Patents Assigned to Trend Micro Incorporated
  • Patent number: 11449794
    Abstract: Language-based machine learning approach for automatically detecting universal charset and the language of a received document is disclosed. The language-based machine learning approach employs a plurality of text document samples in different languages, after converting them to a selected Unicode style (if their original encoding schemes are not the selected Unicode), to generate a plurality of language-based machine learning models during the training stage. During the application stage, vector representations of the received document for different combinations of charsets and their respective applicable languages are tested against the plurality of machine learning models to ascertain the charset and language combination that is most similar to its associated machine learning model, thereby identifying the charset and language of the received document.
    Type: Grant
    Filed: August 21, 2019
    Date of Patent: September 20, 2022
    Assignee: Trend Micro Incorporated
    Inventor: Lili Diao
  • Patent number: 11440190
    Abstract: An automation task program is inspected for unsecure data flow. The task program is parsed to generate a parse tree, which is visited to generate control flow graphs of functions of the task program. The control flow graphs have nodes, which have domain-agnostic intermediate representations. The control flow graphs are connected to form an intermediate control flow graph. The task program is deemed to have an unsecure data flow when data is detected to flow from a data source to a data sink, with the data source and the data sink forming a source-sink pair that is indicative of an unsecure data flow.
    Type: Grant
    Filed: March 18, 2020
    Date of Patent: September 13, 2022
    Assignee: TREND MICRO INCORPORATED
    Inventors: Federico Maggi, Marcello Pogliani, Davide Quarta, Martino Vittone, Stefano Zanero
  • Patent number: 11379578
    Abstract: Systems and methods are presented for performing sandboxing to detect malware. Sample files are received and activated individually in separate sandboxes in one mode of operation. In another mode of operation, sample files are assigned to pools. Sample files of a pool are activated together in the same sandbox. The sample files of the pool are deemed to be normal when no anomalous event is detected in the sandbox. Otherwise, when an anomalous event is detected in the sandbox, the sample files of the pool are activated separately in separate sandboxes to isolate and identify malware among the sample files.
    Type: Grant
    Filed: October 16, 2020
    Date of Patent: July 5, 2022
    Assignee: TREND MICRO INCORPORATED
    Inventors: Jun Qu, Zhichao Ding, Renkui Tao
  • Patent number: 11354433
    Abstract: Taint is dynamically tracked on a mobile device. Taint virtual instructions are added to virtual instructions of a control-flow graph (CFG). A taint virtual instruction has a taint operand that corresponds to an operand of a virtual instruction and has a taint output that corresponds to an output of the virtual instruction in a block of the CFG. Registers are allocated for the taint virtual instruction and the virtual instructions. After register allocation, the taint virtual instruction and the virtual instructions are converted to native code, which is executed to track taint on the mobile device.
    Type: Grant
    Filed: March 25, 2019
    Date of Patent: June 7, 2022
    Assignee: Trend Micro Incorporated
    Inventors: Liang Sun, Xingxing Sun, Hua Ye
  • Patent number: 11356853
    Abstract: A mobile app is in a form of a package file. A structural feature digest is generated from contents of a manifest part, bytecode part, and resource part of the package file. A mobile device receives an unknown mobile app, generates a structural feature digest of the unknown mobile app, and sends the structural feature digests to a backend system over a computer network. In the backend system, the structural feature digest of the unknown mobile app is compared to structural feature digests of known malicious mobile apps. The unknown mobile app is detected to be malicious when its structural feature digest is similar to that of a known malicious mobile app.
    Type: Grant
    Filed: September 22, 2020
    Date of Patent: June 7, 2022
    Assignee: TREND MICRO INCORPORATED
    Inventors: Longping Wu, Hua Ye, Bin Yin, Zhihua Zhou, Zhengbao Zhang
  • Patent number: 11349926
    Abstract: A system includes Internet of things (IOT) devices that are paired with corresponding edge computers. Smart contracts are generated for edge computers, and deployed in a blockchain. Upon receipt of a message, a smart contract compares a sender of the message to a designated owner of the smart contract. The smart contract has a privilege checker that allows a message from the owner of the smart contract to initiate execution of a function that modifies a variable of the smart contract, but prevents messages from non-owners from initiating execution of the function.
    Type: Grant
    Filed: April 2, 2019
    Date of Patent: May 31, 2022
    Assignee: Trend Micro Incorporated
    Inventors: Tai-An Wang, Liang-Chih Chen, Yu-Shu Chen, Ting-Yin Yen
  • Patent number: 11316894
    Abstract: A system for detecting leakage of email addresses generates an alias email address that will be used by a user to register with a web service. The alias email address is an alias for a primary email address of the user, and is paired with the web service. The web service is included in a whitelist upon confirmation from the web service that the alias email address has been registered with the web service. Emails that are addressed to the alias email address and from the web service are forwarded to the primary email address. Emails that are addressed to the alias email address but is not from the web service are detected to be suspicious.
    Type: Grant
    Filed: September 3, 2019
    Date of Patent: April 26, 2022
    Assignee: Trend Micro Incorporated
    Inventors: Tomoyuki Shiga, Machika Mase, Hiroshi Hasegawa
  • Patent number: 11310285
    Abstract: Adaptive network security policies can be selected by assigning a number of risk values to security intelligence associated with network traffic, and identifying a number of security policies to implement based on the risk values.
    Type: Grant
    Filed: July 2, 2019
    Date of Patent: April 19, 2022
    Assignee: Trend Micro Incorporated
    Inventors: Harry A. Bryson, Malcolm Dodds, Wei Lu, Julian Palmer
  • Patent number: 11310142
    Abstract: Network attacks are detected by a protocol engine that works in conjunction with one or more streaming protocol analyzers. The protocol engine receives network packets over a computer network and generates metadata of the network packets. The metadata are placed in a transport envelope, which is streamed over the computer network. The transport envelope is received over the computer network. After receiving the transport envelope over the computer network, the metadata are extracted from the transport envelope and provided to the one or more streaming protocol analyzers, which analyze the metadata to detect network attacks.
    Type: Grant
    Filed: April 23, 2021
    Date of Patent: April 19, 2022
    Assignee: Trend Micro Incorporated
    Inventors: Kevin G. Boyce, Troy W. Tuttle
  • Patent number: 11308403
    Abstract: Critical network assets of a private computer are automatically identified by training a machine learning model with histograms of features obtained by aggregating data of log entries. The model is deployed in a private computer network and retrained using training data set of the private computer network. Data from log entries of a target network asset are aggregated, numerically transformed, and converted into features histograms. The features histograms are concatenated into a single file, which is provided to the machine learning model for prediction. The machine learning model outputs a prediction score that gives an indication of whether or not the target network asset is critical.
    Type: Grant
    Filed: May 4, 2017
    Date of Patent: April 19, 2022
    Assignee: Trend Micro Incorporated
    Inventors: Ping-I Chou, Yen-Shuo Huang
  • Patent number: 11296868
    Abstract: A cyber threat intelligence of a cyber threat includes a threat chain that describes objects involved in the cyber threat and relationships between the objects. A related object hash of an object is calculated by calculating a hash of one or more objects that are linked to the object as indicated in the cyber threat intelligence. A related object sequence hash of the threat chain is generated by calculating a total of the related object hashes. The related object sequence hash of the threat chain is compared to a related object sequence hash of another threat chain to detect cyber threats.
    Type: Grant
    Filed: September 17, 2019
    Date of Patent: April 5, 2022
    Assignee: Trend Micro Incorporated
    Inventor: Ardin Christopher C. Maglalang
  • Patent number: 11288594
    Abstract: In one example in accordance with the present disclosure, a method for domain classification includes sorting a set of sample domains into leaves based on syntactical features of the domains. Each sample domain belongs to a family of domains. The method also includes identifying, for each leaf, a regular expression for each family with at least one domain in the leaf. The method also includes determining, for each leaf, at least one lobe with a set of domains in the leaf that matches the regular expression for a first family with at least one domain in the leaf, and that does not match the regular expression for the other families with at least one domain in the leaf. The method also includes creating a classifier for the domains in each lobe by using the set of domains from each family in the lobe as training classes for machine learning.
    Type: Grant
    Filed: February 8, 2018
    Date of Patent: March 29, 2022
    Assignee: Trend Micro Incorporated
    Inventors: Josiah Dede Hagen, Prasad V. Rao, Miranda Jane Felicity Mowbray
  • Patent number: 11270000
    Abstract: A cybersecurity server receives an executable file that has bytecode and metadata of the bytecode. Strings are extracted from the metadata, sorted, and merged into data streams. The data streams are merged to form a combined data stream. A digest of the combined data stream is calculated using a fuzzy hashing algorithm. The similarity of the digest to another digest is determined to detect whether or not the executable file is malware or a member of a malware family.
    Type: Grant
    Filed: November 7, 2019
    Date of Patent: March 8, 2022
    Assignee: Trend Micro Incorporated
    Inventors: Chia-Ming Chiang, Po-Han Hao, Kuo-Cheng Wang
  • Patent number: 11263500
    Abstract: A method for designating a given image as similar/dissimilar with respect to a reference image is provided. The method includes normalizing the image. Normalizing includes performing pre-processing and a lossy compression on the given image to obtain a lossy representation. The pre-processing includes at least one of cropping, fundamental extracting, gray scale converting and lower color bit converting. The method also includes comparing the lossy representation of the given image with a reference representation, which is a version of a reference spam image after the reference spam image has undergone a similar normalizing process as normalizing. The method further includes, if the lossy representation of the given image matches the reference representation, designating the given image similar to the reference image. The method yet also includes, if the lossy representation of the given image does not match the reference representation, designating the given image dissimilar to the reference image.
    Type: Grant
    Filed: August 8, 2019
    Date of Patent: March 1, 2022
    Assignee: Trend Micro Incorporated
    Inventors: Jonathan James Oliver, Yun-Chian Chang
  • Patent number: 11258601
    Abstract: One embodiment disclosed relates to a system for digital data distribution with decentralized key management. The system utilizes a data provider, a data demander, cloud storage, a blockchain, and a smart contract registered with the blockchain. The data provider encrypts the digital data using a session key and puts the encrypted digital data to the cloud storage, which returns a URL for the stored digital data. In addition, the session key is itself encrypted using the public key of the data demander. The access data at the smart contract is updated with the encrypted session key and the URL. The data demander uses its own private key to decrypt the session key and then uses the session key to decrypt the digital data. Other embodiments and features are also disclosed.
    Type: Grant
    Filed: June 4, 2019
    Date of Patent: February 22, 2022
    Assignee: Trend Micro Incorporated
    Inventors: Tai-An Wang, Liang-Chih Chen, Ting-Yin Yen, Yu-Shu Chen
  • Patent number: 11258825
    Abstract: A cybersecurity system includes sensors that detect and report computer security events. Collected reports of computer security events are formed into state sequences, which are used as training data to train and build a prediction model. A current computer security event is detected and used as an input to the prediction model, which provides a prediction of a next computer security event. A monitoring level of a cybersecurity sensor is adjusted in accordance with the predicted next computer security event.
    Type: Grant
    Filed: July 18, 2019
    Date of Patent: February 22, 2022
    Assignee: Trend Micro Incorporated
    Inventors: Chin-En Yang, Wen-Kwang Tsao, Yi-De Wu, Yu-Hsuan Chou, Jaime Yaneza, Jr.
  • Patent number: 11184191
    Abstract: A network security device has a local area network (LAN) interface and a wide area network (WAN) interface, with a capability to route packets of a network connection along a fast path that bypasses a network stack of an operating system of the network security device. A packet of a network connection that is received at the LAN interface is routed to a virtual network interface. A packet inspector reads the packet from the virtual network interface, inspects the packet, and writes the packet back to the virtual network interface after inspection. The packet is routed from the virtual network interface to the WAN interface, and exits the WAN interface towards the destination network address of the packet. After inspecting one or more packets of the network connection, subsequently received packets of the network connection are routed along the fast path.
    Type: Grant
    Filed: October 9, 2019
    Date of Patent: November 23, 2021
    Assignee: Trend Micro Incorporated
    Inventors: Salim SreeNarayanapillai Indiradevi, Ryan Pan
  • Patent number: 11182481
    Abstract: A system for evaluating files for cyber threats includes a machine learning model and a locality sensitive hash (LSH) repository. When the machine learning model classifies a target file as normal, the system searches the LSH repository for a malicious locality sensitive hash that is similar to a target locality sensitive hash of the target file. When the machine learning model classifies the target file as malicious, the system checks if response actions are enabled for the target file. The system reevaluates files that have been declared as normal, and updates the LSH repository in the event of false negatives. The system disables response actions for files that have been reported as false positives.
    Type: Grant
    Filed: July 31, 2019
    Date of Patent: November 23, 2021
    Assignee: Trend Micro Incorporated
    Inventors: Jonathan James Oliver, Chia-Yen Chang, Wen-Kwang Tsao, Li-Hsin Hsu
  • Patent number: 11157620
    Abstract: A cybersecurity server receives an executable file to be classified. A call graph of the executable file is generated. Functions of the executable file are represented as vertices in the call graph, and a vertex value is generated for each vertex. The vertex values are arranged in traversal order of the call graph to generate a call graph pattern. A digest of the call graph pattern is calculated and compared to one or more malicious digests.
    Type: Grant
    Filed: January 21, 2020
    Date of Patent: October 26, 2021
    Assignee: Trend Micro Incorporated
    Inventors: Chia-Ching Fang, Shih-Hao Weng
  • Patent number: 11151250
    Abstract: A global locality sensitive hash (LSH) database stores global locality sensitive hashes of files of different private computer networks. Each of the private computer networks has a corresponding local LSH database that stores local locality sensitive hashes of files of the private computer network. A target locality sensitive hash is generated for a target file of a private computer network. The global and local LSH databases are searched for a locality sensitive hash that is similar to the target locality sensitive hash. The target file is marked for further evaluation for malware or other cybersecurity threats when the target locality sensitive hash is not similar to any of the global and local locality sensitive hashes.
    Type: Grant
    Filed: June 21, 2019
    Date of Patent: October 19, 2021
    Assignee: Trend Micro Incorporated
    Inventors: Chia-Yen Chang, Wen-Kwang Tsao