Abstract: A malicious code detection module is presented to identify potentially malicious instructions in a volatile memory of a computing device before the instructions are executed. The malicious code detection module identifies an executable file, including an .exe file, in memory, validates one or more components of the executable file against the same file stored in non-volatile storage, wherein the validation accounts for the unpacking of the executable file, and issues an alert if the validation fails.

Abstract: A chatbot interface is provided for a network security software application. The chatbot interface can receive and act upon text utterances from a user or from a speech-to-text engine in instances where the user provided a voice utterance. The chatbot interface also can automatically perform tasks relating to network security. In one embodiment, the chatbot interface receives a text utterance, performs named entity recognition on the text utterance, performs intent classification to determine the intent of the text utterance, and performs an action based on the determined intent.

Abstract: The present invention analyzes the text of a received file to determine if the file likely is a forensic artifact of a ransomware attack on a computer system. If the computer system concludes that the file is likely an artifact of a ransomware attack, the system terminates or ignores all related processes, thereby minimizing the harm caused to the computer system.

Abstract: A system and a method for analyzing files using visual cues in the presentation of the file is provided. These visual aids may be extracted using a convolutional neural network, classified, and used in conjunction with file metadata to determine if a provided document is likely to be malicious. This methodology may be extended to detect a variety of social engineering-related attacks including phishing sites or malicious emails. A method for analyzing a received file to determine if the received file comprises malicious code begins with generating an image that would be displayed if the received file is opened by the native software program. Then the image is analyzed, and object boundaries data is generated. Metadata is also extracted from the received file. Then, a maliciousness score is generated based on the object boundaries data, the metadata, and a reference dataset.

Abstract: A malicious code detection module identifies potentially malicious instructions in memory of a computing device. The malicious code detection module examines the call stack for each thread running within the operating system of the computing device. Within each call stack, the malicious code detection module identifies the originating module for each stack frame and determines whether the originating module is backed by an image on disk. If an originating module is not backed by an image on disk, the thread containing that originating module is flagged as potentially malicious, execution of the thread optionally is suspended, and an alert is generated for the user or administrator.

Abstract: A malicious code detection module identifies potentially malicious instructions in volatile memory of a computing device before the instructions are executed. The malicious code detection module identifies an executable file, including an .exe file, in memory, validates one or more components of the executable file against the same file stored in non-volatile storage, and issues an alert if the validation fails.

Abstract: The present disclosure relates to a system and method for monitoring system calls to an operating system kernel. A performance monitoring unit is used to monitor system calls and to gather information about each system call. The information is gathered upon interrupting the system call and can include system call type, parameters, and information about the calling thread/process, in order to determine whether the system call was generated by malicious software code. Potentially malicious software code is nullified by a malicious code counter-attack module.

Abstract: A chatbot interface is provided for a network security software application. The chatbot interface can receive and act upon text utterances from a user or from a speech-to-text engine in instances where the user provided a voice utterance. The chatbot interface also can automatically perform tasks relating to network security. In one embodiment, the chatbot interface receives a text utterance, performs named entity recognition on the text utterance, performs intent classification to determine the intent of the text utterance, and performs an action based on the determined intent.

Abstract: A performance monitoring unit in a processor is programmed to issue an interrupt when a context switch occurs within an operating system if the currently executing thread belongs to a process that is subject to the malware prevention mechanism of the present invention. The interrupt enables a module that identifies mispredictions by the branch prediction unit of the processor and analyzes the address of the branch that was not predicted correctly. If the address of the branch is not contained on an existing whitelist of permissible branch addresses, and alert is generated and/or a protective action is taken. Such protective actions may include thread suspension, thread termination, process suspension, or process termination.

Abstract: In one aspect of the embodiments, malicious instructions executed or to be executed by a processor in a computing device are identified and preventive action is taken in response to that detection, thereby preventing harm to the computing device and the user's data by the malicious instructions. In another aspect of the embodiments, a thread context monitor determines which thread are active within an operating system at any given time, which further enhances the ability to determine which thread contains malicious instructions.

Abstract: An improved system and method is disclosed for receiving a spoken or written utterance, identifying and replacing certain words within the utterance with labels to generate a simplified text string representing the utterance, performing intent classification based on the simplified text string, and performing an action based on the intent classification and the original words that were replaced.

Abstract: In one embodiment, a malicious code prevention module identifies potentially malicious instructions in volatile memory of a computing device and replaces them with innocuous instructions. In another embodiment, the malicious code prevention module identifies a potentially malicious thread within an operating system and replaces the first instruction in the thread with a new instruction that terminates the thread. Malicious code prevention module prevents malicious code from inflicting any harm on the computing device and its contents.