Virus Detection Patents (Class 726/24)
-
Patent number: 10826934Abstract: Example techniques described herein determine a validation dataset, determine a computational model using the validation dataset, or determine a signature or classification of a data stream such as a file. The classification can indicate whether the data stream is associated with malware. A processing unit can determine signatures of individual training data streams. The processing unit can determine, based at least in part on the signatures and a predetermined difference criterion, a training set and a validation set of the training data streams. The processing unit can determine a computational model based at least in part on the training set. The processing unit can then operate the computational model based at least in part on a trial data stream to provide a trial model output. Some examples include determining the validation set based at least in part on the training set and the predetermined criterion for difference between data streams.Type: GrantFiled: January 10, 2017Date of Patent: November 3, 2020Assignee: CrowdStrike, Inc.Inventors: Sven Krasser, David Elkind, Brett Meyer, Patrick Crenshaw
-
Patent number: 10819716Abstract: Systems and methods for analyzing network traffic are provided. An exemplary system may include a plurality of network nodes distributed in multiple geographical regions. The plurality of network nodes may be configured to collect mass scanning network traffic data. The system may also include at least one processor. The processor may be configured to receive, from a first network node, a first network scanning request from a source scanner. In response to the reception of the first network scanning request, the processor may also be configured to transmit, via a second network node, a second network scanning request to the source scanner. The processor may further be configured to determine, based on feedback from the source scanner, whether the source scanner is compromised.Type: GrantFiled: July 22, 2020Date of Patent: October 27, 2020Assignee: GREYNOISE INTELLIGENCE INC.Inventor: Andrew Kevin Morris
-
Patent number: 10817601Abstract: Techniques for restricting the execution of algorithms contained in applications executing on virtual machines executing within a computer system are described herein. A first sampled set of computer executable instructions is gathered from a virtual machine by a controlling domain and compared against a reference set of computer executable instructions. If the first set is similar to the reference set, and if the execution of the algorithm corresponding to the reference set is restricted by one or more computer system polices, one or more operations limiting the execution of the restricted algorithm are performed, thus ensuring conformance with the computer system policies.Type: GrantFiled: January 19, 2018Date of Patent: October 27, 2020Assignee: Amazon Technologies, Inc.Inventor: Nicholas Alexander Allen
-
Patent number: 10819614Abstract: There is provided a network monitoring apparatus including a memory in which information of a remote operation and a combination of one or more command codes are associated with each other, and a processor coupled to the memory and the processor configured to acquire a command code of the one or more commands codes from a header of an encrypted execution request packet for executing the one or more commands for implementing a remote operation, determine whether or not there exists the combination included in a command code list in which acquired command codes are sequentially indicated, by referring the memory, and determine that the remote operation associated with the combination is successful when it is determined that there exists the combination included in the command code list.Type: GrantFiled: November 5, 2018Date of Patent: October 27, 2020Assignee: FUJITSU LIMITEDInventors: Yuki Fujishima, Masanobu Morinaga, Kazuyoshi Furukawa
-
Patent number: 10817603Abstract: In some implementations, a method performed by data processing apparatuses includes receiving a new script document in a scripting language that has not yet been classified; identifying features of the new script document, wherein at least some of the features are script-language commands contained in the new script document; generating first feature-data for the new script document, the first feature-data comprising measures of frequency of occurrences of the features within the new script document; and assigning a classification to the new script document based on a comparison of the first feature-data with training data that comprises second feature-data for known-malicious script documents and third feature-data for known-benign script documents.Type: GrantFiled: August 23, 2018Date of Patent: October 27, 2020Assignee: Target Brands, Inc.Inventor: Evan Gaustad
-
Patent number: 10810317Abstract: A gateway device includes a network interface connected to data sources, and computer instructions, that when executed cause a processor to access data portions from the data sources. The processor accesses classification rules, which are configured to classify a data portion of the plurality of data portions as sensitive data in response to the data portion satisfying the rule. Each rule is associated with a significance factor representative of an accuracy of the classification rule. The processor applies each of the set of classification rules to a data portion to obtain an output of whether the data is sensitive data. The output are weighed by significance factors to produce a set of weighted outputs. The processor determines if the data portion is sensitive data by aggregating the set of weighted outputs, and presents the determination in a user interface. Security operations may also be performed on the data portion.Type: GrantFiled: February 9, 2018Date of Patent: October 20, 2020Assignee: Protegrity CorporationInventors: David Clyde Williamson, Vichai Levy, Hans Meijer, Yigal Rozenberg, Lingling Yan
-
Patent number: 10805341Abstract: In one embodiment, a traffic analysis service receives captured traffic data regarding a Transport Layer Security (TLS) connection between a client and a server. The traffic analysis service applies a first machine learning-based classifier to TLS records from the traffic data, to identify a set of the TLS records that include Hypertext Transfer Protocol (HTTP) header information. The traffic analysis service estimates one or more HTTP transaction labels for the connection by applying a second machine learning-based classifier to the identified set of TLS records that include HTTP header information. The traffic analysis service augments the captured traffic data with the one or more HTTP transaction labels. The traffic analysis service causes performance of a network security function based on the augmented traffic data.Type: GrantFiled: February 6, 2018Date of Patent: October 13, 2020Assignee: Cisco Technology, Inc.Inventors: Blake Harrell Anderson, David McGrew
-
Patent number: 10802863Abstract: An apparatus and method for storing an audit trail in response to execution of a virtual-machine process. The method for storing an audit trail, performed by the apparatus for storing an audit trail in response to execution of a virtual-machine process, includes detecting execution of a process inside a virtual machine, determining whether the executed process is a monitoring target process and determining a type of the process, activating one or more monitoring events for monitoring at least one of an upload, a download and a drop by the process based on a result of the determination, and storing information about occurrence of the activated monitoring event as an audit trail.Type: GrantFiled: May 10, 2018Date of Patent: October 13, 2020Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTEInventors: Hyunyi Yi, Sung-Jin Kim, Woomin Hwang, Seong-Joong Kim, Chulwoo Lee, Byung-Joon Kim, Hyoung-Chun Kim
-
Patent number: 10798123Abstract: Aspects of the present disclosure involve systems and methods computing devices to access a public network posing as a user to the network to detect one or more malware programs available for downloading through the network. More particularly, a malware detection control system utilizes a browser executed on a computing device to access a public network, such as the Internet. Through the browser, sites or nodes of the public network are accessed by the control system with the interactions with the sites of the public network designed to mimic or approximate a human user of the browser. More particularly, the control system may apply the one or more personality profiles to the browser of the computing device to access and interact with the nodes of the public network. Further, the control system may monitor the information retrieved from the network sites to detect the presence of malware within the nodes.Type: GrantFiled: August 16, 2019Date of Patent: October 6, 2020Assignee: Level 3 Communications, LLCInventor: Skyler J. Bingham
-
Patent number: 10798116Abstract: Embodiments of the present disclosure relate to a data analysis system that may automatically generate memory-efficient clustered data structures, automatically analyze those clustered data structures, and provide results of the automated analysis in an optimized way to an analyst. The automated analysis of the clustered data structures (also referred to herein as data clusters) may include an automated application of various criteria or rules so as to generate a compact, human-readable analysis of the data clusters. The human-readable analyses (also referred to herein as “summaries” or “conclusions”) of the data clusters may be organized into an interactive user interface so as to enable an analyst to quickly navigate among information associated with various data clusters and efficiently evaluate those data clusters in the context of, for example, a fraud investigation. Embodiments of the present disclosure also relate to automated scoring of the clustered data structures.Type: GrantFiled: April 24, 2018Date of Patent: October 6, 2020Assignee: Palantir Technologies Inc.Inventors: David Cohen, Jason Ma, Bing Jie Fu, Ilya Nepomnyashchiy, Steven Berler, Alex Smaliy, Jack Grossman, James Thompson, Julia Boortz, Matthew Sprague, Parvathy Menon, Michael Kross, Michael Harris, Adam Borochoff
-
Patent number: 10795855Abstract: In some embodiments, a target host may have provided the change data in response to detecting the change, and the change data may include one or more rules, settings, and/or parameters. Also, in various embodiments, the compliance server may determine whether the one or more rules, settings, and/or parameters meet one or more compliance policies and generate one or more test results based at least on the results of the determining. Further, in some embodiments, the target host may detect a change to a rule, setting, and/or parameter based on a collection policy defining what change data is to be collected by the target host and provide data associated with the rule, setting, and/or parameter as change data to the compliance server.Type: GrantFiled: July 2, 2018Date of Patent: October 6, 2020Assignee: Tripwire, Inc.Inventor: Robert DiFalco
-
Patent number: 10795996Abstract: Disclosed are systems and methods for machine learning of a model for detecting malicious files. The described system samples files from a database of files and trains a detection model for detecting malicious files on the basis of an analysis of the sampled files. The described system forms behavior logs based on executable commands intercepted during execution of the sampled files, and generates behavior patterns based on the behavior log. The described system determines a convolution function based on the behavior patterns, and trains a detection model for detecting malicious files by calculating parameters of the detection model using the convolution function on the behavior patterns. The trained detection model may be used to detect malicious files by utilizing the detection model on a system behavior log generated during execution of suspicious files.Type: GrantFiled: February 28, 2018Date of Patent: October 6, 2020Assignee: AO Kaspersky LabInventors: Alexander S. Chistyakov, Ekaterina M. Lobacheva, Alexey M. Romanenko
-
Patent number: 10795995Abstract: There are disclosed devices, system and methods for feeding identification data of malicious creatives existing in internet advertisements to a supply side platform (SSP) by receiving reports of unwanted actions without user action by malicious creatives of internet advertisements (ads) requested from the SSP by webpages being displayed to users. The reports include a creative identification (ID), a malicious code chain of events, and a demand side platform (DSP) ID or a seat ID. The reports are pre-processed by classifying the unwanted action attempts based on the chain of events. The pre-processed reports are parsed to extract the creative IDs, the SSP IDs and the DSP IDs; and then stored in a searchable database. The stored parsed pre-processed reports are feed to SSPs based on the SSP identifications. The feed includes the creative IDs, the SSP IDs, the DSP IDs, timestamps of the unwanted action attempt and the classifications.Type: GrantFiled: April 23, 2020Date of Patent: October 6, 2020Assignee: CLEAN.IO, INC.Inventors: Alexey Stoletny, Seth Demsey, Iván Soroka
-
Patent number: 10789105Abstract: Systems, methods, computer readable media and articles of manufacture consistent with innovations herein are directed to computer virtualization, computer security and/or memory access. According to some illustrative implementations, innovations herein may utilize and/or involve a separation kernel hypervisor which may include the use of a guest operating system virtual machine protection domain, a virtualization assistance layer, and/or a detection mechanism (which may be proximate in temporal and/or spatial locality to malicious code, but isolated from it), inter alia, for detection and/or notification of, and action by a monitoring guest upon access by a monitored guest to predetermined physical memory locations.Type: GrantFiled: April 9, 2018Date of Patent: September 29, 2020Assignee: Lynx Software Technologies, Inc.Inventors: Edward T. Mooring, Phillip Yankovsky, Craig Howard
-
Patent number: 10783241Abstract: A system and methods for sandboxed malware analysis and automated patch development, deployment and validation, that uses a business operating system, vulnerability scoring engine, binary translation engine, sandbox simulation engine, at least one network endpoint, at least one database, a network, and a combination of machine learning and vulnerability probing techniques, to analyze software, locate any vulnerabilities or malicious behavior, and attempt to patch and prevent undesired behavior from occurring, autonomously.Type: GrantFiled: February 2, 2018Date of Patent: September 22, 2020Assignee: QOMPLX, INC.Inventors: Jason Crabtree, Andrew Sellers
-
Patent number: 10783246Abstract: Examples relate to snapshots of system memory. In an example implementation, structural information of a process in a snapshot of system memory is compared with hashes or fuzzy hashes of executable regions of the same process in a previous snapshot of system memory to determine whether there is a structural anomaly.Type: GrantFiled: January 31, 2017Date of Patent: September 22, 2020Assignee: Hewlett Packard Enterprise Development LPInventors: Nigel Edwards, Michael John Wray
-
Patent number: 10783249Abstract: Embodiments of the present application provide a method and apparatus for removing a root-privileged virus and an electronic device. The method includes: scanning the smart device to find a root-privileged virus file; obtaining a root-privileged removing process according to the virus file; and removing the root-privileged virus file according to a preset removing strategy by using the root-privileged removing process. As a root-privileged process is directly obtained in this embodiment by using a found virus file, the smart device can obtain the root privileges more quickly, improving the speed of killing the root-privileged virus.Type: GrantFiled: December 26, 2016Date of Patent: September 22, 2020Assignee: Beijing Kingsoft Internet Security Software Co., Ltd.Inventor: Guoqing Yuan
-
Patent number: 10783053Abstract: Errors encountered by executing applications can be recorded in one or more logs. A search engine can be configured to retrieve error data from the one or more logs using pre-specified rules. A portion of the error data can be included in a small portable message (e.g., SMS text message) and sent to the developers or administrators of the applications. An administrative console can generate different visualizations based upon what errors the search engine retrieved.Type: GrantFiled: March 23, 2018Date of Patent: September 22, 2020Assignee: Palantir Technologies Inc.Inventors: Lauren DeMeuse, Grant Wu, Garren Riechel, Ian Mair, Michael Nazario
-
Patent number: 10778626Abstract: An electronic device will identify an electronic message received by a messaging client that is associated with a first recipient, and it will analyze the electronic message to determine whether the electronic message is a simulated malicious message. Upon determining that electronic message is a simulated malicious message, the device will identify an actuatable element in the electronic message. The actuatable element will include a service address. The device will modify the electronic message by appending a user identifier of the first recipient to the service address of the actuatable element. Then, when the actutable element is actuated, the system may determine whether the first recipient actuated the actuatable element or an alternate recipient did so based on whether the user identifier of the first recipient is still appended (or is the only user identifier appended) to the actuatable element.Type: GrantFiled: February 4, 2019Date of Patent: September 15, 2020Assignee: Proofpoint, Inc.Inventors: Kurt Wescoe, Trevor Tyler Hawthorn, Alan Himler, Patrick H. Veverka, John T. Campbell, Dustin D. Brungart, Norman Sadeh-Koniecpol
-
Patent number: 10762194Abstract: A program file classification method, a program file classification apparatus, and a program file classification system, where the system sets an agent program in a client and a sandbox server to obtain behavior information corresponding to at least two behaviors executed by a program file at runtime. Each piece of behavior information includes a behavior identifier and a path related during execution of a corresponding behavior. A classification server performs normalization process on the path in each piece of behavior information, where the normalization process reduces path diversity, generates a feature vector according to at least two pieces of behavior information obtained after the path normalization process, and determines, according to the feature vector, a category to which the program file belongs. Because normalization process is performed on the path, randomness of a path obtained after the normalization process is reduced.Type: GrantFiled: January 12, 2018Date of Patent: September 1, 2020Assignee: HUAWEI TECHNOLOGIES CO., LTD.Inventor: Zhenhua Liu
-
Patent number: 10762261Abstract: A method to transform the function of a circuit is provided. The method provides a first register-transfer level (RTL) document and a second RTL document, provides a first gate level (GTL) netlist and a second GTL netlist, compares the two RTL documents to identify the instances to be modified, locates the instances to be modified in the first GTL netlist, and transforms the function of the circuit by patching the circuit such that the patched first GTL netlist is equivalent to the second GTL netlist. The method improves performance and efficiency of the transformation by reducing the number of instances to be input into the engineering change order (ECO) engine, and also minimizes change in circuit design.Type: GrantFiled: April 16, 2019Date of Patent: September 1, 2020Inventor: Yu-Liang Wu
-
Patent number: 10754947Abstract: A method, including identifying over a set of classified applications a set of discriminating features, determining via code analysis, when a first application is subjected to classification, positions of the first application's code that correspond to discriminating features, and forwarding to a classification algorithm, such that according to its output the code fragments corresponding to the discriminating features are reported beyond a determination itself of the discriminating features.Type: GrantFiled: November 30, 2015Date of Patent: August 25, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Pietro Ferrara, Marco Pistoia, Omer Tripp
-
Patent number: 10757120Abstract: An electronic message is analyzed for malware contained in the message. Text of an electronic message may be analyzed to detect and process malware content in the electronic message itself. The present technology may analyze an electronic message and attachments to electronic messages to detect a uniform resource location (URL), identify whether the URL is suspicious, and analyze all suspicious URLs to determine if they are malware. The analysis may include re-playing the suspicious URL in a virtual environment which simulates the intended computing device to receive the electronic message. If the re-played URL is determined to be malicious, the malicious URL is added to a black list which is updated throughout the computer system.Type: GrantFiled: July 16, 2018Date of Patent: August 25, 2020Assignee: FireEye, Inc.Inventors: Ashar Aziz, Henry Uyeno, Jay Manni, Amin Sukhera, Stuart Staniford
-
Patent number: 10757135Abstract: A bot characteristic detection method and apparatus, where the apparatus obtains a first dynamic behavior file and a second dynamic behavior file, where the first dynamic behavior file is a behavior file resulting from dynamic behavior detection performed on a malicious file in a first sandbox, and the second dynamic behavior file is a behavior file resulting from dynamic behavior detection performed on the malicious file in a second sandbox. The apparatus determines a bot characteristic of the malicious file based on a common characteristic of the first dynamic behavior file and the second dynamic behavior file.Type: GrantFiled: April 2, 2019Date of Patent: August 25, 2020Assignee: HUAWEI TECHNOLOGIES CO., LTD.Inventor: Wu Jiang
-
Patent number: 10749880Abstract: The present invention involves with a cloud tenant oriented method and system for protecting privacy data. The method comprises at least the following steps: analyzing event handler information and/or behavioral signature information of request information and determining an execution mode, selecting at least one node without a behavioral signature plot to execute the tenant request and recording an execution result, generating a behavioral signature plot based on the execution result, and dynamically detecting security-sensitive behavior based on the behavioral signature plot. The present invention ensures data security during processing of security-sensitive data for cloud services by adopting a technology based on behavioral signatures, and prevents attackers from exploiting vulnerabilities and bypassing security control to conduct malicious operations.Type: GrantFiled: August 23, 2018Date of Patent: August 18, 2020Assignee: Huazhong University of Science and TechnologyInventors: Hai Jin, Weiqi Dai, Yan Xia, Deqing Zou
-
Patent number: 10747879Abstract: A system, method, and computer program product are provided for identifying a file utilized to automatically launch content as unwanted. In one embodiment, a file is identified in response to a detection of unwanted code, the file utilized to automatically launch content. Additionally, it is determined whether an identifier associated with the unwanted code is included in the file. Further, the file is identified as unwanted based on the determination.Type: GrantFiled: December 13, 2018Date of Patent: August 18, 2020Assignee: MCAFEE, LLCInventors: Vinoo Thomas, Palasamudram Ramagopal Prashanth, Rahul Mohandas
-
Patent number: 10742669Abstract: A system and method for determining malware threats based on behavior of a host/IP address uses netflow data, white lists, black lists and machine learning classification with a model. A white list generation method may be used and a machine learning model validation method.Type: GrantFiled: August 9, 2017Date of Patent: August 11, 2020Assignee: NTT Security CorporationInventors: Kenji Takahashi, Marek Niedzwiedz, Michal Tadeusiak, Jan Milczek, Szymon Nakonieczny, Jakub Czakon
-
Patent number: 10740363Abstract: Techniques are provided herein for classifying domains based on DNS traffic so that domains that are malicious or associated with malicious activity can be identified. Traffic between one or more domain name system (DNS) resolvers and one or more authoritative name servers hosted on the Internet is analyzed analyzing at a server having network connectivity. A mismatch between a hostname and Internet Protocol (IP) information for the hostname is detected in the traffic and domains included in the traffic are classified based on the detecting.Type: GrantFiled: November 26, 2018Date of Patent: August 11, 2020Assignee: Cisco Technology, Inc.Inventors: Dhia Mahjoub, Thomas M. Mathew
-
Patent number: 10735441Abstract: In one embodiment, a service receives traffic telemetry data regarding encrypted traffic sent by an endpoint device in a network. The service analyzes the traffic telemetry data to infer characteristics of an application on the endpoint device that generated the encrypted traffic. The service receives, from a monitoring agent on the endpoint device, application telemetry data regarding the application. The service determines that the application is evasive malware based on the characteristics of the application inferred from the traffic telemetry data and on the application telemetry data received from the monitoring agent on the endpoint device. The service initiates performance of a mitigation action in the network, after determining that the application on the endpoint device is evasive malware.Type: GrantFiled: December 20, 2017Date of Patent: August 4, 2020Assignee: Cisco Technology, Inc.Inventors: Blake Harrell Anderson, David McGrew, Vincent E. Parla, Jan Jusko, Martin Grill, Martin Vejman
-
Patent number: 10735442Abstract: User interfaces are generated by operations that include receive and store formatted static data and dynamic data. A first query is received, and first response data is selected. A user interface is generated containing the first response data and the user interface is displayed. An indication of user selection is received. A second query is generated and second response data is selected. The user interface is updated to a second user interface, which is displayed.Type: GrantFiled: June 4, 2018Date of Patent: August 4, 2020Assignee: Target Brands, Inc.Inventor: Allen M. Swackhamer
-
Patent number: 10733385Abstract: A behavior inference model building apparatus and a behavior inference model building method thereof are provided. The behavior inference model building apparatus converts a plurality of program operation sequences of a plurality of program operation sequence data into a plurality of word vectors through a word embedding model, and inputs the first M word vectors of the word vectors, corresponding to each program operation sequence data, into a generative adversarial network (GAN) model to train and optimize the GAN model. The behavior inference model building apparatus integrates the word embedding model and the generator of the optimized GAN model to build a behavior inference model.Type: GrantFiled: December 12, 2017Date of Patent: August 4, 2020Assignee: Institute For Information IndustryInventors: Chia-Min Lai, Chia-Yu Lu
-
Patent number: 10726129Abstract: A technique for detecting malware looks at startup hooks that may be created by malware to assist in ensuring that the malware is started upon a reboot of a programmable device. After enumerating startup hooks in the system, startup hooks associated with untrusted executables are deleted. If the startup hook is restored, that is an indication that the untrusted executable may be malware. An indication may then be passed to an anti-malware software to analyze the executable further.Type: GrantFiled: April 18, 2019Date of Patent: July 28, 2020Assignee: McAfee, LLCInventors: Craig Schmugar, John Teddy, Cedric Cochin
-
Patent number: 10728271Abstract: In one embodiment, a computing device provides a feature vector as input to a random decision forest comprising a plurality of decision trees trained using a training dataset, each decision tree being configured to output a classification label prediction for the input feature vector. For each of the decision trees, the computing device determines a conditional probability of the decision tree based on a true classification label and the classification label prediction from the decision tree for the input feature vector. The computing device generates weightings for the classification label predictions from the decision trees based on the determined conditional probabilities. The computing device applies a final classification label to the feature vector based on the weightings for the classification label predictions from the decision trees.Type: GrantFiled: June 11, 2019Date of Patent: July 28, 2020Assignee: Cisco Technology, Inc.Inventors: Jan Brabec, Lukas Machlica
-
Patent number: 10726128Abstract: Example techniques herein determine that a trial data stream is associated with malware (“dirty”) using a local computational model (CM). The data stream can be represented by a feature vector. A control unit can receive a first, dirty feature vector (e.g., a false miss) and determine the local CM based on the first feature vector. The control unit can receive a trial feature vector representing the trial data stream. The control unit can determine that the trial data stream is dirty if a broad CM or the local CM determines that the trial feature vector is dirty. In some examples, the local CM can define a dirty region in a feature space. The control unit can determine the local CM based on the first feature vector and other clean or dirty feature vectors, e.g., a clean feature vector nearest to the first feature vector.Type: GrantFiled: July 24, 2017Date of Patent: July 28, 2020Assignee: CrowdStrike, Inc.Inventors: Sven Krasser, David Elkind, Patrick Crenshaw, Kirby James Koster
-
Patent number: 10719413Abstract: A unified backup workflow process for different hypervisor configurations of virtual machines on different storage of a cluster leverages RCT-based backup functionality so that backup operations can be performed by a single host of the cluster. The process enables backing up together virtual machines that are local, as well as part of CSV or SMB storage using virtual machine level snapshots as checkpoints rather than volume level snapshots that were traditionally used. Backup data is sent to a backup server as a data stream rather than a file, which avoids the necessity of maintaining chains or structures that identify parent-child disks on the server.Type: GrantFiled: April 17, 2018Date of Patent: July 21, 2020Assignee: EMC IP Holding Company, LLCInventors: Sunil Yadav, Aaditya R. Bansal, Soumen Acharya, Suman C. Tokuri, Sudha V. Hebsur
-
Patent number: 10719610Abstract: Systems, methods, and software can be used to generating security manifests for software components using binary static analysis. In some aspects, one computer-implemented method includes performing a binary static analysis of a binary software component to determine one or more security characteristics of the binary software component; generating a security manifest for the binary software component including the determined one or more security characteristics of the binary software component; and providing the security manifest to a software management system configured to determine whether to deploy the binary software component based on the security manifest.Type: GrantFiled: August 14, 2017Date of Patent: July 21, 2020Assignee: BlackBerry LimitedInventor: Adam John Boulton
-
Patent number: 10713586Abstract: This document discloses a system and method for consolidating threat intelligence data for a computer and its related networks. Massive volumes of raw threat intelligence data are collected from a plurality of sources and are partitioned into a common format for cluster analysis whereby the clustering of the data is done using unsupervised machine learning algorithms. The resulting organized threat intelligence data subsequently undergoes a weighted asset based threat severity level correlation process. All the intermediary network vulnerabilities of a particular computer network are utilized as the critical consolidation parameters of this process. The final processed intelligence data gathered through this high speed automated process is then formatted into predefined formats prior to transmission to third parties.Type: GrantFiled: July 24, 2015Date of Patent: July 14, 2020Assignee: Certis CISCO Security Pte LtdInventor: Keng Leng Albert Lim
-
Patent number: 10713359Abstract: Disclosed are systems and methods for detection of malicious intermediate language files. In one exemplary aspect, the system comprises a database comprising hashes of known malicious files, a resource allocation module configured to select a set of resources from a file being analyzed, a hash calculation module, coupled to the resource allocation module, configured to calculate a perceptive hash of the set of resources; and an analysis module, coupled to the other modules, configured to identify a degree of similarly between the set of resources and a set of resources from known malicious files by comparing the perceptive hash with perceptive hashes of the set of resources from known malicious files, determine a harmfulness of the file being analyzed based on the degree of similarity and remove or quarantine the file being analyzed when the harmfulness exceeds a predetermined threshold.Type: GrantFiled: March 29, 2018Date of Patent: July 14, 2020Assignee: AO Kaspersky LabInventors: Vladimir V. Krylov, Alexander V. Liskin, Alexey E. Antonov
-
Patent number: 10706151Abstract: Described systems and methods allow protecting a computer system from malicious software. In some embodiments, a security application organizes a set of monitored executable entities (e.g., processes) into a plurality of groups, wherein members of a group are related by filiation and/or code injection. The security application may further associate a malice-indicative entity score with each monitored entity, and a malice-indicative group score with each entity group. Group scores may be incremented when a member of the respective group performs certain actions. Thus, even though actions performed by individual members may not be malware-indicative per se, the respective group score may capture collective malicious behavior and trigger malware detection.Type: GrantFiled: October 1, 2018Date of Patent: July 7, 2020Assignee: Bitdefender IPR Management Ltd.Inventors: Gheorghe F. Hajmasan, Radu M. Portase
-
Patent number: 10708308Abstract: An example embodiment may include a security enforcement point device disposed within a managed network and a security decision point device disposed within a computational instance of a remote network management platform. The security decision point device may be configured to: receive a message by way of the managed network; parse the message to identify observable indicators of one or more of the security threats, where the observable indicators include at least one of a network addresses, a hyperlink, or a representation of an attached file; remotely query a security threat database for the observable indicators; receive, from the security threat database, an indication that the observable indicators are associated with a particular security threat, and transmit, to the security enforcement point device, a command to update its associated security policy such that the particular security threat is mitigated.Type: GrantFiled: October 2, 2017Date of Patent: July 7, 2020Assignee: ServiceNow, Inc.Inventors: Phillip DiCorpo, Jose Bernal, Eun-Sook Watson
-
Patent number: 10706368Abstract: The disclosed computer-implemented method for efficiently classifying data objects may include (1) receiving a data object to be classified according to a group of rules, where each rule includes one or more clauses, (2) creating, for each rule, a rule evaluation job that directs a rule evaluation processor to evaluate the data object according to the clauses within the rule, where the rule evaluation processor evaluates the clauses in increasing order of estimated processing time, (3) submitting the rule evaluation jobs created for the rules to rule evaluation queues for processing by the rule evaluation processor, where the rule evaluation jobs are submitted in decreasing order of estimated processing time, (4) receiving an evaluation result for each rule evaluation job, and (5) in response to receiving the evaluation results, classifying the data object according to the evaluation results. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: December 30, 2015Date of Patent: July 7, 2020Assignee: Veritas Technologies LLCInventor: Huw Thomas
-
Patent number: 10701031Abstract: Examples relate to identifying algorithmically generated domains. In one example, a computing device may: receive a query domain name; split the query domain name into an ordered plurality of portions of the query domain name, the ordered plurality of portions beginning with a first portion and ending with a last portion, the last portion including a top level domain of the query domain name; provide, in reverse order beginning with the last portion, the portions of the query domain name as input to a predictive model that has been trained to determine whether the query domain name is an algorithmically generated domain name, the determination being based on syntactic features of the query domain name; and receive, as output from the predictive model, data indicating whether the query domain name is algorithmically generated.Type: GrantFiled: November 16, 2017Date of Patent: June 30, 2020Assignee: Trend Micro IncorporatedInventors: Josiah Dede Hagen, Richard Lawshae, Brandon Niemczyk
-
Patent number: 10693891Abstract: A method includes, in response to receiving an email message, detecting one or more artifacts within an email message, wherein each of the artifacts is associated with a payload; for each artifact, generating, a descriptor object representing the artifact that does not include the payload, so that the processor is prevented from accessing the payload via the descriptor object; and at least one payload button based on the payload associated with the artifact for causing the payload to be transmitted to an external system for analysis of the payload; and presenting an artifact dashboard in a graphical user interface (GUI) rendered on a display of the email security system, the artifact dashboard displaying, for each artifact, the descriptor object representing the artifact and the at least one payload button based on the payload associated with the artifact.Type: GrantFiled: December 6, 2017Date of Patent: June 23, 2020Assignee: Chicago Mercantile Exchange Inc.Inventors: Thomas Anthony Kemp, Metin Carlo DePaolis, William Robert Gemza, Jr., Ryan Jerome Whalen
-
Patent number: 10686820Abstract: A method for evaluating a scope of cyber-attack incidents, the method may include detecting original compromised assets and malicious external machines that are related to each of the cyber-attack incidents; classifying potentially compromised assets to different classes based on (a) similarities between the potentially compromised assets and the original compromised assets, (b) a level of accessibility from the original compromised assets and malicious external machines to the potentially compromised assets, and (c) volumes of traffic between the potentially compromised assets and each one of the malicious external machines and the original compromised assets; wherein the different classes comprise compromised and non-compromised; and generating an alert that is indicative of the compromised assets and of potentially compromised assets that were classified as compromised.Type: GrantFiled: June 28, 2017Date of Patent: June 16, 2020Assignee: SKYBOX SECURITY LtdInventors: Tal Sheffer, Ravid Circus, Moshe Raab, Lior Ben Naon, Gideon David Cohen
-
Patent number: 10686817Abstract: Examples determine a number of hosts, within an enterprise, which are resolving a particular domain. Based on the number of hosts within the enterprise resolving the particular domain, the examples identify whether the particular domain is benign.Type: GrantFiled: September 21, 2015Date of Patent: June 16, 2020Assignee: Hewlett Packard Enterprise Development LPInventors: Prasad V. Rao, Sandeep N. Bhatt, William G. Horne, Pratyusa K. Manadhata, Miranda Jane Felicity Mowbray
-
Patent number: 10685293Abstract: To analyze cybersecurity threats, an analysis module of a processor may receive log data from at least one network node. The analysis module may identify at least one statistical outlier within the log data. The analysis module may determine that the at least one statistical outlier represents a cybersecurity threat by applying at least one machine learning algorithm to the at least one statistical outlier.Type: GrantFiled: January 20, 2017Date of Patent: June 16, 2020Assignee: CYBRAICS, INC.Inventors: Richard Edwin Heimann, Jonathan Lee Ticknor, Amanda Lynn Traud, Marshall Thomas Vandergrift, Kaska Adoteye, Jesse Pruitt Jeter, Michael Toru Czerny
-
Patent number: 10684876Abstract: Exemplary embodiments described herein relate to a destination path for use with multiple different types of VMs, and techniques for using the destination path to convert, copy, or move data objects stored in one type of VM to another type of VM. The destination path represents a standardized (canonical) way to refer to VM objects from a proprietary VM. A destination location may be specified using the canonical destination path, and the location may be converted into a hypervisor-specific destination location. A source data object may be copied or moved to the destination location using a hypervisor-agnostic path.Type: GrantFiled: September 30, 2015Date of Patent: June 16, 2020Assignee: NETAPP, INC.Inventors: Sung Ryu, Shweta Behere, Jeffrey Teehan
-
Patent number: 10686596Abstract: An interface, through which functionality of a cloud computing infrastructure can be accessed, can create defined endpoints through which such an interface is accessed, with such defined endpoints limiting the functionality accessible through the interface to only allowed functions. An elevate function can, through a secure key exchange protocol, receive appropriate assurances and can, in response, remove the functionality limitations of the endpoint, thereby enabling unfettered access to the cloud computing infrastructure. Such unrestricted access can be limited in duration, which duration can be established in advance, or agreed-upon through the key exchange mechanism.Type: GrantFiled: March 2, 2018Date of Patent: June 16, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Armando Moran Saavedra, Daniel Pravat, Filippo Seracini, Lee Holmes, Alexandru Naparu
-
Patent number: 10678922Abstract: The subject matter described herein provides protection against zero-day attacks by detecting, via a hypervisor maintaining an extended page table, an attempt to execute arbitrary code associated with malware in a guest operation system (OS) running within a virtual machine (VM). Further, the subject matter provides detection of lateral movement of the malware. The hypervisor uses hidden breakpoints to detect a request for thread creation, and then determines whether the request is to download and execute arbitrary code.Type: GrantFiled: February 16, 2018Date of Patent: June 9, 2020Assignee: NICIRA, INC.Inventor: Prasad Dabak
-
Patent number: 10673872Abstract: A threat level is evaluated for an ongoing attack detected for a set of resources based on received notifications having low weight in the evaluation of the threat level. If the threat level is smaller than an entrapment threshold, sensors associated with resources of an information system infrastructure that are potential subsequent targets of the ongoing attack are activated, the weight of the notifications sent from the activated sensors are set as average weight in the evaluation of the threat level, and the threat level is further evaluated for the ongoing attack. If the threat level is greater than the entrapment threshold, traps are deployed in the information system infrastructure, the weight of the notifications sent from the deployed traps are set as high weight in the evaluation of the threat level, and the threat level is further evaluated for the ongoing attack.Type: GrantFiled: November 7, 2016Date of Patent: June 2, 2020Assignee: ALCATEL LUCENTInventors: Serge Papillon, Haithem El Abed, Antony Martin