Patents Assigned to Cylance Inc.
-
Patent number: 12061692Abstract: Methods and systems for fingerprinting a malicious behavior. In a first stage of training, a coarse machine learning one-class classifier is trained to detect a first dataset of events, the first dataset of events including a dataset of events representing a malicious behavior and a dataset of events representing non-malicious behavior and a benign machine learning one-class classifier is trained to detect a second dataset of events, the second dataset of events excluding the dataset of events representing malicious activity. An ensemble of models including the benign and coarse machine learning one-class classifiers is applied to the first dataset of events to create a third training set representing the malicious behavior for a second stage of training. A final machine learning one-class classifier is trained in the second stage of training using the third training set. The final machine learning one-class classifier represents a fingerprint of the malicious behavior.Type: GrantFiled: December 15, 2021Date of Patent: August 13, 2024Assignee: Cylance Inc.Inventor: Sameer Shashikant Paranjape
-
Patent number: 11928213Abstract: In one respect, there is provided a system for training a neural network adapted for classifying one or more scripts. The system may include at least one processor and at least one memory. The memory may include program code which when executed by the at least one memory provides operations including: receiving a disassembled binary file that includes a plurality of instructions; processing the disassembled binary file with a convolutional neural network configured to detect a presence of one or more sequences of instructions amongst the plurality of instructions and determine a classification for the disassembled binary file based at least in part on the presence of the one or more sequences of instructions; and providing, as an output, the classification of the disassembled binary file. Related computer-implemented methods are also disclosed.Type: GrantFiled: March 20, 2020Date of Patent: March 12, 2024Assignee: Cylance Inc.Inventors: Andrew Davis, Matthew Wolff, Derek A. Soeder, Glenn Chisholm, Ryan Permeh
-
Patent number: 11893096Abstract: Systems and methods are described herein for computer user authentication using machine learning. Authentication for a user is initiated based on an identification confidence score of the user. The identification confidence score is based on one or more characteristics of the user. Using a machine learning model for the user, user activity of the user is monitored for anomalous activity to generate first data. Based on the monitoring, differences between the first data and historical utilization data for the user determine whether the user's utilization of the one or more resources is anomalous. When the user's utilization of the one or more resource is anomalous, the user's access to the one or more resource is removed.Type: GrantFiled: December 2, 2021Date of Patent: February 6, 2024Assignee: Cylance Inc.Inventors: Garret Florian Grajek, Jeffrey Lo, Michael Thomas Wojnowicz, Dinh Huu Nguyen, Michael Alan Slawinski
-
Patent number: 11880391Abstract: Systems, methods, and software can be used to cluster software codes in a scalable manner. In some aspects, a computer-implemented method comprises: obtaining a plurality of software samples; computing one or more first hash results for each of the plurality of software samples; computing one or more second hash results for each of the plurality of software samples based on the one or more first hash results, wherein an amount of the one or more second hash results is less than an amount of the one or more first hash results; determining a similarity output based on the one or more second hash results of two of the plurality of software samples; and clustering the plurality of software samples based on the similarity output to generate one or more software sample clusters.Type: GrantFiled: April 20, 2021Date of Patent: January 23, 2024Assignee: CYLANCE, INC.Inventors: Sameer Shashikant Paranjape, Bronson Boersma, David Alan Greer
-
Patent number: 11797826Abstract: A system is provided for classifying an instruction sequence with a machine learning model. The system may include at least one processor and at least one memory. The memory may include program code that provides operations when executed by the at least one processor. The operations may include: processing an instruction sequence with a trained machine learning model configured to detect one or more interdependencies amongst a plurality of tokens in the instruction sequence and determine a classification for the instruction sequence based on the one or more interdependencies amongst the plurality of tokens; and providing, as an output, the classification of the instruction sequence. Related methods and articles of manufacture, including computer program products, are also provided.Type: GrantFiled: December 18, 2020Date of Patent: October 24, 2023Assignee: Cylance Inc.Inventors: Xuan Zhao, Matthew Wolff, John Brock, Brian Wallace, Andy Wortman, Jian Luan, Mahdi Azarafrooz, Andrew Davis, Michael Wojnowicz, Derek Soeder, David Beveridge, Eric Petersen, Ming Jin, Ryan Permeh
-
Patent number: 11709922Abstract: Data is received as part of an authentication procedure to identify a user. Such data characterizes a user-generated biometric sequence that is generated by the user interacting with at least one input device according to a desired biometric sequence. Thereafter, using the received data and at least one machine learning model trained using empirically derived historical data generated by a plurality of user-generated biometric sequences (e.g., historical user-generated biometric sequences according to the desired biometric sequence, etc.), the user is authenticated if an output of the at least one machine learning model is above a threshold. Data can be provided that characterizes the authenticating. Related apparatus, systems, techniques and articles are also described.Type: GrantFiled: April 29, 2020Date of Patent: July 25, 2023Assignee: Cylance Inc.Inventors: Garret Florian Grajek, Jeffrey Lo, Homer Valentine Strong, Wulun Dai
-
Patent number: 11657317Abstract: Under one aspect, a computer-implemented method includes receiving a query at a query interface about whether a computer file comprises malicious code. It is determined, using at least one machine learning sub model corresponding to a type of the computer file, whether the computer file comprises malicious code. Data characterizing the determination are provided to the query interface. Generating the sub model includes receiving computer files at a collection interface. Multiple sub populations of the computer files are generated based on respective types of the computer files, and random training and testing sets are generated from each of the sub populations. At least one sub model for each random training set is generated.Type: GrantFiled: October 20, 2017Date of Patent: May 23, 2023Assignee: Cylance Inc.Inventors: Ryan Permeh, Stuart McClure, Matthew Wolff, Gary Golomb, Derek A. Soeder, Seagen Levites, Michael O'Dea, Gabriel Acevedo, Glenn Chisholm
-
Patent number: 11637858Abstract: Features are extracted from an artifact so that a vector can be populated. The vector is then inputted into an anomaly detection model comprising a deep generative model to generate a first score. The first score can characterize the artifact as being malicious or benign to access, execute, or continue to execute. In addition, the vector is inputted into a machine learning-based classification model to generate a second score. The second score can also characterize the artifact as being malicious or benign to access, execute, or continue to execute. The second score is then modified based on the first score to result in a final score. The final score can then be provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.Type: GrantFiled: May 29, 2020Date of Patent: April 25, 2023Assignee: Cylance Inc.Inventor: Michael Thomas Wojnowicz
-
Patent number: 11636202Abstract: An artifact is received from which features are extracted and used to populate a vector. The features in the vector are then reduced using a feature reduction operation to result in a modified vector having a plurality of buckets. Features within the buckets of the modified vector above a pre-determined projected bucket clipping threshold are then identified. Using the identified features, and overflow vector is then generated. The modified vector is then input into a classification model to generate a score. This score is adjusted based on the overflow vector and can then be provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.Type: GrantFiled: February 21, 2020Date of Patent: April 25, 2023Assignee: Cylance Inc.Inventor: Eric Glen Petersen
-
Patent number: 11620471Abstract: A method, a system, and a computer program product for performing analysis of data to detect presence of malicious code are disclosed. Reduced dimensionality vectors are generated from a plurality of original dimensionality vectors representing features in a plurality of samples. The reduced dimensionality vectors have a lower dimensionality than an original dimensionality of the plurality of original dimensionality vectors. A first plurality of clusters is determined by applying a first clustering algorithm to the reduced dimensionality vectors. A second plurality of clusters is determined by applying a second clustering algorithm to one or more clusters in the first plurality of clusters using the original dimensionality. An exemplar for a cluster in the second plurality of clusters is added to a training set, which is used to train a machine learning model for identifying a file containing malicious code.Type: GrantFiled: November 1, 2017Date of Patent: April 4, 2023Assignee: Cylance Inc.Inventor: John Brock
-
Patent number: 11604871Abstract: An artifact is received from which features are extracted so as to populate a vector. The features in the vector can be reduced using a feature reduction operations to result in a modified vector having a plurality of buckets. A presence of predetermined types of features are identified within buckets of the modified vector influencing a score above a pre-determined threshold. A contribution of the identified features within the high influence buckets of the modified vector is then attenuated. The modified vector is input into a classification model to generate a score which can be provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.Type: GrantFiled: March 27, 2020Date of Patent: March 14, 2023Assignee: Cylance Inc.Inventor: Eric Glen Petersen
-
Patent number: 11586975Abstract: An artefact is received. Thereafter, features are extracted from the artefact and a vector is populated. Later, one of a plurality of available classification models is selected. The classification models use different scoring paradigms while providing the same or substantially similar classifications. The vector is input into the selected classification model to generate a score. The score is later provided to a consuming application or process. The classification model can characterize the artefact as being malicious or benign to access, execute, or continue to execute so that appropriate remedial action can be taken or initiated by the consuming application or process. Related apparatus, systems, techniques and articles are also described.Type: GrantFiled: April 30, 2019Date of Patent: February 21, 2023Assignee: Cylance Inc.Inventors: David N. Beveridge, Hailey Buckingham
-
Patent number: 11580442Abstract: An artefact is received. Features are later extracted from the artefact and are used to populate a vector. The vector is input into a classification model to generate a score. This score is then modified using a time-based oscillation function and is provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.Type: GrantFiled: April 30, 2019Date of Patent: February 14, 2023Assignee: Cylance Inc.Inventors: Hailey Buckingham, David N. Beveridge
-
Patent number: 11568185Abstract: Centroids are used for improving machine learning classification and information retrieval. A plurality of files are classified as malicious or not malicious based on a function dividing a coordinate space into at least a first portion and a second portion such that the first portion includes a first subset of the plurality of files classified as malicious. One or more first centroids are defined in the first portion that classify files from the first subset as not malicious. A file is determined to be malicious based on whether the file is located within the one or more first centroids.Type: GrantFiled: September 17, 2020Date of Patent: January 31, 2023Assignee: Cylance Inc.Inventors: Jian Luan, Matthew Wolff, Brian Michael Wallace
-
Patent number: 11562290Abstract: An artefact is received. Features are extracted from this artefact which are, in turn, used to populate a vector. The vector is then input into a classification model to generate a score. The score is then modified to result in a modified score by interleaving the generated score or a mapping thereof into digits of a pseudo-score. Thereafter, the modified score can be provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.Type: GrantFiled: April 30, 2019Date of Patent: January 24, 2023Assignee: Cylance Inc.Inventor: Hailey Buckingham
-
Patent number: 11556648Abstract: In some implementations there may be provided a system. The system may include a processor and a memory. The memory may include program code which causes operations when executed by the processor. The operations may include analyzing a series of events contained in received data. The series of events may include events that occur during the execution of a data object. The series of events may be analyzed to at least extract, from the series of events, subsequences of events. A machine learning model may determine a classification for the received data. The machine learning model may classify the received data based at least on whether the subsequences of events are malicious. The classification indicative of whether the received data is malicious may be provided. Related methods and articles of manufacture, including computer program products, are also disclosed.Type: GrantFiled: May 5, 2020Date of Patent: January 17, 2023Assignee: Cylance Inc.Inventors: Xuan Zhao, Aditya Kapoor, Matthew Wolff, Andrew Davis, Derek A. Soeder, Ryan Permeh
-
Patent number: 11544358Abstract: Bayesian continuous user authentication can be obtained by receiving observed behavior data that collectively characterizes interaction of an active user with at least one computing device or software application. A sequence of events within the observed behavior data can be identified and scored using a universal background model that generates first scores that characterize an extent to which each event or history of events is anomalous for a particular population of users. Further, the events are scored using a user model that generates second scores that characterizes an extent to which each event or history of events is anomalous for the particular user who owns the account. The first scores and the second scores are smoothed using a smoothing function. A probability that the active user is the account owner associated with the user model is determined based on the smoothed first scores and the smoothed second scores.Type: GrantFiled: October 30, 2020Date of Patent: January 3, 2023Assignee: Cylance Inc.Inventors: Michael Thomas Wojnowicz, Dinh Huu Nguyen, Alexander Wolfe Kohn
-
Patent number: 11528282Abstract: Each of a plurality of endpoint computer systems monitors data relating to a plurality of events occurring within an operating environment of the corresponding endpoint computer system. The monitoring can include receiving and/or inferring the data using one or more sensors executing on the endpoint computer systems Thereafter, for each endpoint computer system, artifacts used in connection with the events are stored in a vault maintained on such endpoint computer system. A query is later received by at least a subset of the plurality of endpoint computer systems from a server. Such endpoint computer systems, in response, identify and retrieve artifacts within the corresponding vaults response to the query. Results responsive to the query including or characterizing the identified artifacts is then provided by the endpoint computer systems receiving the query to the server.Type: GrantFiled: September 23, 2020Date of Patent: December 13, 2022Assignee: Cylance Inc.Inventors: Homer Valentine Strong, Ryan Permeh, Samuel John Oswald
-
Patent number: 11501120Abstract: An artifact is received and features are extracted therefrom to form a feature vector. Thereafter, a determination is made to alter a malware processing workflow based on a distance of one or more features in the feature vector relative to one or more indicator centroids. Each indicator centroid specifying a threshold distance to trigger an action. Based on such a determination, the malware processing workflow is altered.Type: GrantFiled: February 20, 2020Date of Patent: November 15, 2022Assignee: Cylance Inc.Inventors: Eric Glen Petersen, Michael Alan Hohimer, Jian Luan, Matthew Wolff, Brian Michael Wallace
-
Patent number: 11494490Abstract: A plurality of events associated with each of a plurality of computing nodes that form part of a network topology are monitored. The network topology includes antivirus tools to detect malicious software prior to it accessing one of the computing nodes. Thereafter, it is determined that, using at least one machine learning model, at least one of the events is indicative of malicious activity that has circumvented or bypassed the antivirus tools. Data is then provided that characterizes the determination. Related apparatus, systems, techniques and articles are also described.Type: GrantFiled: May 22, 2020Date of Patent: November 8, 2022Assignee: Cylance Inc.Inventors: Rahul Chander Kashyap, Vadim Dmitriyevich Kotov, Samuel John Oswald, Homer Valentine Strong