the wrapped key of the encryption envelope, and performing decryption of the cipher text in constant time by determining whether the encryption envelope is authentic by comparing the first MAC extracted from the encryption envelope and the second MAC generated using the wrapped key.Type: GrantFiled: October 27, 2021Date of Patent: July 18, 2023Assignee: Google LLCInventor: Adam Markowitz
-
Patent number: 11687651Abstract: Systems, methods and apparatus for malware detection to detect and stop the distribution of malware and other undesirable content before such content reaches computing systems. A Malware Detection Service (MDS) including a processor and memory storing computer program instructions that when executed cause the processor to receive one of content or a signature of a file, responsive to receiving a signature of a file, determine a status of the file as trusted, untrusted, or unknown for malware based on the signature, responsive to receiving content of a file, generate a signature of the file and scan the content to identify the status of the content as trusted or untrusted.Type: GrantFiled: March 7, 2022Date of Patent: June 27, 2023Assignee: Zscaler, Inc.Inventors: Kailash Kailash, Robert L. Voit, Jose Raphel
-
Patent number: 11689562Abstract: An apparatus, including systems and methods, for detecting ransomware is disclosed herein. For example, in some embodiments, an apparatus includes a memory element operable to store instructions; and a processor operable to execute the instructions, such that the apparatus is configured to receive data identifying a process and a plurality of files accessed by the process; identify an access indicator associated with each of the plurality of files accessed by the process, wherein the access indicator includes file type; determine whether the access indicator exceeds a threshold; interrupt, based on a determination that the access indicator exceeds a threshold, the process; and prompt a user to allow or disallow the process to proceed.Type: GrantFiled: June 17, 2020Date of Patent: June 27, 2023Assignee: McAfee, LLCInventors: Oliver G. Devane, Abhishek Karnik, Sriram P
-
Patent number: 11677764Abstract: The automatic generation of malware family signatures is disclosed. A set of metadata associated with a plurality of samples is received. The samples are clustered. For members of a first cluster, a set of similarities shared among at least a portion of the members of the first cluster is determined. The similarities are evaluated for suitability as a malware family signature. Suitability is evaluated based on how well the similarities uniquely identify the members of the first cluster. In the event the similarities are determined to be suitable as a malware family signature, a signature is generated.Type: GrantFiled: June 1, 2021Date of Patent: June 13, 2023Assignee: Palo Alto Networks, Inc.Inventors: Zhi Xu, Jiajie Wang, Xiao Zhang, Wenjun Hu
-
Patent number: 11663363Abstract: A method for detecting a false positive outcome in classification of files includes, analyzing a file to determine whether or not the file is to be recognized as being malicious, analyzing a file to determine whether a digital signature certificate is present for the file, in response to recognizing the file as being malicious; comparing the digital certificate of the file with one or more digital certificates stored in a database of trusted files, in response to determining that the digital signature certificate is present for the file; and detecting a false positive outcome if the digital certificate of the file is found in the database of trusted files, when the false positive outcome is detected, excluding the file from further determination of whether the file is malicious and calculating a flexible hash value of the file.Type: GrantFiled: February 15, 2022Date of Patent: May 30, 2023Assignee: AO Kaspersky LabInventors: Sergey V. Prokudin, Alexander S. Chistyakov, Alexey M. Romanenko
-
Patent number: 11663082Abstract: Systems and methods for virtual disk image testing. An example method may comprise uploading a virtual disk image, by a requestor, to a cloud. Deploying a temporary instance of the uploaded virtual disk. Determining whether deployment of the temporary instance of the uploaded virtual disk image in the cloud is successful. Responsive to determining that the deployment of the temporary instance of the uploaded virtual disk image in the cloud is unsuccessful, flagging the uploaded virtual disk image as unbootable. Responsive to flagging the uploaded virtual disk image as unbootable, notifying the requestor that the uploaded virtual disk image is not submitted to a repository of the cloud.Type: GrantFiled: August 27, 2021Date of Patent: May 30, 2023Assignee: Red Hat, Inc.Inventors: Arie Bregman, Ilan Gersht
-
Patent number: RE49684Abstract: In one embodiment, a traffic analysis service receives captured traffic data regarding a Transport Layer Security (TLS) connection between a client and a server. The traffic analysis service applies a first machine learning-based classifier to TLS records from the traffic data, to identify a set of the TLS records that include Hypertext Transfer Protocol (HTTP) header information. The traffic analysis service estimates one or more HTTP transaction labels for the connection by applying a second machine learning-based classifier to the identified set of TLS records that include HTTP header information. The traffic analysis service augments the captured traffic data with the one or more HTTP transaction labels. The traffic analysis service causes performance of a network security function based on the augmented traffic data.Type: GrantFiled: August 31, 2021Date of Patent: October 3, 2023Assignee: Cisco Technology, Inc.Inventors: Blake Harrell Anderson, David McGrew