Virus Detection Patents (Class 726/24)
-
Patent number: 10673902Abstract: Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth.Type: GrantFiled: April 26, 2018Date of Patent: June 2, 2020Assignee: Sophos LimitedInventors: Andrew J. Thomas, Mark D. Harris, Simon Neil Reed, Neil Robert Tyndale Watkiss, Kenneth D. Ray
-
Patent number: 10673892Abstract: Intrusion features of a landing page associated with sponsored content are identified. A feature score for the landing page based on the identified intrusion features is generated, and if the feature score for the landing page exceeds a feature threshold, the landing page is classified as a candidate landing page. A sponsor account associated with the candidate landing page can be suspended, or sponsored content associated with the candidate landing page can be suspended.Type: GrantFiled: December 28, 2016Date of Patent: June 2, 2020Assignee: Google LLCInventors: Niels Provos, Yunkai Zhou, Clayton W. Bavor, Jr., Eric L. Davis, Mark Palatucci, Kamal P. Nigam, Christopher K. Monson, Panayiotis Mavrommatis, Rachel Nakauchi
-
Patent number: 10666668Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.Type: GrantFiled: January 28, 2019Date of Patent: May 26, 2020Assignee: Splunk Inc.Inventors: Sudhakar Muddu, Christos Tryfonas
-
Patent number: 10657252Abstract: A method for analyzing a document may include obtaining a runtime model for an application used to process the document, extracting, from the document, code blocks each including statements, and generating, using the runtime model, a result including a series of abstract states for each statement of a code block. Each abstract state may include a series of abstract values each corresponding to concrete values. The method may further include determining, using the result and the runtime model, whether the document includes potentially malicious code.Type: GrantFiled: November 28, 2017Date of Patent: May 19, 2020Assignee: Oracle International CorporationInventors: Alexander W. Jordan, Francois Gauthier
-
Patent number: 10657251Abstract: A malware detection system configured to detect suspiciousness in obfuscated content. A multi-stage static detection logic is utilized to detect obfuscation, make the obfuscated content accessible, identify suspiciousness in the accessible content and filter non-suspicious non-obfuscated content from further analysis. The multi-stage static detection logic includes a controller, a de-constructor, and a post-processor. The controller is configured to receive content while the de-constructor configured to receive content from the controller and deconstruct the content using the analysis technique selected by the controller. The post-processor is configured to receive the de-constructed content from the de-constructor, determine whether a specimen within the de-constructed content is suspicious, and remove non-suspicious content from further analysis.Type: GrantFiled: June 26, 2017Date of Patent: May 19, 2020Assignee: FireEye, Inc.Inventors: Amit Malik, Shivani Deshpande, Abhishek Singh, Wei Zheng
-
Patent number: 10659432Abstract: A computing device can install and execute a kernel-level security agent that interacts with a remote security system as part of a detection loop aimed at defeating malware attacks. The kernel-level security agent can be installed with a firewall policy that can be remotely enabled by the remote security system in order to “contain” the computing device. Accordingly, when the computing device is being used, and a malware attack is detected on the computing device, the remote security system can send an instruction to contain the computing device, which causes the implementation, by an operating system (e.g., a Mac™ operating system) of the computing device, of the firewall policy accessible to the kernel-level security agent. Upon implementation and enforcement of the firewall policy, outgoing data packets from, and incoming data packets to, the computing device that would have been allowed prior to the implementation of the firewall policy are denied.Type: GrantFiled: July 6, 2017Date of Patent: May 19, 2020Assignee: CrowdStrike, Inc.Inventors: Paul Meyer, Cameron Gutman, John R. Kooker
-
Patent number: 10650146Abstract: An amount of data change associated with a version of a content file with respect to one or more previous versions of the content file is determined. The amount of change associated with the version of the content file is determined using a tree data structure associated with the content file that is stored on a storage cluster. One or more statistics associated with backup snapshot are provided to a server. The server is configured to determine that the amount of data change associated with the version of the content file is anomalous based in part on the one or more statistics associated with the backup snapshot. A notification that data associated with the backup snapshot is potentially infected by malicious software is received from the server. The version of the content file is indicated as being potentially infected by malicious software.Type: GrantFiled: April 1, 2019Date of Patent: May 12, 2020Assignee: Cohesity, Inc.Inventors: Prashant Gaurav, Sidharth Mishra, Karandeep Singh Chawla, Anubhav Gupta, Sudhir Srinivas, Nagapramod Mandagere, Apurv Gupta
-
Patent number: 10642977Abstract: Exception lists may be generated by combining a standard list and a client list. Standard benign file information identifying a set of standard benign files may be obtained. A set of standard signatures for the set of standard benign files may be obtained. Client benign file information identifying a set of client benign files for a client may be obtained. A set of client signatures for the set of client benign files for the client may be obtained. A client exception list for the client may be generated based on the set of standard signatures and the set of client signatures.Type: GrantFiled: December 17, 2018Date of Patent: May 5, 2020Assignee: DiDi Research America, LLCInventors: Liwei Ren, Qiaoyue Wang
-
Patent number: 10645124Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.Type: GrantFiled: February 17, 2017Date of Patent: May 5, 2020Assignee: SecureWorks Corp.Inventors: Ross R. Kinder, Aaron Hackworth, Matthew K. Geiger, Kevin R. Moore, Timothy M. Vidas, Oliver J. Palmer, Jon Ramsey, Matt J. McCormack
-
Patent number: 10645107Abstract: A network device may include a memory and one or more processors configured to analyze execution of suspicious data; detect one or more states of execution of the suspicious data; determine that the one or more states of execution are to be assigned a priority level; and extract at least a portion of the suspicious data from one or more locations based on determining that the one or more states of execution are to be assigned a priority level.Type: GrantFiled: January 16, 2018Date of Patent: May 5, 2020Assignee: Cyphort Inc.Inventors: Abhijit Mohanta, Anoop Wilbur Saldanha
-
Patent number: 10635815Abstract: Disclosed are an apparatus and method of verifying an application installation procedure. One example method of operation may include receiving an application at a computer device and initiating the installation of the application on the computer device. The method may also provide executing the application during the installation procedure and creating a hash value corresponding to the executed application data. The method may further provide storing the hash value in memory and comparing the hash value to a pre-stored hash value to determine whether to continue the installation of the application.Type: GrantFiled: March 26, 2019Date of Patent: April 28, 2020Assignee: OPEN INVENTION NETWORK LLCInventor: William Charles Easttom
-
Patent number: 10637877Abstract: At an electronic computing device, a first memory footprint is obtained for a protected computer. The protected computer is monitored with the electronic computing device. At the electronic computing device, a second memory footprint is obtained for the protected computer. The first memory footprint is compared with the second memory footprint. When the first memory footprint does not match the second memory footprint, a security alert is initiated for the protected computer.Type: GrantFiled: March 8, 2016Date of Patent: April 28, 2020Assignee: Wells Fargo Bank, N.A.Inventors: Ramanathan Ramanathan, Rama Rao Yadlapalli, Ajay Kumar Rentala, Vamsi Krishna Geda
-
Patent number: 10635813Abstract: In some embodiments, a method includes processing at least a portion of a received file into a first set of fragments and analyzing each fragment from the first set of fragments using a machine learning model to identify within each fragment first information potentially relevant to whether the file is malicious. The method includes forming a second set of fragments by combining adjacent fragments from the first set of fragments and analyzing each fragment from the second set of fragments using the machine learning model to identify second information potentially relevant to whether the file is malicious. The method includes identifying the file as malicious based on the first information within at least one fragment from the first set of fragments and the second information within at least one fragment from the second set of fragments. The method includes performing a remedial action based on identifying the file as malicious.Type: GrantFiled: October 6, 2017Date of Patent: April 28, 2020Assignee: Sophos LimitedInventors: Joshua Daniel Saxe, Richard Harang
-
Patent number: 10628602Abstract: Embodiments of the present disclosure include systems and methods for controlling modification of a data file that is accessed by multiple components of an application platform. The method for controlling modification of a data file includes: preparing a link constraint data that includes information of a data file and a component of an application platform, the component being associated with the data file; preparing an alert data that includes information of the data file and a person having a permission to modify the data file; responsive to an attempt of a user to modify the data file, retrieving the information of the component from the link constraint data and the information of the person from the alert data; and sending a notice of the attempt to at least one of the person and the user.Type: GrantFiled: December 28, 2015Date of Patent: April 21, 2020Assignee: QUEST SOFTWARE INC.Inventors: Lin Jun Qian, Ah Kioon Mary Cindy, Guoxiong Wu
-
Patent number: 10630574Abstract: Network link processing method, apparatus, and system are disclosed. For example, the method includes: generating an interface-invocation request carrying a target link, a number of bytes of the target link being greater than a preset threshold; sending the interface-invocation request to an open platform server; receiving a unique identifier string sent by the open platform server, a number of bytes of the unique identifier string being less than the preset threshold; and providing the unique identifier string to a client.Type: GrantFiled: June 12, 2017Date of Patent: April 21, 2020Assignee: Tencent Technology (Shenzhen) Company LimitedInventor: Hao Chen
-
Patent number: 10628589Abstract: Methods, systems, and computer readable media for preventing code reuse attacks are disclosed. According to one method, the method includes executing, on a processor, code in a memory page related to an application, wherein the memory page is protected. The method also includes detecting a read request associated with the code. The method further includes after detecting the read request, modifying, without using a hypervisor, at least one memory permission associated with the memory page such that the code is no longer executable after the code is read.Type: GrantFiled: January 23, 2017Date of Patent: April 21, 2020Assignees: THE UNIVERSITY OF NORTH CAROLINA AT CHAPEL HILL, THE RESEARCH FOUNDATION FOR THE STATE UNIVERSITY OF NEW YORKInventors: Jan Jakub Werner, Kevin Zachary Snow, Nathan Michael Otterness, Robert John Dallara, Georgios Baltas, Fabian Newman Monrose, Michalis Polychronakis
-
Patent number: 10628585Abstract: A system for protecting a database against a ransomware attack includes a database backup handler configured to selectively output database backup data associated with a database to a storage device. A ransomware detector is configured to monitor changes to the database and to detect data changes to the database resulting from a ransomware attack. A ransomware remediator communicates with the ransomware detector and the database backup handler and is configured to restore data in the database to a point prior to the ransomware attack based upon the backup data in the storage device.Type: GrantFiled: April 19, 2017Date of Patent: April 21, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Gal Tamir, Elad Iwanir, Avi Ben-Menahem
-
Patent number: 10621360Abstract: Mechanisms are provided for correlating security vulnerability detection across multiple applications. The mechanisms perform a security vulnerability analysis of first source code of a first application, and identify, based on results of the security vulnerability analysis, a security vulnerability in a first portion of the first source code. The mechanisms associate characteristics of the security vulnerability with the first portion, and correlate the characteristics of the security vulnerability with second source code of a second application based on the association of the characteristics of the security vulnerability with the first portion. In addition, the mechanisms generate an output to a computing device of a consumer or contributor associated with the second source code identifying a presence of the security vulnerability in the second source code based on the correlation.Type: GrantFiled: January 30, 2019Date of Patent: April 14, 2020Assignee: International Business Machines CorporationInventors: Elizabeth A. Holz, Iosif V. Onut, Joni E. Saylor, Hyun Kyu Seo, Ronald B. Williams
-
Patent number: 10621359Abstract: Mechanisms are provided for correlating security vulnerability detection across multiple applications. The mechanisms perform a security vulnerability analysis of first source code of a first application, and identify, based on results of the security vulnerability analysis, a security vulnerability in a first portion of the first source code. The mechanisms associate characteristics of the security vulnerability with the first portion, and correlate the characteristics of the security vulnerability with second source code of a second application based on the association of the characteristics of the security vulnerability with the first portion. In addition, the mechanisms generate an output to a computing device of a consumer or contributor associated with the second source code identifying a presence of the security vulnerability in the second source code based on the correlation.Type: GrantFiled: January 30, 2019Date of Patent: April 14, 2020Assignee: International Business Machines CorporationInventors: Elizabeth A. Holz, Iosif V. Onut, Joni E. Saylor, Hyun Kyu Seo, Ronald B. Williams
-
Patent number: 10621349Abstract: Data is analyzed using feature hashing to detect malware. A plurality of features in a feature set is hashed. The feature set is generated from a sample. The sample includes at least a portion of a file. Based on the hashing, one or more hashed features are indexed to generate an index vector. Each hashed feature corresponds to an index in the index vector. Using the index vector, a training dataset is generated. Using the training dataset, a machine learning model for identifying at least one file having a malicious code is trained.Type: GrantFiled: January 17, 2018Date of Patent: April 14, 2020Assignee: Cylance Inc.Inventor: Andrew Davis
-
Patent number: 10621179Abstract: One or more embodiments provide techniques for analyzing telemetry data. A telemetry agent collects streams of raw telemetry data from the web client. The telemetry data includes obfuscated strings. For each obfuscated string, a mapping program references a database associating the obfuscated string to attributes of a properties file of the web client. The attributes include at least the deobfuscated string corresponding to the obfuscated string. An analytics agent translates the streams of raw telemetry data to streams of modified telemetry data. The streams of modified telemetry data include deobfuscated string from the attributes corresponding to the properties file. The analytics agent analyzes the streams of modified telemetry data.Type: GrantFiled: July 18, 2017Date of Patent: April 14, 2020Assignee: VMWARE, INC.Inventors: Vasil Chomakov, Stanislav Hadjiiski
-
Patent number: 10623418Abstract: A method for implementing an Internet of Things security appliance is presented. The method may include intercepting a data packet sent from a server to a client computing device. The method may include performing a security check on the data packet using security modules. The method may include determining the data packet is not malicious based on the security check. The method may include determining a shadow tester to test the data packet based on a type associated with the client computing device. The method may include creating a virtualization environment of the client computing device using the shadow tester. The method may include analyzing behaviors associated with the data packet within the virtualization environment using detection modules. The method may include determining the behaviors do not violate a behavior policy associated with the client computing device. The method may include transmitting the data packet to the client computing device.Type: GrantFiled: September 12, 2018Date of Patent: April 14, 2020Assignee: International Business Machines CorporationInventors: KuoChun Chen, Sheng-Tung Hsu, Jia-Sian Jhang, Chun-Shuo Lin
-
Patent number: 10621361Abstract: Mechanisms are provided for correlating security vulnerability detection across multiple applications. The mechanisms perform a security vulnerability analysis of first source code of a first application, and identify, based on results of the security vulnerability analysis, a security vulnerability in a first portion of the first source code. The mechanisms associate characteristics of the security vulnerability with the first portion, and correlate the characteristics of the security vulnerability with second source code of a second application based on the association of the characteristics of the security vulnerability with the first portion. In addition, the mechanisms generate an output to a computing device of a consumer or contributor associated with the second source code identifying a presence of the security vulnerability in the second source code based on the correlation.Type: GrantFiled: January 30, 2019Date of Patent: April 14, 2020Assignee: International Business Machines CorporationInventors: Elizabeth A. Holz, Iosif V. Onut, Joni E. Saylor, Hyun Kyu Seo, Ronald B. Williams
-
Patent number: 10621339Abstract: A monitor apparatus, method, and non-transitory computer readable storage medium thereof are provided. The monitor method is adapted for an electronic computing apparatus, wherein the electronic computing apparatus stores a smart contract and a blockchain ledger of a blockchain system. The monitor method periodically executes the following steps: (a) obtaining a piece of behavior information of a first electronic apparatus at a time point, (b) retrieving, via the smart contract, a plurality of pieces of previous behavior information within a time interval from the blockchain ledger, wherein the time interval is defined by the time point, and each piece of previous behavior information corresponds to one of a plurality of second electronic apparatuses and the first electronic apparatus, (c) determining a legality of the piece of behavior information according to the pieces of previous behavior information, and (d) writing the behavior information into the blockchain ledger.Type: GrantFiled: December 12, 2017Date of Patent: April 14, 2020Assignee: Institute For Information IndustryInventors: Jian-Wei Liao, Chin-Wei Tien, Chia-Kang Ho
-
Patent number: 10614210Abstract: Provided herein are systems and methods for protecting data from injected malware. In some embodiments, a virtual memory validator may execute in user mode memory space on a computing device. The virtual memory validator may monitor an execution stack of an executing thread of a process. The virtual memory validator may identify a memory address referenced in the execution stack, responsive to the process attempting to access a protected resource. The virtual memory validator may determine that the memory address refers to a memory region that is designated as executable. The virtual memory validator may determine that the memory address is outside memory regions identified in a memory range map. The virtual memory validator may, responsive to the determination, identify the process as a potential malware process.Type: GrantFiled: July 29, 2016Date of Patent: April 7, 2020Assignee: Digital Guardian, Inc.Inventor: Dwayne A. Carson
-
Patent number: 10614222Abstract: Systems, devices, and methods of an automatic attack testing framework for the security testing of an operational service are disclosed. In an example, such systems, devices, and methods may include operations that: deploy command instructions and a payload for a bot process to a computing device located within a target infrastructure, with the command instructions being selected based on criteria to test a security feature in the target infrastructure with an automated attack action in the bot process, and with the bot process being executed on the computing device and being started with use of the command instructions and the payload; communicate with the computing device to control the automated attack action within the target infrastructure, such that the automated attack action is performed within the bot process; and obtain results of the automated attack action performed within the bot process from the computing device.Type: GrantFiled: February 21, 2017Date of Patent: April 7, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Benjamin J. Godard, Art Sadovsky, Travis W. Rhodes, David A. Marshall, Richard A. Lundeen
-
Patent number: 10606991Abstract: A user-centric cyber security system, comprising: a plurality of DAAs (Data Acquisition Agents) configured to collect data from a plurality of user's OSPs (Online Service Providers) and from a plurality of user devices; and a system server communicating with said plurality of DAAs, said system server configured to receive said collected data from said plurality of DAAs, analyze said data for threats to said user, alert said user accordingly, receiving feedback from said user regarding said alert and improve said threat analysis using said user's feedback.Type: GrantFiled: May 29, 2017Date of Patent: March 31, 2020Assignee: Logdog Information Security Ltd.Inventors: Uri Brison, Shlomi Cohen, Alon Keren, Omri Topol
-
Patent number: 10601846Abstract: Methods and systems for neutralizing malicious locators. Threat actors may shut down their web pages or applications (i.e., resources) that serve malicious content upon receiving request(s) configured to be perceived by the resource as non-browser requests. Therefore, initiating (large-scale) non-browser requests, or requests that are at least perceived as non-browser requests, may effectively act to inhibit, or even nullify, intended attack vectors.Type: GrantFiled: December 31, 2018Date of Patent: March 24, 2020Assignee: Rapid7, Inc.Inventors: Roy Hodgman, Aditya Kuppa, Suchin Gururangan, Andrew Reece
-
Patent number: 10601857Abstract: A method and system of identifying technical experts for an identified vulnerability is provided. One or more technical experts for each of one or more categories of the vulnerability are identified. Questions are sent to and answers are received from the one or more identified technical experts for each of the one or more categories of vulnerabilities, via a chatbot module. Answers to parameters that are missing for a Common Vulnerability Scoring System (CVSS) for the identified vulnerability are determined from the received answers to the parameters. The answers to the parameters are validated and a CVSS score is calculated based on the validated determined answers.Type: GrantFiled: November 28, 2017Date of Patent: March 24, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Muhammed Fatih Bulut, Lisa Chavez, Jinho Hwang, Virginia Mayo, Maja Vukovic, Sai Zeng
-
Patent number: 10602023Abstract: A document state management system includes circuitry configured to receive registration of a document, and a memory to store first information and second information. The first information retains identification information of the document in association with a document state relating to the document. The second information retains tracing data for tracing the document state of the document in association with the identification information of the document. The circuitry records the tracing data in a medium and output the medium. The circuitry acquires the tracing data from the medium. The circuitry acquires, from the second information, the identification information of the document associated with the tracing data acquired from the medium. The circuitry acquires, from the first information, the document state of the document associated with the identification information of the document acquired from the second information. The circuitry outputs the document state acquired from the first information.Type: GrantFiled: October 5, 2018Date of Patent: March 24, 2020Assignee: Ricoh Company, Ltd.Inventor: Takao Okamura
-
Patent number: 10594728Abstract: Detecting a Domain Name Service (DNS) hijacking includes resolving names in a hijack target group list to their respective Internet Protocol (IP) addresses. In response to determining that two names in the hijack target group list resolved to a common IP address, a determination is made whether a legitimate reason exists for the two names in the hijack target group list to resolve to the common IP address. In response to determining that a legitimate reason does not exist for the two names in the hijack target group list to resolve to a common IP address, a DNS hijacking is indicated.Type: GrantFiled: June 29, 2017Date of Patent: March 17, 2020Assignee: AVAST SOFTWARE S.R.O.Inventors: Dmitriy Kuznetsov, Martin Smarda, Pavel Sramek
-
Patent number: 10594720Abstract: A security control point (SCP) that protects target computing system is tested in-place and while active. The approach is initiated the SCP receiving and processing one or more “simulated” communication flows. To this end, a test initiator system is configured to generate and transmit communication flows to the SCP being tested. The SCP extracts the encapsulated flow, and then processes that flow through one or more of the SCP's configured protection mechanisms. Thus, the SCP processes the simulated communication flow as though it were a real session, and thus to determine what actions, if any, should be taken with respect to that flow. After processing, the simulated session traffic is shunted or otherwise diverted away from the target computing system. The results of the SCP's processing, however, are output to other systems (e.g., logging or alerting mechanisms), or they are returned to the test initiation system, e.g., for correlation, reporting, and the like.Type: GrantFiled: November 3, 2017Date of Patent: March 17, 2020Assignee: International Business Machines CorporationInventors: Ivan Dell'Era, Kevin R. O'Connor, William J. Rippon
-
Patent number: 10594707Abstract: The disclosure relates to detection of malicious network communications. In one embodiment, a method for identifying malicious encrypted network traffic associated with a malware software component communicating via a network is disclosed. The method includes training a neural network based on images for extracted portions of network traffic such that subsequent network traffic can be classified by the neural network to identify malicious network traffic associated with malware based on an image generated to represent a defined portion of the subsequent network traffic.Type: GrantFiled: March 15, 2016Date of Patent: March 17, 2020Assignee: British Telecommunications Public Limited CompanyInventors: Fadi El-Moussa, Ben Azvine, George Kallos
-
Patent number: 10587576Abstract: The present disclosure combines Software Defined Networks (SDN) concepts with Security concepts. The coordination between SDN and Security provides a myriad of advantageous use cases. One exemplary use case involves providing a fast path at network speeds using SDN by routing network traffic to bypass a security appliance once the security appliance determines that the security appliance no longer needs to inspect the network traffic. Another exemplary use case involves remote provisioning of security zones.Type: GrantFiled: December 10, 2013Date of Patent: March 10, 2020Assignee: McAfee, LLCInventors: Geoffrey Howard Cooper, John Richard Guzik
-
Patent number: 10567414Abstract: Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s) operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.Type: GrantFiled: January 17, 2019Date of Patent: February 18, 2020Assignee: George Mason Research Foundation, Inc.Inventors: Anup Ghosh, Yih Huang, Jiang Wang, Angelos Stavrou
-
Patent number: 10565470Abstract: A user interface (UI)-level clone detection method, system, and computer program product, include running applications from an application database to obtain a screenshot of each of the applications, comparing a first object of a first screenshot of a first application with a second object from a second screenshot of a second application to determine a similarity between the first object and the second object, and analyzing a code for each of the first object and the second object when the similarity is greater than a predetermined threshold value to identify a same-functionality code.Type: GrantFiled: December 15, 2017Date of Patent: February 18, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Peng Liu, Marco Pistoia, Omer Tripp
-
Patent number: 10565186Abstract: Methods and systems for query resolution through graphical user interfaces are disclosed. In one aspect, a system is disclosed that includes a processor and data storage including instructions that, when executed by the processor, cause the system to perform operations. The operations include receiving a query requesting resolution of inconsistent data; based on the query, creating an instance in a queue, where the instance identifies a priority and a task for the query; based on the priority, selecting the query from the queue and initiating resolution of the inconsistent data by generating a graphical user interface to accomplish the task; while accomplishing the task, generating each of (i) a documentation documenting the inconsistent data and the task and (ii) a resolution resolving the inconsistent data; storing the documentation; and publishing the resolution.Type: GrantFiled: January 3, 2019Date of Patent: February 18, 2020Assignee: Capital One Services, LLCInventors: Veena Yelamanchili, Sriram Srinivasan, Janagaraj Ragupathy, Dinesh Vajala, Brittany Courtney
-
Patent number: 10565369Abstract: In one aspect of the present description, operations are described for detecting whether programming code of a first computer program has been modified by a second computer program. In one embodiment, the modification detecting includes registering a first section of programming code of the first computer program in a first registry data structure. To detect a modification, the registered first section of programming code may be validated. In one embodiment, the validating includes comparing the section of programming code actually located at the first memory address to the registered first section of programming code. In another aspect, various selectable remedial actions may be taken upon detecting modification of programming code of the first computer program. Other features and aspects may be realized, depending upon the particular application.Type: GrantFiled: March 6, 2018Date of Patent: February 18, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Philip R. Chauvet, Joseph V. Malinowski, David C. Reed, Max D. Smith
-
Patent number: 10558800Abstract: Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth.Type: GrantFiled: May 3, 2018Date of Patent: February 11, 2020Assignee: Sophos LimitedInventors: Kenneth D. Ray, Daniel Salvatore Schiappa, Simon Neil Reed, Mark D. Harris, Neil Robert Tyndale Watkiss, Andrew J. Thomas, Robert W. Cook, Harald Schütz, John Edward Tyrone Shaw, Anthony John Merry
-
Patent number: 10560483Abstract: A system for cybersecurity rating using active and passive external reconnaissance, that uses a web crawler that sends message prompts to external hosts and receives responses from external hosts, a time-series data store that produces time-series data from the message responses, and a directed computational graph module that analyzes the time-series data to produce a weighted score representing the overall cybersecurity state of an organization.Type: GrantFiled: November 27, 2017Date of Patent: February 11, 2020Assignee: QOMPLX, INC.Inventors: Jason Crabtree, Andrew Sellers
-
Patent number: 10554639Abstract: Systems and methods are disclosed for managing the resetting of online identities or accounts of users of Internet web pages. One method includes: receiving, through an electronic device, a request to reset login information to access a web page associated with the user's online account; determining that an IP address associated with the request is not identified as being suspicious; receiving user data intrinsic to the user's request; automatically verifying two or more values of the data intrinsic to the user's request as being indicative of a level of trust of the identity of the user; and transmitting, to the user over the Internet, a subset of options to reset the login information, the subset being selected based on the level of trust.Type: GrantFiled: October 22, 2018Date of Patent: February 4, 2020Assignee: Oath Inc.Inventor: Lachlan A. Maxwell
-
Patent number: 10554593Abstract: A system and method for message analysis, including: receiving, from a client device, a reporting request identifying a first broadcasted message authored by a context account of a messaging platform; identifying, by a computer processor, engagement data corresponding to engagement with the first broadcasted message by a set of engaging accounts of the messaging platform that engaged with the first broadcasted message; generating, using the engagement data and by the computer processor, propagation data representing propagation of the first broadcasted message in a connection graph of the messaging platform; and providing the propagation data for the client device in response to the reporting request, where the client device is operable to display a visual representation of the propagation data.Type: GrantFiled: December 29, 2017Date of Patent: February 4, 2020Assignee: Twitter, Inc.Inventors: Aditya Krishna Naganath, Erik Steven Froese
-
Patent number: 10552624Abstract: A sending processing environment establishes a connection with a receiving processing environment for purposes of providing data during a communication session from the sending environment to the receiving environment. The communication session is monitored and the data being sent is intercepted. The data is rendered from a first format that the data was sent in into an innocuous format that is incapable of being executed on any computing device. The data in the innocuous format is then provided to the receiving environment where the data can only be viewed.Type: GrantFiled: June 24, 2016Date of Patent: February 4, 2020Assignee: XATTIC, Inc.Inventor: Roman Kagarlitsky
-
Patent number: 10547618Abstract: Disclosed are a method and an apparatus for setting an access privilege. The method includes: acquiring Internet Protocol (IP) addresses having a access frequency to a target application greater than or equal to a frequency threshold, selecting IP addresses accessing more than one applications per time unit from the IP addresses as to-be-processed IP addresses to generate a to-be-processed IP address set; acquiring access information, related to an access of a target application, of the to-be-processed IP address; acquiring a plurality of target IP addresses in the to-be-processed IP address set based on the access information, determining a probability of access through a gateway by a terminal pointed by each target IP address; and selecting a preset proportion or a preset number of target IP addresses from the plurality of target IP addresses in a descending order of the probability to set the access privilege.Type: GrantFiled: October 4, 2017Date of Patent: January 28, 2020Assignee: BEIJING BAIDU NETCOM SCIENCE AND TECHNOLOGY CO., LTD.Inventors: Miao Zhang, Xin Li, Guang Yao, Jiyang Zhang, Heyi Tang, Gongwei Wu
-
Patent number: 10546131Abstract: A system for securing electronic devices includes a processor, a storage medium communicatively coupled to the processor, and a monitoring application comprising computer-executable instructions on the medium. The instructions are readable by the processor. The monitoring application is configured to receive an indication that a client has been affected by malware, cause the client to boot from a trusted operating system image, cause a launch of a secured security application on the client from a trusted application image, and analyze a malware status of the client through the secured security application.Type: GrantFiled: April 1, 2016Date of Patent: January 28, 2020Assignee: McAfee, LLCInventors: Dmitri Rubakha, Francisco M. Cuenca-Acuna, Hector R. Juarez, Leandro I. Costantino
-
Patent number: 10542015Abstract: An automated method for processing security events in association with a cybersecurity knowledge graph. The method begins upon receipt of information from a security system representing an offense. An initial offense context graph is built based in part on context data about the offense. The graph also activity nodes connected to a root node; at least one activity node includes an observable. The root node and its one or more activity nodes represent a context for the offense. The knowledge graph, and potentially other data sources, are then explored to further refine the initial graph to generate a refined graph that is then provided to an analyst for further review and analysis. Knowledge graph exploration involves locating the observables and their connections in the knowledge graph, determining that they are associated with known malicious entities, and then building subgraphs that are then merged into the initial graph.Type: GrantFiled: August 15, 2016Date of Patent: January 21, 2020Assignee: International Business Machines CorporationInventors: William Alexander Bird, Suzanne Carol Deffeyes, Jiyong Jang, Dhilung Kirat, Youngja Park, Josyula R. Rao, Marc Philippe Stoecklin
-
Patent number: 10534914Abstract: A vulnerability finding device has a vulnerability extracting unit, a normalization processing unit, and a matching unit. The vulnerability extracting unit extracts a first program code corresponding to a vulnerable part of software. The normalization processing unit performs normalization of a parameter included in the first program code extracted by the vulnerability extracting unit and a second program code of software to be inspected for a vulnerable part. The matching unit performs matching between the first program code after the normalization and the second program code after the normalization, and detects a program code, which is a program code that is the same as or similar to the first program code, from the second program code.Type: GrantFiled: July 30, 2015Date of Patent: January 14, 2020Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Asuka Nakajima, Makoto Iwamura, Takeo Hariu
-
Patent number: 10530795Abstract: Aspects of the present disclosure describe systems and methods for rapidly detecting threats or other security breaches in enterprise networks. In particular, all enterprise network communications may be monitored to detect anomalous events. In one example, each event log in a collection of event logs may be evaluated, wherein an event log having one or more features is monitored and identified as being anomalous based on identifying one or more anomalous features therein. Anomalous features are identified as being anomalous based on the existence of one or more features in the event log that deviate from characteristic contextual features. Rules or models may thereafter applied to each event log containing the anomalous feature.Type: GrantFiled: July 14, 2017Date of Patent: January 7, 2020Assignee: Target Brands, Inc.Inventors: Amit Pande, Vishal Ahuja
-
Patent number: 10516688Abstract: An anti-ransomware system protects data in cloud storage of a cloud services provider against a ransomware attack. A backup handler is configured to at least one of: selectively retrieve backup data generated by the cloud services provider from the cloud storage; and selectively generate backup data based on the data in the cloud storage and output the backup data to a storage device. A ransomware detector is configured to detect data changes to the data resulting from a ransomware attack. A ransomware remediator communicates with the ransomware detector and the backup handler and is configured to restore the data to a state prior to the ransomware attack based upon the backup data.Type: GrantFiled: December 4, 2017Date of Patent: December 24, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Gal Tamir, Elad Iwanir
-
Patent number: 10515213Abstract: Described herein are various technologies pertaining detecting malware by monitoring execution of an instrumented process. An anti-malware engine can observe code obfuscation, suspicious patterns and/or behavior upon scanning a computer file. Based upon this observation, evidence can be submitted to a service (e.g., cloud-based service) and, in response, configuration setting(s) for restraining, containing and/or instrumenting a process for executing the file and/or instrumenting a process into which the file is loaded can be received. The configured process can be monitored. Based upon this monitoring, an action can be taken including determining the file to comprise malware and terminating the process. Upon detecting malware, a detection report, and a copy of the computer file, can be sent to a service (e.g., cloud-based). The service can independently verify that the reported file is malicious, and can protect other machines from executing or loading the same malicious file.Type: GrantFiled: August 27, 2016Date of Patent: December 24, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Adrian Emil Stepan, Adrian M. Marinescu