Patents Assigned to AO Kaspersky Lab
-
Patent number: 12086236Abstract: Disclosed herein are systems and methods for identifying a cryptor that encodes files of a computer system. An exemplary method comprises, identifying one or more files into which a data entry is performed by a suspect process; for each identified file, determining characteristics of the identified file, identifying classes of file modifications using a trained machine learning model and respective characteristics of the identified file, identifying a suspect process as being associated with the cryptor based on the identified classes of file modification of the file, and protecting the computer system from the cryptor.Type: GrantFiled: May 14, 2021Date of Patent: September 10, 2024Assignee: AO Kaspersky LabInventors: Evgeny I. Lopatin, Dmitry A. Kondratyev
-
Patent number: 12079286Abstract: Disclosed herein are systems and methods for selection of a model to describe a user. In one aspect, an exemplary method comprises, creating data on preferences of the user based on previously gathered data on usage of a computing device by the user and a base model that describes the user, wherein the base model is previously selected from a database of models including a plurality of models, determining an accuracy of the data created on the preferences of the user, wherein the determination is based on observed behaviors of the user, when the accuracy of the data is determined as being less than a predetermined threshold value, selecting a correcting model related to the base model, and retraining the base model, and when the accuracy of the data is determined as being greater than or equal to the predetermined threshold value, selecting the base model to describe the user.Type: GrantFiled: December 14, 2020Date of Patent: September 3, 2024Assignee: AO KASPERSKY LABInventors: Andrey A. Efremov, Pavel V. Filonov
-
Patent number: 12039047Abstract: Systems and methods for detecting malicious activity in a computer system. One or more graphs can be generated based on information objects about the computer system and relationships between the information objects, where the information objects are vertices in the graphs and the relationships are edges in the graphs. Comparison of generated graphs to existing graphs can determine a likelihood of malicious activity.Type: GrantFiled: October 21, 2021Date of Patent: July 16, 2024Assignee: AO KASPERSKY LABInventors: Igor I. Soumenkov, Sergey Y. Golovanov
-
Patent number: 12026211Abstract: Disclosed herein are systems and methods for training a model to identify a user to a predetermined degree of reliability. In one aspect, an exemplary method comprises, parameterizing gathered data on behavior of a user in a form of a first vector, deriving a second vector from the first vector by removing noise and low-priority information from the first vector, providing the second vector to a training algorithm, and generating a trained model for the user, the generated trained model being different for each user such that only the trained model generated for the user satisfies the predetermined degree of reliability.Type: GrantFiled: April 3, 2023Date of Patent: July 2, 2024Assignee: AO Kaspersky LabInventors: Andrey A. Efremov, Pavel V. Filonov
-
Patent number: 12028304Abstract: A method for restricting reception of e-mail messages from a sender of bulk spam mail includes identifying an unknown sender of received e-mail messages. A set of e-mail messages received from the identified sender is selected. A type of bulk spam mailing is determined based on the selected set of e-mail messages using one or more spam identification signatures. Restrictions on reception of e-mail messages from a sender distributing bulk spam of the determined type are generated.Type: GrantFiled: September 21, 2022Date of Patent: July 2, 2024Assignee: AO Kaspersky LabInventors: Dmitry S. Golubev, Roman A Dedenok, Yury G. Slobodyanuk
-
Patent number: 12028479Abstract: A method for protecting subscriber data includes intercepting network traffic associated with a call. The network traffic includes call parameters and call stream data. A first set of the call parameters is analyzed. A first probability value of the call being declared as unwanted is determined. The call stream data is analyzed to define a second set of call parameters. The first set of call parameters is reanalyzed based on the second set. A second probability value of the call being declared as unwanted is determined. A determination is made if the second probability value exceeds a second threshold value. The call is declared as unwanted, in response to determining that the second probability value exceeds the second threshold. The first and second sets of call parameters are transmitted to an application configured to protect data of a protected subscriber.Type: GrantFiled: April 22, 2022Date of Patent: July 2, 2024Assignee: AO KASPERSKY LABInventors: Alexander A. Demidov, Alexander B. Firstov, Denis E. Chistyakov, Ruslan R. Sabitov, Sergey Y. Golovanov, Victor M. Alyushin, Vladislav Y. Roskov, Igor A. Ryadovsky
-
Patent number: 11997494Abstract: A method for classifying incoming events includes intercepting an incoming event received by a mobile device. The content of the intercepted event is analyzed to determine one or more attributes of the intercepted event. The intercepted event is compared to a plurality of previously collected and classified events, stored in an event repository, based on the one or more determined attributes to identify one or more similar events. A rating of each of the one or more similar events is determined. The rating characterizes probability that the corresponding event belongs to a particular class. The intercepted event is classified as undesirable on the mobile device if the rating value of the one or more similar events is less than a predetermined threshold value.Type: GrantFiled: May 27, 2021Date of Patent: May 28, 2024Assignee: AO Kaspersky LabInventors: Dmitry V. Shvetsov, Daniil A Yazovsky, Vitaly S. Vorobiov
-
Patent number: 11978062Abstract: Disclosed herein are systems and methods for detecting malicious use of a remote administration tool. In one aspect, an exemplary method comprises, gathering, from a flow of events, data that comprises any number of keyboard entry events, wherein each event is related at least to actions indicating a keyboard entry and a context in which the event occurred, comparing the gathered keyboard entry events with signatures from a database, and when a match is found with at least one signature, identifying an activity which is a characteristic that indicates that the remote administration tool is being controlled remotely.Type: GrantFiled: January 28, 2021Date of Patent: May 7, 2024Assignee: AO Kaspersky LabInventor: Sergey N. Ivanov
-
Patent number: 11971996Abstract: The present disclosure provides systems and methods for increasing the cybersecurity of a control subject of an industrial technological system. In an exemplary aspect, the method comprises installing a protected Operating System (OS) on a control subject of the industrial technological system, receiving, by the protected OS, a plurality of log files from the control subject, analyzing, by the protected OS, the plurality of log files to determine if a suspicious action has been applied to the control subject, wherein the control subject is configured to apply a controlling action to the object of control, intercepting, by the protected OS, network packets transmitted by an application launched in a guest OS to the control subject, and preventing, by the protected OS, an interaction between the application and the control subject, in response to determining that the suspicious action has been applied to the control subject.Type: GrantFiled: December 6, 2021Date of Patent: April 30, 2024Assignee: AO Kaspersky LabInventors: Andrey P. Doukhvalov, Pavel V. Dyakin, Dmitry A. Kulagin
-
Patent number: 11934560Abstract: Disclosed herein are systems and methods for processing personal data by application of policies. In one aspect, an exemplary method comprises, by the network infrastructure component, analyzing communication protocols between an IoT device and the network infrastructure component, identifying at least one field that contains personal data, for each identified field, analyzing the identified field using personal data processing policies uploaded to the network infrastructure component, and applying the personal data policies for enforcement.Type: GrantFiled: July 9, 2021Date of Patent: March 19, 2024Assignee: AO Kaspersky LabInventors: Anton V. Tikhomirov, Ivan I. Tatarinov, Sergey V. Konoplev
-
Patent number: 11928243Abstract: An example of a method for detecting hacking activities includes categorizing a plurality of web pages of a web site providing bank services using a trained semantic model. The trained semantic model uses at least one resource identifier of a web page as an input and generates a web page category as an output. One or more attributes of an interaction between a user and bank services are identified. The one or more identified attributes are analyzed by comparing the one or more identified attributes with attributes known to belong to hacking interactions based on a corresponding web page category. Hacking activity is identified based on the results of the analysis.Type: GrantFiled: December 1, 2020Date of Patent: March 12, 2024Assignee: AO Kaspersky LabInventor: Sergey N. Ivanov
-
Patent number: 11929969Abstract: Disclosed herein are systems and method for spam identification. A spam filter module may receive an email at a client device and may determine a signature of the email. The spam filter module may compare the determined signature with a plurality of spam signatures stored in a database. In response to determining that no match exists between the determined signature and the plurality of spam signatures, the spam filter module may placing the email in quarantine. A spam classifier module may extract header information of the email and determine a degree of similarity between known spam emails and the email. In response to determining that the degree of similarity exceeds a threshold, the spam filter module may transfer the email from the quarantine to a spam repository.Type: GrantFiled: November 4, 2019Date of Patent: March 12, 2024Assignee: AO Kaspersky LabInventors: Nikita D. Benkovich, Dmitry S. Golubev, Roman A. Dedenok, Andrey A. But
-
Patent number: 11916959Abstract: Systems and methods for building systems of honeypot resources for the detection of malicious objects in network traffic. A system includes at least two gathering tools for gathering data about the computer system on which it is installed, a building tool configured for building at least two virtual environments, each including an emulation tool configured for emulating the operation of the computer system in the virtual environment, and a distribution tool configured for selecting at least one virtual environment for each computer system and for establishing connection between the computer system and the virtual environment.Type: GrantFiled: December 22, 2021Date of Patent: February 27, 2024Assignee: AO Kaspersky LabInventors: Yaroslav A. Shmelev, Demeter Dan, Preuss Marco, Mikhail Y. Kuzin
-
Patent number: 11888891Abstract: A method for creating a heuristic rule to identify Business Email Compromise (BEC) attacks includes filtering text of received email messages, using a first classifier, to extract one or more terms indicative of a BEC attack from the text of the received email messages. One or more n-grams are generated, using the first classifier, based on the extracted terms. A vector representation of the extracted terms is generated, using a second classifier, based on the generated one or more n-grams. The second classifier includes a logit model. A weight coefficient is assigned to each of the one or more extracted terms based on an output of the trained logit model. A higher weight coefficient indicates higher relevancy to BEC attack of the corresponding term. A heuristic rule associated with the BEC attack is generated by combining the weight coefficients of a combination of the one or more extracted terms.Type: GrantFiled: September 13, 2021Date of Patent: January 30, 2024Assignee: AO Kaspersky LabInventors: Roman A. Dedenok, Nikita D. Benkovich, Dmitry S Golubev, Yury G. Slobodyanuk
-
Patent number: 11886584Abstract: Disclosed herein are systems and methods for detecting potentially malicious changes in an application. In one aspect, an exemplary method comprises, selecting a first file to be analyzed and at least one second file similar to the first file, for each of the at least one second file, calculating at least one set of features, identifying a set of distinguishing features of the first file by finding, for each of the at least one second file, a difference between a set of features of the first file and the calculated at least one set of features of the second file, and detecting a presence of potentially malicious changes in the identified set of distinguishing features of the first file.Type: GrantFiled: November 17, 2021Date of Patent: January 30, 2024Assignee: AO KASPERSKY LABInventors: Anton A Kivva, Lev V Pikman, Igor A Golovin
-
Patent number: 11886577Abstract: Disclosed herein are systems and methods for protecting a user's devices based on types of anomalies. In one aspect, an exemplary method comprises, determining, by a feature determiner, one or more values of features of a user's activity performed using at least one of the user's devices, detecting, by an anomaly detector, anomalies indicative of at least one threat to information security of the user's devices based on the one or more values of the features, for each detected anomaly, identifying, by the anomaly detector, a type of the anomaly and at least one device that is a source of the anomaly, wherein the type of anomaly is identified using an anomaly classifier and one or more values of features, and for each user's device, modifying, by a device protector, one or more information security settings of the user's device based on the identified type of the anomaly.Type: GrantFiled: April 19, 2021Date of Patent: January 30, 2024Assignee: AO Kaspersky LabInventors: Anton V. Tikhomirov, Evgenii Shchetinin
-
Patent number: 11880455Abstract: Disclosed herein are methods and systems for selecting a detection model for detection of a malicious file. An exemplary method includes: monitoring a file during execution of the file within a computer system by intercepting commands of the file being executed and determining one or more parameters of the intercepted commands. A behavior log of the file being executed containing behavioral data is formed based on the intercepted commands and based on the one or more parameters of the intercepted commands. The behavior log is analyzed to form a feature vector. The feature vector characterizes the behavioral data. One or more detection models are selected from a database of detection models based on the feature vector. Each of the one or more detection models includes a decision-making rule for determining a degree of maliciousness of the file being executed.Type: GrantFiled: October 12, 2021Date of Patent: January 23, 2024Assignee: AO Kaspersky LabInventors: Alexander S. Chistyakov, Alexey M. Romanenko, Alexander S. Shevelev
-
Patent number: 11829473Abstract: Disclosed herein are methods and systems for detecting malicious files by a user computer. For example, in one aspect, the method comprises registering application programming interface (API) calls made by a file during an execution of the file on the user computer in a local call log, the local call log comprising control flow graphs of processes launched from the file, searching for a rule that matches behavioral rules a local database, when the behavioral rules are found, determining the file is malicious and halting execution of the file on the user computer, otherwise, transmitting the local call log to a remote server, receiving a verdict, when the verdict indicates the file is malicious, receiving a virus signature corresponding to the verdict, and updating the local call log based on the verdict and virus signature, wherein the updating enables detection of subsequently received malicious files.Type: GrantFiled: November 16, 2020Date of Patent: November 28, 2023Assignee: AO Kaspersky LabInventors: Sergey V. Gordeychik, Sergey V. Soldatov, Konstantin V. Sapronov
-
Patent number: 11803393Abstract: Disclosed herein are systems and method for automatic activation of a service on a computing device. In an exemplary aspect, a service activation module may link, using an activation model, user behavioral data to an automated activation of the service based on the detecting a prior activation of the service subsequent to receiving the user behavioral data. The service activation module may receive, at a later time, additional sensor data from a plurality of sensors of a computing device. The service activation module may parse the additional sensor data to generate additional user behavioral data. The service activation module may compute, using the activation model, a degree of similarity between the user behavioral data and the additional user behavioral data, and in response to determining that the degree of similarity is greater than a predetermined threshold value, may automatically activating the service on the computing device.Type: GrantFiled: October 30, 2019Date of Patent: October 31, 2023Assignee: AO Kaspersky LabInventor: Ivan I. Tatarinov
-
Patent number: 11768902Abstract: Disclosed herein are systems and methods for providing content to a user. In one aspect, an exemplary method comprises intercepting a search request and a site-name in a browser, and sending to a content-provision tool, the intercepted search request and site name, computing a hash of the intercepted search request and site-name, determining a type of the intercepted search request and site name, and transmitting the computed hash and the type of intercepted search request and site-name to a cloud server, transmitting the intercepted request and site-name to the cloud server in plain form, receiving, from the cloud server, content based on a categorization of the intercepted request and site-name and rules for establishing a category of the content, and when the rules are executed, displaying to the user, the content on the computing device of the user in accordance with a category established based on the rules.Type: GrantFiled: May 24, 2022Date of Patent: September 26, 2023Assignee: AO Kaspersky LabInventors: Dmitry V. Shvetsov, Daniil A. Yazovsky, Anton E. Malov