Patents Assigned to CA, Inc.
  • Patent number: 11558383
    Abstract: A method for securing cloud applications is described. The method may include establishing a connection between a cloud application isolation portal, a cloud access security broker, and a cloud application based on an indication of the cloud application and a set of credentials associated with an end user of the cloud application, and managing, via the cloud application isolation portal and the cloud access security broker, a session between the cloud application and a computing device associated with the end user based on the connection between the cloud application isolation portal with the cloud access security broker and the cloud application.
    Type: Grant
    Filed: March 15, 2019
    Date of Patent: January 17, 2023
    Assignee: CA, Inc.
    Inventors: Alex Au Yeung, Amit Kanfer, Arunabha Saha, Manoj Kumar Sharma, Paul Kao, Prashanth Prabhu, Russell Daigle, Tobias Pischl, Yehoshua Chen
  • Patent number: 11551137
    Abstract: Machine learning adversarial campaign mitigation on a computing device. The method may include deploying an original machine learning model in a model environment associated with a client device; deploying a classification monitor in the model environment to monitor classification decision outputs in the machine learning model; detecting, by the classification monitor, a campaign of adversarial classification decision outputs in the machine learning model; applying a transformation function to the machine learning model in the model environment to transform the adversarial classification decision outputs to thwart the campaign of adversarial classification decision outputs; determining a malicious attack on the client device based in part on detecting the campaign of adversarial classification decision outputs; and implementing a security action to protect the computing device against the malicious attack.
    Type: Grant
    Filed: April 30, 2019
    Date of Patent: January 10, 2023
    Assignee: CA, Inc.
    Inventors: Javier Echauz, Andrew B. Gardner, John Keith Kenemer, Jasjeet Dhaliwal, Saurabh Shintre
  • Patent number: 11496489
    Abstract: Knowledge-aware detection of attacks on a client device conducted with dual-use tools. A method may include obtaining dual-use tool data related to a plurality of dual-use tools; collecting from a client device, by the computing device, user input related to the use of a dual-use tool of the plurality of dual-use tools; determining that the user input contains a feature of the dual-use tool data; creating a behavioral index of the user input, the behavioral index stored on the client device; detecting new input on the client device; determining a similarity level between the user input and the new input; flagging a malicious attack on the client device based on determining that the similarity level does not satisfy a pre-determined threshold; and implementing a security action on the client device based on flagging the malicious attack.
    Type: Grant
    Filed: March 28, 2019
    Date of Patent: November 8, 2022
    Assignee: CA, Inc.
    Inventors: Slawomir Grzonkowski, Johann Roturier, Pratyush Banerjee, David L. Silva
  • Patent number: 11461462
    Abstract: The disclosed computer-implemented method for producing adjustments to malware-detecting services may include (1) receiving, from a plurality of malware-detecting services executing on a plurality of client computing devices, a respective plurality of probability scores with corresponding model identifiers for an analyzed file and a plurality of respective identifiers describing the malware-detecting services, (2) building a training dataset from at least a portion of the received plurality of probability scores with corresponding model identifiers, and (3) performing a security action including (A) training, with the training dataset, a malware-detecting linear regression ensemble machine learning model that is specific to an identifier in the plurality of identifiers and (B) sending the trained linear regression ensemble machine learning model to one of the plurality of malware-detecting services executing on one of the client computing devices.
    Type: Grant
    Filed: September 21, 2018
    Date of Patent: October 4, 2022
    Assignee: CA, Inc.
    Inventors: Qichao Lan, Junda Zhu, Shaolong Shu, Tao Cheng, Rudy Senstad
  • Patent number: 11442755
    Abstract: Secure access to a corporate application using a facade. In some embodiments, a method may include receiving, at a secure access cloud point of delivery (PoD), from a client application on a client device, a request to access a corporate application that is deployed in a corporate datacenter. The method may also include creating, at the secure access cloud PoD, a facade representing the corporate application. The method may further include forwarding, from the facade, to a connector that is also deployed in the corporate datacenter, the request. The method may also include brokering, by the connector and the facade, authentication of a user, authorization of access by the user, and a secure communication session between the client application and the corporate application via the facade, with the client application being unaware that the secure communication session is brokered by the connector and the facade.
    Type: Grant
    Filed: October 2, 2019
    Date of Patent: September 13, 2022
    Assignee: CA, Inc.
    Inventors: David Patimer, Lior Lev-Tov, Eldad Rudich, Leonid Belkind
  • Patent number: 11444925
    Abstract: Secure access to a corporate application in an SSH session using a transparent SSH proxy. In some embodiments, a method may include receiving, at a secure access cloud point of delivery (PoD), from a client application on a client device, a request to access a corporate application that is deployed in a corporate datacenter. The method may also include forwarding, from the secure access cloud PoD, to a connector that is also deployed in the corporate datacenter, the request. The method may further include brokering, by the connector and the secure access cloud PoD, authentication of a user, authorization of access by the user, and an SSH session between the client application and the corporate application using a transparent SSH proxy, with the client application being unaware that the SSH session is brokered by the connector and the secure access cloud PoD.
    Type: Grant
    Filed: October 2, 2019
    Date of Patent: September 13, 2022
    Assignee: CA, Inc.
    Inventors: David Patimer, Lior Lev-Tov, Eldad Rudich, Leonid Belkind
  • Patent number: 11429823
    Abstract: The disclosed computer-implemented method for dynamically augmenting machine learning models based on contextual factors associated with execution environments may include (1) generating a base machine learning model and a supplemental set of machine learning models, (2) determining at least one contextual factor associated with an execution environment of a machine learning system that is configured to make predictions regarding a set of input data using at least the base machine learning model, (3) selecting, based on the contextual factor, a continuation set of machine learning models from the supplemental set of machine learning models, and (4) directing the machine learning system to utilize both the base machine learning model and the continuation set of machine learning models when making predictions regarding the set of input data. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: March 15, 2018
    Date of Patent: August 30, 2022
    Assignee: CA, INC.
    Inventors: Qichao Lan, XueFeng Tian, Tao Cheng, Rudy Senstad
  • Patent number: 11429846
    Abstract: A platform that integrates and collates the data points from students, employers, schools, and industry into an ecosystem which allows for customers (students, employers, schools, and industry) to model ‘what-if’ scenarios based on their industry parameters. By using a design algorithm based on automated reasoning, game theory, and knowledge mining, within a neural network, the platform can predict, model, and build the journey. The decision modeling neural learning platform may be used to augment or replace the need for guidance counselors in schools, along with assisting industry and immigration liaisons.
    Type: Grant
    Filed: January 22, 2019
    Date of Patent: August 30, 2022
    Assignee: KLIQ.CA Inc.
    Inventor: Kashif Siddiqui
  • Patent number: 11425134
    Abstract: Secure access to a corporate application with translation between an internal address and an external address. In some embodiments, a method may include receiving, at a secure access cloud point of delivery (PoD), from a client application on a client device, a request to access a corporate web application that is deployed in a corporate datacenter. The method may also include forwarding, from the secure access cloud PoD, to a connector that is also deployed in the corporate datacenter, the request to access the corporate web application. The method may further include brokering, by the connector and the secure access cloud PoD, authentication of a user, authorization of access by the user, and a secure communication session between the client application and the corporate web application by translating between an internal address of the corporate web application and an external address of the corporate web application.
    Type: Grant
    Filed: October 2, 2019
    Date of Patent: August 23, 2022
    Assignee: CA, Inc.
    Inventors: David Patimer, Lior Lev-Tov, Eldad Rudich, Leonid Belkind
  • Patent number: 11411968
    Abstract: The disclosed computer-implemented method for protecting a cloud computing device from malware may include (i) intercepting, at a computing device, a malicious attempt by the malware to (A) access sensitive information in an encrypted file stored on the computing device and (B) send the sensitive information to the cloud computing device and (ii) performing, responsive to the attempt to access the encrypted file, a security action. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: September 18, 2019
    Date of Patent: August 9, 2022
    Assignee: CA, INC.
    Inventors: Ashok Banerjee, Susan Hassall
  • Patent number: 11409871
    Abstract: A method for identifying suspicious activity on a monitored computing device is described. In one embodiment, the method may include monitoring a local procedure call interface of the monitored computing device, identifying, based at least in part on the monitoring, a remote procedure call (RPC) of a suspicious process, the RPC being transmitted over a local procedure call message of the local procedure call interface, analyzing the RPC of the suspicious process, and performing a security action based at least in part on the analyzing.
    Type: Grant
    Filed: March 22, 2019
    Date of Patent: August 9, 2022
    Assignee: CA, Inc.
    Inventors: Bahaa Naamneh, Felix Leder
  • Patent number: 11392696
    Abstract: The disclosed computer-implemented method for detecting code implanted into a published application may include retrieving a published version of an application and a source version of the application, and determining, based on an analysis of the source version and the published version, a transformation process for transforming from the source version to the published version. The method may also include performing the transformation process on the source version to produce a build version, comparing the build version with the published version, and identifying, based on the comparison, implanted code in the published version. The method may further include performing, in response to identifying the implanted code, a security action. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: March 28, 2019
    Date of Patent: July 19, 2022
    Assignee: CA, INC.
    Inventors: Torrey Umland, Nathaniel Theis
  • Patent number: 11392794
    Abstract: Techniques are disclosed relating to increasing the amount of training data available to machine learning algorithms. A computer system may access an initial set of training data that specifies a plurality of sequences, each of which may define a set of data values. The computer system may amplify the initial set of training data to create a revised set of training data. The amplifying may include identifying sub-sequences of data values in ones of the plurality of sequences in the initial set of training data and using an inheritance algorithm to create a set of additional sequences of data values, where each one of the set of additional sequences may include sub-sequences of data values from at least two different sequences in the initial set of training data. The computer system may process the set of additional sequences using the machine learning algorithm to train a machine learning model.
    Type: Grant
    Filed: September 10, 2018
    Date of Patent: July 19, 2022
    Assignee: CA, Inc.
    Inventors: Michael J. Cohen, Daniel David Sill
  • Patent number: 11382546
    Abstract: Provided is a process including: receiving biometric measurements; receiving from application components or network hosts, events or metrics indicative of objective performance; correlating psychophysical-performance values based on the biometric measurements indicative of psychophysical performance with objective-performance values based on the events or metrics indicative of objective performance; storing the correlation between the psychophysical-performance values and the objective-performance values in memory; and accessing the correlation to select hosts, application components, or routines to be adjusted to improve objective performance of the distributed application or psychophysical performance of the distributed application.
    Type: Grant
    Filed: April 10, 2018
    Date of Patent: July 12, 2022
    Assignee: CA, Inc.
    Inventors: Ross Castillo, Satish Kumar Naidi
  • Patent number: 11386208
    Abstract: The disclosed computer-implemented method for malware detection using localized machine learning may include (i) generating a global score for a file using a global machine learning model, (ii) generating a localized score for the file using a localized machine learning model, (iii) determining that the file is malware using the global score, the localized score, and the local conviction threshold, and (iv) in response to determining that the file is malware, performing a security action to protect the computing device against malware. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: May 16, 2019
    Date of Patent: July 12, 2022
    Assignee: CA, INC.
    Inventors: Qichao Lan, Tao Cheng
  • Patent number: 11336639
    Abstract: The disclosed computer-implemented method for managing a need-to-know domain name system may include (i) intercepting, by an agent of the computing device, network traffic received on the computing device, (ii) generating, by the agent, a one-time password based on a unique identifier of the agent of the computing device, (iii) wrapping, by the agent, the network traffic with the one-time password, and (iv) pushing, by the agent, the wrapped network traffic to a cloud server using a local domain name system (DNS) of the agent of the computing device, wherein the local DNS comprises a private domain name unpublished in a global DNS. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: September 19, 2019
    Date of Patent: May 17, 2022
    Assignee: CA, Inc.
    Inventors: Ashok Banerjee, Leonid Belkind, Russell Daigle
  • Patent number: 11308212
    Abstract: Telemetry data from client file reputation queries is collected over time. Directories/sub-directories under which files of queries are located are identified. The files including the reputations for the files under a given directory/sub-directory are identified and used to calculate the reputation score for the directory/sub-directory. The directory/sub-directory is then classified based on the calculated score for the directory/sub-directory. After the classification of directories/sub-directories, reputation for a file with unknown reputation is then determined based on the classification of the directory/sub-directory under which the file is located.
    Type: Grant
    Filed: June 26, 2019
    Date of Patent: April 19, 2022
    Assignee: CA, INC.
    Inventors: Qian Zhu, Alexander Lichstein, Daniel Sosa
  • Patent number: 11303670
    Abstract: Pre-filtering detection of an injected script on a webpage accessed by a computing device. The method may include receiving an indication of access to the webpage at a web browser of the computing device; identifying a web form associated with the webpage; determining that the webpage has been previously visited by the computing device; recording at least one current domain associated with at least one current object request made by the web form; determining a difference of a count of the at least one current domain associated with the at least one current object request and a count of at least one historical domain associated with at least one historical object request previously made by the webpage; identifying the webpage as suspicious based on determining that the difference is greater than zero and less than a domain threshold; and initiating a security action on the webpage based on the identifying.
    Type: Grant
    Filed: June 7, 2019
    Date of Patent: April 12, 2022
    Assignee: CA, Inc.
    Inventor: Candid Alex Wueest
  • Patent number: 11297083
    Abstract: Identifying and protecting against an attack against an anomaly detector machine learning classifier (ADMLC). In some embodiments, a method may include identifying training data points in a manifold space for an ADMLC, dividing the manifold space into multiple subspaces, merging each of the training data points into one of the multiple subspaces, training a subclassifier for each of the multiple subspaces to determine a decision boundary for each of the multiple subspaces between normal training data points and anomalous training data points, receiving an input data point into the ADMLC, determining whether the input data point is an attack on the ADMLC due to a threshold number of the subclassifiers classifying the input data point as an anomalous input data point, and, in response to identifying the attack against the ADMLC, protecting against the attack.
    Type: Grant
    Filed: August 15, 2019
    Date of Patent: April 5, 2022
    Assignee: CA, Inc.
    Inventors: Aditya Kuppa, Slawomir Grzonkowski
  • Patent number: 11288369
    Abstract: A computer-implemented method for detecting and protecting against malicious use of legitimate computing-system tools may include (i) identifying a computing-system tool that can perform benign actions and malicious actions on a computing system, (ii) creating a set of recorded actions by recording actions performed by the computing-system tool on the computing system over a predetermined period of time, (iii) analyzing the set of recorded actions via a machine learning method that, for each action in the set of recorded actions, determines whether the action is anomalous compared to other actions in the set, (iv) classifying an action in the set of recorded actions as malicious based at least in part on determining that the action is anomalous, and (v) initiating, in response to classifying the action as malicious, a security action related to the action. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: March 28, 2019
    Date of Patent: March 29, 2022
    Assignee: CA, INC.
    Inventors: Slawomir Grzonkowski, Aditya Kuppa