Patents Assigned to Trend Micro Incorporated
  • Patent number: 10728268
    Abstract: In one embodiment, local begin and end tags are detected by a network security device to determine a local context of a network traffic flow, and a local feature vector is obtained for that local context. At least one triggering machine learning model is applied by the network security device to the local feature vector, and the result determines whether or not deeper analysis is warranted. In most cases, very substantial resources are not required because deeper analysis is not indicated. If deeper analysis is indicated, one or more deeper machine learning model may then be applied to global and local feature vectors, and regular expressions may be applied to packet data, which may include the triggering data packet and one or more subsequent data packets. Other embodiments, aspects and features are also disclosed.
    Type: Grant
    Filed: April 10, 2018
    Date of Patent: July 28, 2020
    Assignee: Trend Micro Incorporated
    Inventors: Josiah Dede Hagen, Jonathan Edward Andersson, Shoufu Luo, Brandon Niemczyk, Leslie Zsohar, Craig Botkin, Peter Andriukaitis
  • Patent number: 10701031
    Abstract: Examples relate to identifying algorithmically generated domains. In one example, a computing device may: receive a query domain name; split the query domain name into an ordered plurality of portions of the query domain name, the ordered plurality of portions beginning with a first portion and ending with a last portion, the last portion including a top level domain of the query domain name; provide, in reverse order beginning with the last portion, the portions of the query domain name as input to a predictive model that has been trained to determine whether the query domain name is an algorithmically generated domain name, the determination being based on syntactic features of the query domain name; and receive, as output from the predictive model, data indicating whether the query domain name is algorithmically generated.
    Type: Grant
    Filed: November 16, 2017
    Date of Patent: June 30, 2020
    Assignee: Trend Micro Incorporated
    Inventors: Josiah Dede Hagen, Richard Lawshae, Brandon Niemczyk
  • Publication number: 20200186451
    Abstract: Examples relate to organizing and storing network communications. In one example, a programmable hardware processor may: receive a first set of network packets; identify, for each network packet included in the first set, a network flow, each network flow including at least one related packet; store each network packet included in a subset of the first set in a first data storage device; for each network packet included in the subset, organize the network packet according to the network flow identified for the network packet; identify, from the network flows, a set of network flows that each have at least one characteristic of interest; and store, in a second data storage device, each network packet included in each network flow of the set of network flows.
    Type: Application
    Filed: February 18, 2020
    Publication date: June 11, 2020
    Applicant: Trend Micro Incorporated
    Inventors: Wei LU, Leslie ZSOHAR, Edward A. WARTHA, Randal MULLIN, Craig BOTKIN
  • Patent number: 10680959
    Abstract: Examples of implementations relate to metadata extraction. For example, a system of privacy preservation comprises a physical processor that executes machine-readable instructions that cause the system to normalize a network traffic payload with a hardware-based normalization engine controlled by a microcode program; parse the normalized network traffic payload, as the network traffic payload passes through a network, by performing a parsing operation of a portion of the normalized network traffic payload with a hardware-based function engine of a plurality of parallel-distributed hardware-based function engines controlled by the microcode program; and provide the hardware-based function engine with a different portion of the normalized network traffic payload responsive to an indication, communicated through a common status interface, that the different portion of the normalized network traffic payload is needed to complete the parsing operation.
    Type: Grant
    Filed: June 5, 2018
    Date of Patent: June 9, 2020
    Assignee: Trend Micro Incorporated
    Inventors: Leslie Zsohar, Wei Lu, Randal Mullin, Craig Botkin
  • Patent number: 10666676
    Abstract: Targeted email attacks are detected using feature combinations of known abnormal emails, interflow shapes formed by an email with other emails, or both. An email received in an endpoint computer system is scanned to identify abnormal features indicative of a targeted email attack and the abnormal features of the email are checked against abnormal feature combinations. The email can also be scanned to identify an interflow shape formed by the email with other emails and the interflow shape is checked against interflow shapes of known targeted email attacks.
    Type: Grant
    Filed: August 18, 2014
    Date of Patent: May 26, 2020
    Assignee: Trend Micro Incorporated
    Inventors: Ching-Cheng Hsu, Hsun-Jen Hsu, I-Ting Lien, Cheng-Han Lin, Ching-Ming Lin, Yin-Liang Wang, Cheng-Han Wu
  • Patent number: 10635516
    Abstract: Examples relate to intelligent logging in a system. One example enables monitoring a set of critical processes of the system, responsive to a first process parameter of a first critical process exceeding a corresponding first parameter threshold, changing a first process log level associated with the critical process from a first log level to a second log level; and logging information related to the first critical process by: obtaining a second set of information associated with the second log level, wherein the second set of information is different from a first set of information associated with the first log level.
    Type: Grant
    Filed: January 24, 2018
    Date of Patent: April 28, 2020
    Assignee: Trend Micro Incorporated
    Inventor: Mahesh Dinkar Jade
  • Patent number: 10623440
    Abstract: The present disclosure provided a method and system for protecting web applications against web attacks comprising a cloud service for generating rules and receiving reports, an agent manager in communication with the cloud service receiving rules from the cloud service and passing reports thereto, and an in-application agent in communication with the agent manager for receiving rules therefrom and passing reports thereto for protecting an application in which the in-application agent is embedded.
    Type: Grant
    Filed: February 20, 2018
    Date of Patent: April 14, 2020
    Assignee: Trend Micro Incorporated
    Inventor: Ahmad Zaid Al Hamami
  • Patent number: 10616094
    Abstract: Example embodiments relate to redirecting data packets. The examples disclosed herein receive a first packet from a first device. The first packet is qualified as a flow control packet. In response to the first packet being qualified as a flow control packet, examples herein then redirect the first packet from being delivered to a second device to being delivered to a third device.
    Type: Grant
    Filed: April 10, 2018
    Date of Patent: April 7, 2020
    Assignee: Trend Micro Incorporated
    Inventor: Piers E. Hendrie
  • Patent number: 10608902
    Abstract: Examples relate to organizing and storing network communications. In one example, a programmable hardware processor may: receive a first set of network packets; identify, for each network packet included in the first set, a network flow, each network flow including at least one related packet; store each network packet included in a subset of the first set in a first data storage device; for each network packet included in the subset, organize the network packet according to the network flow identified for the network packet; identify, from the network flows, a set of network flows that each have at least one characteristic of interest; and store, in a second data storage device, each network packet included in each network flow of the set of network flows.
    Type: Grant
    Filed: October 10, 2017
    Date of Patent: March 31, 2020
    Assignee: Trend Micro Incorporated
    Inventors: Wei Lu, Leslie Zsohar, Edward A. Wartha, Randal Mullin, Craig Botkin
  • Publication number: 20200042696
    Abstract: A method for determining which web page among multiple candidate web pages is similar to a given web page. For each candidate web page, a set of scoring rules is provided to score the components therein. When the given web page is compared against a candidate web page, each component that is found in both the given web page and the candidate web page under examination is given a score in accordance with the set of scoring rules that is specific to that web page under examination. A composite similarity score is computed for each comparison between the given webpage and a candidate web page. If the composite similarity score exceeds a predefined threshold value for a comparison between the given webpage and a candidate web page, that candidate web page is deemed the web page that is similar.
    Type: Application
    Filed: August 22, 2019
    Publication date: February 6, 2020
    Applicant: Trend Micro Incorporated
    Inventors: Chao-Yu CHEN, Peng-Shih PU, Yu-Fang TSAI
  • Publication number: 20200045067
    Abstract: A computer-implemented method for detecting a phishing attempt by a given website is provided. The method includes receiving a webpage from the given website, which includes computer-readable code for the webpage. The method also includes ascertaining hyperlink references in the computer-readable code. Each hyperlink reference refers to at least a component of another webpage. The method further includes performing linking relationship analysis on at least a subset of websites identified to be referenced by the hyperlink references, which includes determining whether a first website is in a bi- directional/uni-directional linking relationship with the given website. The first website is one of the subset of websites. The method yet also includes, if the first website is in the bi-directional linking relationship, designating the given website a non-phishing website.
    Type: Application
    Filed: August 20, 2019
    Publication date: February 6, 2020
    Applicant: Trend Micro Incorporated
    Inventors: Ming-Tai Allen CHANG, Yu-Fang Eddie TSAI
  • Patent number: 10554691
    Abstract: A security system for a network maintains security policies that each includes a risk level. The security system maintains groups, with each group being associated with a security policy. Assets of the network are assigned to groups according to the risk assessments of the assets. Security policy associated with a group is enforced against network traffic of an asset when the asset is assigned to the group.
    Type: Grant
    Filed: December 22, 2016
    Date of Patent: February 4, 2020
    Assignee: Trend Micro Incorporated
    Inventors: Russell Meyers, Scott Rivers, Matthew Laswell
  • Publication number: 20200036752
    Abstract: A computer-implemented method for generating a first set of longest common sequences from a plurality of known malicious webpages, the first set of longest common sequences representing input data from which a human generates a set of regular expressions for detecting phishing webpages. There is included obtaining HTML source strings from the plurality of known malicious webpages and transforming the HTML source strings to reduce the number of at least one of stop words and repeated tags, thereby obtaining a set of transformed source strings. There is further included performing string alignment on the set of transformed source strings, thereby obtaining at least a scoring matrix. There is additionally included obtaining a second set of longest common sequences responsive to the performing the string alignment. There is further included filtering the second set of longest common sequences, thereby obtaining the first set of longest common sequences.
    Type: Application
    Filed: August 20, 2019
    Publication date: January 30, 2020
    Applicant: Trend Micro Incorporated
    Inventors: Chih-Sheng CHEN, Yi-Chan HUNG, Shr-An SU
  • Publication number: 20200026969
    Abstract: A method for designating a given image as similar/dissimilar with respect to a reference image is provided. The method includes normalizing the image. Normalizing includes performing pre-processing and a lossy compression on the given image to obtain a lossy representation. The pre-processing includes at least one of cropping, fundamental extracting, gray scale converting and lower color bit converting. The method also includes comparing the lossy representation of the given image with a reference representation, which is a version of a reference spam image after the reference spam image has undergone a similar normalizing process as normalizing. The method further includes, if the lossy representation of the given image matches the reference representation, designating the given image similar to the reference image. The method yet also includes, if the lossy representation of the given image does not match the reference representation, designating the given image dissimilar to the reference image.
    Type: Application
    Filed: August 8, 2019
    Publication date: January 23, 2020
    Applicant: Trend Micro Incorporated
    Inventors: Jonathan James OLIVER, Yun-Chian CHANG
  • Patent number: 10528737
    Abstract: Examples relate to randomized heap allocation. One example enables creating a set of heaps for an application; allocating an array for the application, wherein the application comprises a set of object types, the array comprises a set of elements, and each element of the array is associated with a unique object type of the set of object types; and initializing the array by: iterating over the array to associate each element of the array with a randomly chosen heap of the set of heaps.
    Type: Grant
    Filed: December 7, 2017
    Date of Patent: January 7, 2020
    Assignee: Trend Micro Incorporated
    Inventors: Simon Zuckerbraun, Abdul Aziz Hariri, Brian Thomas Gorenc
  • Patent number: 10530788
    Abstract: A detection module monitors, at a network layer, the network traffic between a client computer and a server computer. The detection module extracts application layer data from the network traffic and decodes the application layer data to identify a remote file operation that targets a shared file stored in the server computer. The detection module evaluates the remote file operation to determine if it is a malicious remote file operation. The detection module deems the remote file operation to be malicious when the remote file operation will corrupt the shared file.
    Type: Grant
    Filed: November 1, 2017
    Date of Patent: January 7, 2020
    Assignee: Trend Micro Incorporated
    Inventors: Pawan Kinger, Nelson William Gamazo Sanchez
  • Patent number: 10528732
    Abstract: Examples relate to identifying a signature for a data set. In one example, a computing device may: receive a data set that includes a plurality of data units; iteratively determine a measure of complexity for windows of data units included in the data set, each window including a distinct portion of the plurality of data units; identify, based on the iterative determinations, a most complex window of data units for the data set; and identify the most complex window as a data unit signature for the data set.
    Type: Grant
    Filed: May 24, 2018
    Date of Patent: January 7, 2020
    Assignee: Trend Micro Incorporated
    Inventors: Josiah Dede Hagen, Jonathan Edward Andersson
  • Patent number: 10521588
    Abstract: A sample program being evaluated for malware is scanned for presence of a critical code block. A path guide is generated for the sample program, with the path guide containing information on executing the sample program so that an execution path that leads to the critical code block is taken at runtime of the sample program. The path guide is applied to the sample program during dynamic analysis of the sample program so that behavior of the sample program during execution to the critical code block can be observed. This advantageously allows for detection of malicious samples, allowing for a response action to be taken against them.
    Type: Grant
    Filed: August 30, 2017
    Date of Patent: December 31, 2019
    Assignee: Trend Micro Incorporated
    Inventors: Qiang Huang, Hu Cao, Jun Wu
  • Patent number: 10460108
    Abstract: The present disclosure provides an automated technique to detect and rectify input-dependent evasion code in a generic manner during runtime. Pattern-based detection is used to detect the evasion code and trigger an identification process. The identification process marks the evasion code and rectifies the execution flow to a more “significant” path. The execution then moves on by following this path to bypass the evasion code. Other embodiments, aspects and features are also disclosed.
    Type: Grant
    Filed: August 16, 2017
    Date of Patent: October 29, 2019
    Assignee: Trend Micro Incorporated
    Inventors: Qiang Huang, Ben Huang, Kai Yu
  • Publication number: 20190327273
    Abstract: Adaptive network security policies can be selected by assigning a number of risk values to security intelligence associated with network traffic, and identifying a number of security policies to implement based on the risk values.
    Type: Application
    Filed: July 2, 2019
    Publication date: October 24, 2019
    Applicant: Trend Micro Incorporated
    Inventors: Harry A. BRYSON, Malcolm DODDS, Wei LU, Julian PALMER