Patents Assigned to Bitdefender IPR Management Ltd.
  • Patent number: 10296470
    Abstract: Described systems and methods allow protecting a host system against malware, using hardware virtualization technology. A memory introspection engine executes at the level of a hypervisor, protecting a virtual machine (VM) from exploits targeting the call stack of a thread executing within the respective VM. The introspection engine identifies a virtual memory page reserved for the stack, but not committed to the stack, and intercepts an attempt to write to the respective page. In response to intercepting the write attempt, the memory introspection engine marks the respective page as non-executable, thus protecting the stack against exploits.
    Type: Grant
    Filed: June 30, 2017
    Date of Patent: May 21, 2019
    Assignee: Bitdefender IPR Management Ltd.
    Inventor: Andrei V. Lutas
  • Patent number: 10257170
    Abstract: Described systems and methods enable a decryption of encrypted communication between a client system and a remote party, for applications such as detection and analysis of malicious software, intrusion detection, and surveillance, among others. The client system executes a virtual machine and an introspection engine outside the virtual machine. The introspection engine is configured to identify memory pages whose contents have changed between a first session event (e.g., a ServerHello message) and a second session event (e.g., a ClientFinished message). The respective memory pages are likely to contain encryption key material for the respective communication session. A decryption engine may then attempt to decrypt an encrypted payload of the respective communication session using information derived from the content of the identified memory pages.
    Type: Grant
    Filed: October 29, 2018
    Date of Patent: April 9, 2019
    Assignee: Bitdefender IPR Management Ltd.
    Inventor: Radu Caragea
  • Patent number: 10237293
    Abstract: Described systems and methods allow protecting a computer system from malware such as viruses, worms, and spyware. A reputation manager executes on the computer system concurrently with an anti-malware engine. The reputation manager associates a dynamic reputation indicator to each executable entity seen as a unique combination of individual components (e.g., a main executable and a set of loaded libraries). The reputation indicator indicates a probability that the respective entity is malicious. The reputation of benign entities may increase in time. When an entity performs certain actions which may be indicative of malicious activity, the reputation of the respective entity may drop. The anti-malware engine uses an entity-specific protocol to scan and/or monitor each target entity for malice, the protocol varying according to the entity's reputation. Entities trusted to be non-malicious may be analyzed using a more relaxed protocol than unknown or untrusted entities.
    Type: Grant
    Filed: October 27, 2016
    Date of Patent: March 19, 2019
    Assignee: Bitdefender IPR Management Ltd.
    Inventors: Gheorghe F. Hajmasan, Alexandra Mondoc, Radu M. Portase
  • Patent number: 10212114
    Abstract: Described spam detection techniques including string identification, pre-filtering, and frequency spectrum and timestamp comparison steps facilitate accurate, computationally-efficient detection of rapidly-changing spam arriving in short-lasting waves. In some embodiments, a computer system extracts a target character string from an electronic communication such as a blog comment, transmits it to an anti-spam server, and receives an indicator of whether the respective electronic communication is spam or non-spam from the anti-spam server. The anti-spam server determines whether the electronic communication is spam or non-spam according to features of the frequency spectrum of the target string. Some embodiments also perform an unsupervised clustering of incoming target strings into clusters, wherein all members of a cluster have similar spectra.
    Type: Grant
    Filed: September 7, 2015
    Date of Patent: February 19, 2019
    Assignee: Bitdefender IPR Management Ltd.
    Inventors: Daniel Dichiu, Lucian Z Lupsescu
  • Patent number: 10171497
    Abstract: Described systems and methods enable a swift and efficient detection of fraudulent Internet domains, i.e., domains used to host or distribute fraudulent electronic documents such as fraudulent webpages and electronic messages. Some embodiments use a reverse IP analysis to select a set of fraud candidates from among a set of domains hosted at the same IP address as a known fraudulent domain. The candidate set is further filtered according to domain registration data. Online content hosted at each filtered candidate domain is further analyzed to identify truly fraudulent domains. A security module may then prevent users from accessing a content of such domains.
    Type: Grant
    Filed: July 11, 2016
    Date of Patent: January 1, 2019
    Assignee: Bitdefender IPR Management Ltd.
    Inventor: Alin O. Damian
  • Patent number: 10140448
    Abstract: Described systems and methods enable an efficient detection and analysis of software events, especially in hardware virtualization configurations. In some embodiments, certain types of events are analyzed asynchronously, in the sense that the triggering entity is allowed to continue execution while the respective event is added to a queue for later processing. Some embodiments modify the instruction set architecture of the processor by adding a processor instruction dedicated to delivering event notifications. Such notification instructions allow for complex and flexible event detection without some of the disadvantages of conventional methods such as hooking.
    Type: Grant
    Filed: July 1, 2016
    Date of Patent: November 27, 2018
    Assignee: Bitdefender IPR Management Ltd.
    Inventor: Sandor Lukacs
  • Patent number: 10116630
    Abstract: Described systems and methods enable a decryption of encrypted communication between a client system and a remote party, for applications such as detection and analysis of malicious software, intrusion detection, and surveillance, among others. The client system executes a virtual machine and an introspection engine outside the virtual machine. The introspection engine is configured to identify memory pages whose contents have changed between a first session event (e.g., a ServerHello message) and a second session event (e.g., a ClientFinished message). The respective memory pages are likely to contain encryption key material for the respective communication session. A decryption engine may then attempt to decrypt an encrypted payload of the respective communication session using information derived from the content of the identified memory pages.
    Type: Grant
    Filed: March 28, 2017
    Date of Patent: October 30, 2018
    Assignee: Bitdefender IPR Management Ltd.
    Inventor: Radu Caragea
  • Patent number: 10089465
    Abstract: Described systems and methods allow protecting a computer system from malicious software. In some embodiments, a security application divides a set of monitored executable entities (e.g., processes) into a plurality of groups, wherein all members of a group are related by filiation or code injection. The security application may further associate a set of scores with each entity group. Such group scores may be incremented when a member of the respective group performs certain actions. Thus, even though actions performed by individual members may not be malware-indicative per se, the group score may capture collective malicious behavior and trigger malware detection. In some embodiments, group membership rules vary according to whether an entity is part of a selected subset of entities including certain OS processes, browsers and file managers. When an entity is determined to be malicious, anti-malware measures may be taken against a whole group of related entities.
    Type: Grant
    Filed: July 24, 2015
    Date of Patent: October 2, 2018
    Assignee: Bitdefender IPR Management Ltd.
    Inventors: Gheorghe F. Hajmasan, Radu M. Portase
  • Patent number: 10083294
    Abstract: Described systems and methods allow protecting a computer system from malware, such as return-oriented programming (ROP) exploits. In some embodiments, a set of references are identified within a call stack used by a thread of a target process, each reference pointing into the memory space of an executable module loaded by the target process. Each such reference is analyzed to determine whether it points to a ROP gadget, and whether the respective reference was pushed on the stack by a legitimate function call. In some embodiments, a ROP score is indicative of whether the target process is subject to a ROP attack, the score determined according to a count of references to a loaded module, according to a stack footprint of the respective module, and further according to a count of ROP gadgets identified within the respective module.
    Type: Grant
    Filed: October 10, 2016
    Date of Patent: September 25, 2018
    Assignee: Bitdefender IPR Management Ltd.
    Inventor: Raul V. Tosa
  • Patent number: 10080138
    Abstract: In some embodiments, a network regulator device protects a local network of client systems (e.g. Internet-of-things devices such as smartphones, home appliances, wearables, etc.) against computer security threats. When introduced to the local network, some embodiments of network regulator take over some network services from a router, and automatically install the network regulator as gateway to the local network. The network regulator then carries out an automatic device discovery procedure and distribute device-specific utility agents to the protected client systems. An exemplary utility agent detects when its host device has left the local network, and in response, sets up a virtual private network (VPN) tunnel with a security server to maintain protection of the respective device.
    Type: Grant
    Filed: March 29, 2018
    Date of Patent: September 18, 2018
    Assignee: Bitdefender IPR Management Ltd.
    Inventors: Cosmin C. Stan, Andrei Rusu, Bogdan C. Cebere, Alexandru I. Achim
  • Patent number: 10049211
    Abstract: Described systems and methods allow protecting a host computer system from malicious software, such as return-oriented programming (ROP) and jump-oriented programming (JOP) exploits. In some embodiments, a processor of the host system is endowed with two counters storing a count of branch instructions and a count of inter-branch instructions, respectively, occurring within a sequence of instructions. Exemplary counted branch instructions include indirect JMP, indirect CALL, and RET on x86 platforms, while inter-branch instructions consist of instructions executed between two consecutive counted branch instructions. The processor may be further configured to generate a processor event, such as an exception, when a value stored in a counter exceeds a predetermined threshold, and/or when a branch instruction redirects execution to a critical OS function. Such events may be used as triggers for launching a malware analysis to determine whether the host system is subject to a code reuse attack.
    Type: Grant
    Filed: July 15, 2015
    Date of Patent: August 14, 2018
    Assignee: Bitdefender IPR Management Ltd.
    Inventors: Sandor Lukacs, Andrei V. Lutas, Dan H. Lutas
  • Patent number: 10045217
    Abstract: In some embodiments, a network regulator device protects a local network of client systems (e.g. Internet-of-things devices such as smartphones, home appliances, wearables, etc.) against computer security threats. When introduced to the local network, some embodiments of network regulator automatically take over network services from an existing router, and install the network regulator as gateway to the local network. In response to taking over the network services, some embodiments redirect a request by a protected client system to access a remote resource to a security server configured to determine whether granting access to the resource constitutes a computer security threat to the client system.
    Type: Grant
    Filed: December 11, 2015
    Date of Patent: August 7, 2018
    Assignee: Bitdefender IPR Management Ltd.
    Inventors: Cosmin C. Stan, Andrei Rusu, Bogdan C. Cebere, Alexandru I. Achim
  • Patent number: 10043005
    Abstract: Described systems and methods enable enforcing application control remotely and automatically, on a relatively large number of client systems (e.g., a corporate network, a virtual desktop infrastructure system, etc.). An application control engine executes outside a virtual machine exposed on a client system, the application control engine configured to enforce application control within the virtual machine according to a set of control policies. When a policy indicates that a specific process is not allowable on the respective client system, the app control engine may prevent execution of the respective process. To assist in data gathering and/or other activities associated with application control, some embodiments temporarily drop a control agent into the controlled virtual machine.
    Type: Grant
    Filed: March 31, 2016
    Date of Patent: August 7, 2018
    Assignee: Bitdefender IPR Management Ltd.
    Inventors: Sandor Lukacs, Andrei V. Lutas
  • Patent number: 9965313
    Abstract: Described systems and methods enable performing software audits remotely and automatically, on a relatively large number of client systems (e.g., a corporate network, a virtual desktop infrastructure system, etc.) An audit engine executes on each client system, in a hardware virtualization configuration wherein the audit engine executes outside an audited virtual machine. When receiving an audit request from an audit server, some embodiments of the audit engine drop an audit agent into the audited virtual machine, and remove the audit agent upon completion of the audit.
    Type: Grant
    Filed: February 17, 2016
    Date of Patent: May 8, 2018
    Assignee: Bitdefender IPR Management Ltd.
    Inventors: Sandor Lukacs, Andrei V. Lutas, Ionel C. Anichitei
  • Patent number: 9936388
    Abstract: In some embodiments, a network regulator device protects a local network of client systems (e.g. Internet-of-things devices such as smartphones, home appliances, wearables, etc.) against computer security threats. When introduced to the local network, some embodiments of network regulator take over some network services from a router, and automatically install the network regulator as gateway to the local network. The network regulator then carries out an automatic device discovery procedure and distribute device-specific utility agents to the protected client systems. An exemplary utility agent detects when its host device has left the local network, and in response, sets up a virtual private network (VPN) tunnel with a security server to maintain protection of the respective device.
    Type: Grant
    Filed: December 11, 2015
    Date of Patent: April 3, 2018
    Assignee: Bitdefender IPR Management Ltd.
    Inventors: Cosmin C. Stan, Andrei Rusu, Bogdan C. Cebere, Alexandru I. Achim
  • Patent number: 9881157
    Abstract: Described systems and methods allow conducting computer security operations, such as detecting malware and spyware, in a bare-metal computer system. In some embodiments, a first processor of a computer system executes the code samples under assessment, whereas a second, distinct processor is used to carry out the assessment and to control various hardware components involved in the assessment. Such hardware components include, among others, a memory shadower configured to detect changes to a memory connected to the first processor, and a storage shadower configured to detect an attempt to write to a non-volatile storage device of the computer system. The memory shadower and storage shadower may be used to inject a security agent into the computer system.
    Type: Grant
    Filed: March 18, 2015
    Date of Patent: January 30, 2018
    Assignee: Bitdefender IPR Management Ltd.
    Inventors: Sandor Lukacs, Adrian V. Colesa
  • Patent number: 9852295
    Abstract: Described systems and methods enable an efficient analysis of security-relevant events, especially in hardware virtualization platforms. In some embodiments, a notification handler detects the occurrence of an event within a virtual machine, and communicates the respective event to security software. The security software then attempts to match the respective event to a collection of behavioral and exception signatures. An exception comprises a set of conditions which, when satisfied by an <event, entity> tuple, indicates that the respective entity is not malicious. In some embodiments, a part of exception matching is performed synchronously (i.e., while execution of the entity that triggered the respective event is suspended), while another part of exception matching is performed asynchronously (i.e., after the triggering entity is allowed to resume execution).
    Type: Grant
    Filed: July 13, 2016
    Date of Patent: December 26, 2017
    Assignee: Bitdefender IPR Management Ltd.
    Inventors: Sandor Lukacs, Cristian B. Sirb, Andrei V. Lutas
  • Patent number: 9830459
    Abstract: Described systems and methods allow a mobile device, such as a smartphone or a tablet computer, to protect a user of the respective device from fraud and/or loss of privacy. In some embodiments, the mobile device receives from a server a risk indicator indicative of whether executing a target application causes a privacy risk. Determining the risk indicator includes automatically supplying a test input to a data field used by the target application, the data field configured to hold a private item such as a password or a geolocation indicator. Determining the risk indicator further comprises determining whether a test device executing an instance of the target application transmits an indicator of the test input, such as the test input itself or a hash of the test input, to another party on the network.
    Type: Grant
    Filed: March 18, 2016
    Date of Patent: November 28, 2017
    Assignee: Bitdefender IPR Management Ltd.
    Inventors: Vlad Valceanu, Elena Burceanu, Dragos T. Gavrilut, Tiberius Axinte, Vlad Bordianu, Razvan M. Benchea
  • Patent number: 9819696
    Abstract: Domain generation algorithm (DGA) malware is detected by intercepting an external time request sent by a potential DGA malware host, and replacing the received real time with an accelerated (future) real time designed to trigger time-dependent DGA activity. The interception and replacement are performed outside the physical or virtual DGA host, on a different physical or virtual system such as a distinct external physical server or router, or distinct hypervisor or virtual machine running on the same physical system, in order to reduce the risk that the DGA malware identifies the time substitution. Failed DGA malware external access requests triggered only at future times are then used to identify domain names generated by the DGA malware, allowing proactive countermeasures.
    Type: Grant
    Filed: November 4, 2015
    Date of Patent: November 14, 2017
    Assignee: Bitdefender IPR Management Ltd.
    Inventors: Octavian M. Minea, Cristina Vatamanu, Mihai R. Benchea, Dragos T. Gavrilut
  • Patent number: 9703726
    Abstract: Described systems and methods allow protecting a host system against malware, using hardware virtualization technology. A memory introspection engine executes at the level of a hypervisor, protecting a virtual machine (VM) from exploits targeting the call stack of a thread executing within the respective VM. The introspection engine identifies a virtual memory page reserved for the stack, but not committed to the stack, and intercepts an attempt to write to the respective page. In response to intercepting the write attempt, the memory introspection engine marks the respective page as non-executable, thus protecting the stack against exploits.
    Type: Grant
    Filed: June 24, 2014
    Date of Patent: July 11, 2017
    Assignee: Bitdefender IPR Management Ltd.
    Inventor: Andrei V. Lutas