Patents Assigned to ACER CYBER SECURITY INCORPORATED
  • Publication number: 20210136099
    Abstract: An abnormal traffic detection method is provided according to an embodiment of the disclosure. The method includes: obtaining network traffic data of a target device; sampling the network traffic data by a sampling window with a time length to obtain sampling data; generating, according to the sampling data, an image which presents a traffic feature of the network traffic data corresponding to the time length; and analyzing the image to generate evaluation information corresponding to an abnormal traffic. In addition, an abnormal traffic detection device is also provided according to an embodiment of the disclosure to improve a detection ability and/or an analysis ability for the abnormal traffic and/or a malware.
    Type: Application
    Filed: September 8, 2020
    Publication date: May 6, 2021
    Applicant: Acer Cyber Security Incorporated
    Inventors: Ming-Kung Sun, Tsung-Yu Ho, Zong-Cyuan Jhang, Chiung-Ying Huang
  • Patent number: 10931714
    Abstract: The disclosure provides a domain name recognition method and a domain name recognition device. The domain name recognition method includes the following steps. A first string of a first domain name and a second string of a second domain name are obtained. Multiple characters of the first string and the second string are classified into multiple clusters. Multiple vectors corresponding to the clusters are generated, wherein each of the characters corresponds to one of the vectors. A first vector set corresponding to the first string and a second vector set corresponding to the second string are generated. A similarity of the first vector set and the second vector set is calculated.
    Type: Grant
    Filed: May 14, 2019
    Date of Patent: February 23, 2021
    Assignee: Acer Cyber Security Incorporated
    Inventors: Pin-Cyuan Lin, Yu-Chun Wu, Ming-Kung Sun, Zong-Cyuan Jhang, Yi-Chung Tseng, Chiung-Ying Huang
  • Publication number: 20200220897
    Abstract: The disclosure provides a domain name recognition method and a domain name recognition device. The domain name recognition method includes the following steps. A first string of a first domain name and a second string of a second domain name are obtained. Multiple characters of the first string and the second string are classified into multiple clusters. Multiple vectors corresponding to the clusters are generated, wherein each of the characters corresponds to one of the vectors. A first vector set corresponding to the first string and a second vector set corresponding to the second string are generated. A similarity of the first vector set and the second vector set is calculated.
    Type: Application
    Filed: May 14, 2019
    Publication date: July 9, 2020
    Applicant: Acer Cyber Security Incorporated
    Inventors: Pin-Cyuan Lin, Yu-Chun Wu, Ming-Kung Sun, Zong-Cyuan Jhang, Yi-Chung Tseng, Chiung-Ying Huang
  • Publication number: 20200134504
    Abstract: A system of training behavior labeling model is provided. Specifically, a processing unit inputs each data of a training data set into a plurality of learning modules to establish a plurality of labeling models. The processing unit obtains a plurality of second labeling information corresponding to each data of a verification data set and generates a behavior labeling result according to the second labeling information corresponding to each data of the verification data set. The processing unit obtains a labeling change value according to the behavior labeling result and first labeling information corresponding to each data of the verification data set. The processing unit, if determining that the labeling change value is greater than a change threshold, updates the first labeling information according to the behavior labeling results, exchanges the training data set and the verification data set and reestablishes the labeling models.
    Type: Application
    Filed: February 26, 2019
    Publication date: April 30, 2020
    Applicant: Acer Cyber Security Incorporated
    Inventors: Chun-Hsien Li, Yin-Hsong Hsu, Chien-Hung Li, Tsung-Hsien Tsai, Chiung-Ying Huang, Ming-Kung Sun, Zong-Cyuan Jhang
  • Publication number: 20200112575
    Abstract: The disclosure provides a method for evaluating domain name and a server using the same method. The method includes: retrieving a raw domain name and dividing the raw domain name into a plurality of parts; retrieving a specific part of the parts, wherein the specific part include characters; encoding the characters into encoded data; padding the encoded data to a specific length; projecting the encoded data being padded as embedded vectors; sequentially inputting the embedded vectors to a plurality cells of a long short term memory model to generate a result vector; and converting the result vector to a prediction probability via a fully-connected layer and a specific function.
    Type: Application
    Filed: January 8, 2019
    Publication date: April 9, 2020
    Applicant: Acer Cyber Security Incorporated
    Inventors: Pin-Cyuan Lin, Jun-Mein Wu, Yu-Chun Wu, Ming-Kung Sun, Zong-Cyuan Jhang, Yi-Chung Tseng, Chiung-Ying Huang
  • Publication number: 20200110689
    Abstract: A method for detecting abnormality adapted to detect abnormal operations of an operating system is provided. The method includes: calculating a safe range of usage of the operating system during one or more time periods according to a historical data stream; calculating abnormal ratios corresponding to the one or more time periods according to a current data stream and the safe range of usage; selecting one or more abnormal time periods from the one or more time periods according to a threshold and the abnormal ratios; calculating an abnormal indicator for each of the one or more abnormal time periods according to the historical data stream and the current data stream; and ranking the one or more abnormal time periods according to the abnormal indicator(s).
    Type: Application
    Filed: February 21, 2019
    Publication date: April 9, 2020
    Applicant: Acer Cyber Security Incorporated
    Inventors: Chun-Hsien Li, Chien-Hung Li, Jun-Mein Wu, Ming-Kung Sun, Zong-Cyuan Jhang, Yin-Hsong Hsu, Chiung-Ying Huang, Tsung-Hsien Tsai
  • Patent number: 10579798
    Abstract: An electronic device and a method for detecting a malicious file are provided. The method includes the following steps: An executable file is searched, and an import table is extracted from the executable file. The import table includes at least a name of a first DDL and a name of a second DDL. A distance between the first DLL and the second DLL is calculated. Whether the distance exceeds a threshold is determined. If the distance exceeds the threshold, then whether a duplicate content of the import table exists in the executable file is checked. The executable file is regarded as a malicious file if the duplicate content of the import table exists in the executable file.
    Type: Grant
    Filed: August 15, 2017
    Date of Patent: March 3, 2020
    Assignee: ACER CYBER SECURITY INCORPORATED
    Inventors: Ming-Kung Sun, Chiung-Ying Huang, Tung-Lin Tsai, Gu-Hsin Lai, Chia-Mei Chen, Tzu-Ching Chang