Patents Assigned to Symantec
-
Patent number: 10068089Abstract: A computer-implemented method for network security may include (1) obtaining initial information that at least partially identifies an initial access point for connecting to a network, (2) after obtaining the initial information, obtaining subsequent information that at least partially identifies a subsequent access point for connecting to the same network, (3) comparing, by a security program, the initial information and the subsequent information in an attempt to detect whether the initial access point and the subsequent access point are the same, (4) detecting, based on the comparison, an indication that the initial access point and the subsequent access point are different, and (5) performing, by the security program in response to detecting the indication that the initial access point and the subsequent access point are different, a remedial action to protect a user. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: September 25, 2015Date of Patent: September 4, 2018Assignee: Symantec CorporationInventors: Michael Shavell, Matt Boucher, Kevin Jiang
-
Patent number: 10061683Abstract: The disclosed computer-implemented method for collecting error data to troubleshoot product errors may include (1) monitoring Internet searches submitted by a user of a computing device to a search engine executing within a browser installed on the computing device, (2) identifying, while monitoring the Internet searches, a search including a description of an error in a product installed on the computing device, (3) in response to identifying the search, automatically enabling debug logging for the product on the computing device, and (4) maintaining an event log including information collected from the debug logging that may be used to diagnose the error. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: May 10, 2016Date of Patent: August 28, 2018Assignee: Symantec CorporationInventors: Anand Sankruthi, Chengi Kuo
-
Patent number: 10063582Abstract: Securing compromised network devices in a network. In one embodiment, a method may include (a) identifying a Positive Unlabeled (PU) machine learning classifier, (b) selecting labeled positive samples and unlabeled positive and negative samples as a bootstrap subset of training data from a set of training data, (c) training the PU machine learning classifier, (d) repeating (a)-(c) one or more times to create a set of trained PU machine learning classifiers, (e) predicting probabilities that a network device in a network has been compromised using each of the trained PU machine learning classifiers, (f) combining the probabilities predicted at (e) to generate a combined risk score for the network device, (g) repeating (e)-(f) one or more times to create a ranked list of combined risk scores, and (h) performing a security action on one or more of the network devices in the ranked list.Type: GrantFiled: May 31, 2017Date of Patent: August 28, 2018Assignee: SYMANTEC CORPORATIONInventors: Wangyan Feng, Shuning Wu, Yufei Han, Yun Shen
-
Patent number: 10061924Abstract: Trusted executable images are run in a controlled environment, such as a dynamic malware analysis platform. For each trusted executable image, a corresponding baseline import-load signature is generated. This can be done by applying a cryptographic hash function to the specific instructions which resolve imports and/or load libraries, and their operands. Sample programs are run in the controlled environment and tested for maliciousness. Any executable image run by a given sample program in the controlled environment is identified, and an import-load signature of the executable image when run by the sample program is generated. The import-load signature of the executable image when run by the sample program is compared to the corresponding stored baseline import-load signature for the same executable image. The sample program is adjudicated as being benign or malicious based on at least the results of the comparison.Type: GrantFiled: December 31, 2015Date of Patent: August 28, 2018Assignee: Symantec CorporationInventor: Prashant Gupta
-
Patent number: 10061916Abstract: The disclosed computer-implemented method for measuring peer influence on a child may include (i) monitoring computing activity on at least one endpoint device of a child to identify (a) baseline behaviors that indicate expected behavior patterns of the child (b) an unusual behavior of the child that indicates a deviation from the baseline behaviors, (ii) identifying, based at least in part on the monitored computing activity, a peer of the child associated with the unusual behavior, (iii) determining, based at least in part on a comparison between the baseline behaviors and the unusual behavior, a level of influence the peer has on the child, and then (iv) performing a computing security action that prevents the child from engaging in potentially harmful behaviors by providing, to a guardian of the child, the level of influence of the peer. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: November 9, 2016Date of Patent: August 28, 2018Assignee: Symantec CorporationInventors: Kevin Jiang, Keith Newstadt, Lei Gu
-
Patent number: 10055586Abstract: The disclosed computer-implemented method for determining the trustworthiness of files within organizations may include (1) identifying a file on a computing device within multiple computing devices managed by an organization, (2) in response to identifying the file, identifying at least one additional computing device within the multiple computing devices that is potentially associated with the file, (3) distributing at least a portion of the file to a user of the additional computing device with a request to receive an indication of the trustworthiness of the file, and then (4) receiving, from the additional computing device, a response that indicates the trustworthiness of the file. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: June 29, 2015Date of Patent: August 21, 2018Assignee: Symantec CorporationInventors: Kevin Roundy, Sandeep Bhatkar, Christopher Gates, Anand Kashyap, Yin Liu, Aleatha Parker-Wood, Leylya Yumer
-
Patent number: 10057274Abstract: The disclosed computer-implemented method for profiling client systems may include (1) identifying one or more administrative categories used to categorize clients according to system profiles of the clients, (2) collecting attribute information that associates one or more client attributes with the administrative category, (3) generating, based at least in part on the association between the client attribute and the administrative category, an association scoring protocol that estimates an association strength between clients and the administrative category, (4) assigning, based on the association scoring protocol, an association score to one or more clients, (5) determining, based on the association score being above a threshold, that the client should be associated with the administrative category, and (6) initiating one or more customized administrative actions for the client, based at least in part by the association of the client with the administrative category.Type: GrantFiled: March 31, 2016Date of Patent: August 21, 2018Assignee: Symantec CorporationInventors: Kevin Alejandro Roundy, Leylya Bilge, Christopher Gates
-
Patent number: 10050982Abstract: The disclosed computer-implemented method for reverse-engineering malware protocols may include (1) decrypting encrypted network traffic generated by a malware program, (2) identifying at least one message type field in the decrypted network traffic, (3) identifying at least one message in the decrypted network traffic with the identified message type, and (4) inferring at least a portion of a protocol used by the malware program by analyzing the identified message to identify a field type for at least one data field of the identified message of the identified message type. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: May 19, 2016Date of Patent: August 14, 2018Assignee: Symantec CorporationInventors: Ruben Torres Guerra, Gaspar Modelo-Howard, Alok Tongaonkar, Lorenzo De Carli, Somesh Jha
-
Patent number: 10049128Abstract: Various systems, methods, and processes for identifying outliers in a data set stored in a database are disclosed. A subset of data is extracted from a data set. Data descriptors are allocated to the subset of data. A model of the subset of data is created based on attributes of the data descriptors. An iteration of an outlier detection process based on the model is then executed. The outlier detection process evaluates the subset of data, and the outlier detection process evaluates the data set based on the results of the evaluation of the subset of data. The outlier detection process, which can implement and/or use a Random Sample Consensus (RANSAC) algorithm, identifies outliers in the data set stored in the database.Type: GrantFiled: December 31, 2014Date of Patent: August 14, 2018Assignee: Symantec CorporationInventor: Yuting Zhang
-
Patent number: 10049190Abstract: A method and apparatus for using a remote delegate is described. In one embodiment, the method comprising evaluating information that identifies at least one of software packages resident in a client computer or licenses associated with the software packages using a remote delegate and enabling use of a resource at the client computer based on the information through use of the remote delegate.Type: GrantFiled: December 21, 2007Date of Patent: August 14, 2018Assignee: Symantec CorporationInventors: Keith Newstadt, Shaun Cooley, Sourabh Satish, Timothy G. Brown, Brian Hernacki
-
Patent number: 10050987Abstract: Real-time anomaly detection in a network using state transitions. In one embodiment, a method may include identifying a sequence of messages sent between a first network node and a second network node over a network link. The method may further include identifying a sequence of message states for the sequence of messages. The method may also include identifying variable-length candidate patterns in the sequence of message states. The method may further include adding the candidate patterns to a baseline pattern store. The method may also include comparing a real-time sequence of messages to patterns in the baseline pattern store to detect anomalies in the real-time sequence of messages. The method may further include, in response to the detecting of the anomalies, alerting a security action on one or more of the first network node, the second network node, and the network link using the detected anomalies.Type: GrantFiled: March 28, 2017Date of Patent: August 14, 2018Assignee: SYMANTEC CORPORATIONInventors: Varun Mohta, Zhipeng Zhao, Michael Sylvester Pukish
-
Patent number: 10049214Abstract: The disclosed computer-implemented method for detecting malicious processes on computing devices may include (i) identifying a portion of data on a computing device that is stored in an unrestricted section of memory and accessed by processes while running on the computing device, (ii) allocating a restricted section of memory within the computing device and indicating that the portion of data is located in the restricted section of memory, (iii) detecting an attempt by a process running on the computing device to access the portion of data within the restricted section of memory using an unexpected access method, (iv) determining, based at least in part on the process attempting to access the portion of data within the restricted section of memory using the unexpected access method, that the process is malicious, and (v) performing a security action on the computing device to prevent the malicious process from harming the computing device.Type: GrantFiled: September 13, 2016Date of Patent: August 14, 2018Assignee: Symantec CorporationInventor: Peter Ferrie
-
Patent number: 10049204Abstract: Systems and methods for providing multi-factor authentication are discloses herein. A method for multi-factor authentication may include a step for receiving an authentication window request from an electronic device. The authentication window request may be configured to identify a user. The method may further include enabling an authentication window responsive, at least in part, to receipt of the authentication window request. The method may further include receiving a login verification request from an application server. The method may further include providing a response to the application server responsive, at least in part, to receiving the login verification request. The response may indicate whether the user may be selectively authenticated.Type: GrantFiled: March 14, 2013Date of Patent: August 14, 2018Assignee: SYMANTEC CORPORATIONInventor: Roger Casals Andreu
-
Patent number: 10044835Abstract: Systems and methods for optimized polling. An example method may comprise: receiving, over a transport layer connection, a first application layer request comprising a payload; storing, by a processing device, the payload in a memory; forwarding the payload to an application layer; receiving, over the transport layer connection, a second application layer request comprising no payload; and forwarding the payload to the application layer.Type: GrantFiled: December 11, 2013Date of Patent: August 7, 2018Assignee: Symantec CorporationInventors: Michael Shavell, Keith Newstadt
-
Patent number: 10044691Abstract: Decrypting network traffic on a middlebox device using a trusted execution environment (TEE).Type: GrantFiled: February 12, 2018Date of Patent: August 7, 2018Assignee: SYMANTEC CORPORATIONInventors: Yuqiong Sun, Daniel Marino, Susanta K. Nanda, Saurabh Shintre, Brian T. Witten, Ronald A. Frederick, Qing Li
-
Patent number: 10043013Abstract: The disclosed computer-implemented method for detecting gadgets on computing devices may include (i) identifying, on a computing device, a process containing multiple modules, (ii) identifying, within the process, each module that does not implement a security protocol that randomizes, each time the module executes, a memory location of at least one portion of data accessed by the module, (iii) copying each module that does not implement the security protocol to a section of memory dedicated to security analyses, (iv) determining, based on detecting at least one gadget-specific characteristic within at least one copied module, that the process contains a gadget that is capable of being maliciously exploited, and then (v) performing a security action on the computing device to prevent the gadget from being maliciously exploited. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: September 9, 2016Date of Patent: August 7, 2018Assignee: Symantec CorporationInventors: Peter Ferrie, Joseph Chen
-
Patent number: 10044740Abstract: The disclosed computer-implemented method for detecting security anomalies in a public cloud environment using network activity monitoring, application profiling, and self-building host mapping may include (1) collecting host information that identifies (A) at least one communication channel that has previously facilitated communication between at least one host computing platform within a cloud computing environment and at least one additional computing platform and/or (B) at least one application that has previously run on the host computing platform, (2) monitoring network traffic involving the host computing platform, (3) detecting, while monitoring the network traffic, network activity that is inconsistent with the collected host information, and then (4) determining that the detected network activity represents a potential security threat within the cloud computing environment due at least in part to the detected network activity being inconsistent with the collected host information.Type: GrantFiled: September 15, 2015Date of Patent: August 7, 2018Assignee: Symantec CorporationInventors: Shubhabrata Mohanty, Sudha Iyer
-
Patent number: 10037378Abstract: Techniques for classifying and labeling data are disclosed. In one embodiment, the techniques may be realized as a system for classifying and labeling data comprising one or more processors. The one or more processors may be configured to distribute training data across a plurality of hosts. Each of the hosts may be assigned a random subset of the training data, and configured to cluster its own subset independently. The one or more processors may be further configured to label each cluster of the training data. The one or more processors may be further configured to receive new data, associate the new data with a plurality of the clusters of the training data, and assign the new data a label. The label may be chosen from labels of the plurality of the clusters. And the label may have a maximum associative factor of the new data.Type: GrantFiled: December 11, 2015Date of Patent: July 31, 2018Assignee: SYMANTEC CORPORATIONInventors: Anudeep Kumar, Yashodhan Pawar, Himanshu Dubey, Ajitesh Roychowdhury
-
Patent number: 10037425Abstract: Suspicious file prospecting activity is detected based on patterns of file system access. A user's file system access is monitored over a specific time period. A sequence of the file accesses (e.g., represented as path names) made by the user during the time period is recorded. Distances between the recorded file accesses are determined, for example as edit distances. A distance sequence is recorded, comprising a record of the determined distances. The distance sequence is reduced to one or more baseline statistics describing the pattern of the user's access of the file system during the given period of time. At least one subsequent anomaly in the user's access of the file system is detected, by comparing at least one subsequently calculated statistic representing at least one subsequent pattern of the user's file system access to the at least one baseline statistic.Type: GrantFiled: August 26, 2015Date of Patent: July 31, 2018Assignee: Symantec CorporationInventors: Aleatha Parker-Wood, Andrew Gardner
-
Patent number: 10038778Abstract: Locally securing sensitive data stored on a mobile phone. In one embodiment, a computer-implemented method for locally securing sensitive data stored on a mobile phone may be performed, at least in part, by a computing device including at least one processor. The method may include operating a mobile phone in an owner mode. The method may also include locally detecting, by the mobile phone, an insecurity event on the mobile phone. The method may further include, in response to locally detecting the insecurity event on the mobile phone, automatically switching, by the mobile phone, to operating the mobile phone in a guest mode, with the automatic switching to operating the mobile phone in the guest mode resulting in automatically securing sensitive data stored locally on the mobile phone.Type: GrantFiled: March 24, 2017Date of Patent: July 31, 2018Assignee: SYMANTEC CORPORATIONInventors: Debanjan Bhattacharyya, Vipul Sawant