Patents Assigned to Trend Micro Incorporated
-
Patent number: 10999322Abstract: The presently-disclosed solution provides an innovative system and method to protect a computer user from a phishing attack. Computer vision is effectively applied to match identifiable key information in suspect content against a database of identifiable key information of legitimate content. In one embodiment, the presently-disclosed solution converts suspect content to a digital image format and searches a database of logos and/or banners to identify a matching logo/banner image. Once the matching logo/banner image is found, the legitimate domain(s) associated with the matching logo/banner image is (are) determined. In addition, the presently-disclosed solution extracts all the URLs (universal resource links) directly from the textual data of the suspect content and further extracts the suspect domain(s) from those URLs. The suspect domain(s) is (are) then compared against the legitimate domain(s) to detect whether the suspect content is phishing content or not.Type: GrantFiled: December 13, 2017Date of Patent: May 4, 2021Assignee: Trend Micro IncorporatedInventors: Quan Yuan, Jing Cao, Bo Liu
-
Patent number: 10965600Abstract: Examples of implementations relate to metadata extraction. For example, a system of privacy preservation comprises a physical processor that executes machine-readable instructions that cause the system to normalize a network traffic payload with a hardware-based normalization engine controlled by a microcode program; parse the normalized network traffic payload, as the network traffic payload passes through a network, by performing a parsing operation of a portion of the normalized network traffic payload with a hardware-based function engine of a plurality of parallel-distributed hardware-based function engines controlled by the microcode program; and provide the hardware-based function engine with a different portion of the normalized network traffic payload responsive to an indication, communicated through a common status interface, that the different portion of the normalized network traffic payload is needed to complete the parsing operation.Type: GrantFiled: April 29, 2020Date of Patent: March 30, 2021Assignee: Trend Micro IncorporatedInventors: Leslie Zsohar, Wei Lu, Randal Mullin, Craig Botkin
-
Patent number: 10965560Abstract: Examples relate to organizing and storing network communications. In one example, a programmable hardware processor may: receive a first set of network packets; identify, for each network packet included in the first set, a network flow, each network flow including at least one related packet; store each network packet included in a subset of the first set in a first data storage device; for each network packet included in the subset, organize the network packet according to the network flow identified for the network packet; identify, from the network flows, a set of network flows that each have at least one characteristic of interest; and store, in a second data storage device, each network packet included in each network flow of the set of network flows.Type: GrantFiled: February 18, 2020Date of Patent: March 30, 2021Assignee: Trend Micro IncorporatedInventors: Wei Lu, Leslie Zsohar, Edward A. Wartha, Randal Mullin, Craig Botkin
-
Patent number: 10951583Abstract: Apparatus and methods for controlling access by a browser to one or more Internet servers are disclosed. Access control is performed by ascertaining an IP address of an internet server that the user is trying to access and performing lookup of the IP address in an IP address rating database. If the lookup reveals that the IP address to be suspicious and data received from the internet server is encrypted, block the access to the internet server. Alternatively, if the lookup reveals the IP address to be suspicious, block the access to the first internet server by the browser without first performing content analysis on the data from the internet server.Type: GrantFiled: August 22, 2019Date of Patent: March 16, 2021Assignee: Trend Micro IncorporatedInventors: Bharath Kumar Chandrasekhar, Narasimham Kodukula
-
Patent number: 10951636Abstract: A computer-implemented method for detecting a phishing attempt by a given website is provided. The method includes receiving a webpage from the given website, which includes computer-readable code for the webpage. The method also includes ascertaining hyperlink references in the computer-readable code. Each hyperlink reference refers to at least a component of another webpage. The method further includes performing linking relationship analysis on at least a subset of websites identified to be referenced by the hyperlink references, which includes determining whether a first website is in a bi-directional/uni-directional linking relationship with the given website. The first website is one of the subset of websites. The method yet also includes, if the first website is in the bi-directional linking relationship, designating the given website a non-phishing website.Type: GrantFiled: August 20, 2019Date of Patent: March 16, 2021Assignee: Trend Micro IncorporatedInventors: Ming-Tai Allen Chang, Yu-Fang Eddie Tsai
-
Publication number: 20210064747Abstract: A cybersecurity server receives an executable file to be classified. A call graph of the executable file is generated. Functions of the executable file are represented as vertices in the call graph, and a vertex value is generated for each vertex. The vertex values are arranged in traversal order of the call graph to generate a call graph pattern. A digest of the call graph pattern is calculated and compared to one or more malicious digests.Type: ApplicationFiled: January 21, 2020Publication date: March 4, 2021Applicant: Trend Micro IncorporatedInventors: Chia-Ching Fang, Shih-Hao Weng
-
Patent number: 10938846Abstract: A server hosted by a server computer is protected against anomalous logons. A working time profile is generated from an access log that has a record of logons to the server. Counts of access events per time period (e.g., per hour) are parsed from the access log, and processed using statistical procedures to find candidate working hours. A working time range includes candidate working hours. An account logging on the server is detected. The logon by the account is deemed to be anomalous when the logon is at a time outside the candidate working hours.Type: GrantFiled: November 20, 2018Date of Patent: March 2, 2021Assignee: Trend Micro IncorporatedInventors: Chih-Hsun Hsiao, Yin-Tzu Lin, Yen-Ying Lee
-
Patent number: 10922386Abstract: The present disclosure provides effective solutions to security inspection and monitoring of operations within security containers. The solutions overcome the challenges and difficulties caused by the isolation of the containers. One embodiment relates a computer-implemented method in which a security agent is migrated between one or more containers and the host machine by changing its namespace. Another embodiment relates to a computer-implemented method for user-mode object monitoring of one or more containers in which a security agent migrates serially to multiple containers while keeping user-mode object-monitoring handles for the containers. Thereafter, the security agent may migrate into the host machine and continue monitoring events within the containers using the user-mode object-monitoring handles. Another embodiment relates to a host machine which includes a master agent that communicates with multiple security agents holding user-mode object-monitoring handles for corresponding containers.Type: GrantFiled: January 15, 2018Date of Patent: February 16, 2021Assignee: Trend Micro IncorporatedInventors: Ching-Yi Li, You-Hsin Yang, Nai-Yu Chuang
-
Patent number: 10878088Abstract: Examples relate to identifying randomly generated character strings. In one example, a computing device may: receive a character string that includes two or more characters; identify a number of character transitions included in the character string, each character transition being a change in character type within an n-gram of the character string, where n is a positive integer; and determine, based on the number of character transitions, whether the character string was randomly generated.Type: GrantFiled: February 7, 2018Date of Patent: December 29, 2020Assignee: Trend Micro IncorporatedInventors: Richard Andrew Lawshae, Josiah Dede Hagen, Mathew Robert Powell, Elvis Collado, Jonathan Edward Andersson, Stephen David Povolny
-
Patent number: 10848455Abstract: Abusive user accounts in a social network are identified from social network data. The social network data are processed to compare postings of the user accounts to identify a group of abusive user accounts. User accounts in the group of abusive user accounts are identified based on posted message content, images included in the messages, and/or posting times. Abusive user accounts can be canceled, suspended, or rate-limited.Type: GrantFiled: September 27, 2018Date of Patent: November 24, 2020Assignee: Trend Micro IncorporatedInventors: Jennifer Rihn, Jonathan James Oliver
-
Patent number: 10834127Abstract: An email attempting to perpetrate a business email compromise (BEC) attack is detected based on similarity of the email to a known BEC email and on similarity of the email to a user email that would have been sent by the purported sender of the email. Metadata of the email is extracted and input to a BEC machine learning model to find the known BEC email among BEC email samples. The extracted metadata are also input to a personal user machine learning model of the purported sender to generate the user email.Type: GrantFiled: April 24, 2018Date of Patent: November 10, 2020Assignee: Trend Micro IncorporatedInventors: Che-Fu Yeh, I-Ting Lien, Ming-Lun Li, Shih-Yu Chou, Po-Yuan Teng, Yuan Jiun Tsui, Cheng-Hsin Hsu, Wen-Kwang Tsao, Shih-Han Hsu, Pei-Yin Wu, Jonathan James Oliver
-
Patent number: 10809915Abstract: A server computer runs several remote mobile operating systems. A remote mobile app running on one of the remote mobile operating systems generates a user interface that includes an input field for receiving a credential. The user interface is displayed on a touchscreen of a mobile device that is in communication with the server computer. A touchscreen keyboard with an autofill button is displayed on the touchscreen. When a user of the mobile device clicks on the autofill button, the credential of the user is retrieved and sent from the mobile device to the server computer, where the credential is entered into the input field.Type: GrantFiled: February 15, 2019Date of Patent: October 20, 2020Assignee: Trend Micro IncorporatedInventors: Xinxin Fang, Junwen Sun, Chengyu Fang
-
Patent number: 10805320Abstract: Encrypted network traffic between a server device and an application program running on a client device is monitored by a network security device in an enterprise computer network. Metadata of the application program is sent to a cloud security system to generate a reputation of the application program. The encrypted network traffic is decrypted and inspected for conformance with security policies when the application program is determined to be a browser application. When the application program is determined to be a non-browser application, the reputation of the application program is determined and the encrypted network traffic is blocked when the application program has a bad reputation. In a bypass mode of operation, the encrypted network traffic is allowed to pass through without inspection when the application program is determined to be a non-browser application.Type: GrantFiled: June 15, 2018Date of Patent: October 13, 2020Assignee: Trend Micro IncorporatedInventors: Kelong Wang, Jian Sun, Zheng Wang
-
Patent number: 10805275Abstract: A method in an internet server for implementing internet service, the method including exclusively binding a first socket handle object of a first process with a first port. The method also includes generating a first child process from the first process and creating a first duplicate socket handle of the first socket handle object in a first file, the first file being associated with an id of the first child process. The method further includes forming, using the first child process, a first child socket handle object from the first duplicate socket handle in the first file, thereby causing the first child socket handle object to be associated with the first port.Type: GrantFiled: August 21, 2019Date of Patent: October 13, 2020Assignee: Trend Micro IncorporatedInventor: Hua-Lung Richard Huang
-
Patent number: 10757029Abstract: According to an example, network traffic pattern based identification may include analyzing each packet of a plurality of packets that are outgoing from and/or incoming to an entity to respectively determine features within a sequence of outgoing packets and/or a sequence of incoming packets of the plurality of packets. Network traffic pattern based identification may further include analyzing the determined features by respectively using an outgoing packet classification model and/or an incoming packet classification model, and classifying, based on the analysis of the features.Type: GrantFiled: January 12, 2018Date of Patent: August 25, 2020Assignee: Trend Micro IncorporatedInventors: Vaibhav Chhabra, Josiah Dede Hagen, Brandon Niemczyk
-
Patent number: 10754951Abstract: Executable files are evaluated for malware in one or more lightweight executors, such as lightweight executor processes. An executable file is loaded and executed in a lightweight executor. Instructions in an execution path of the executable file are executed. Instructions in another execution path of the executable file are executed in another lightweight executor when a conditional branch instruction in an execution path has a suspicious condition. A fake kernel that mimics a real operating system kernel receives system calls, and responds to the system calls without servicing them in a way the real operating system kernel would. Runtime behavior of the executable file is observed for malware behavior. A response action, such as preventing the executable file from subsequently executing in a computer, is performed when the executable file is detected to be malware.Type: GrantFiled: June 15, 2018Date of Patent: August 25, 2020Assignee: Trend Micro IncorporatedInventors: Jie Tang, Weimin Wu, Kai Yu, Chengguo Zhang
-
Publication number: 20200264752Abstract: A server computer runs several remote mobile operating systems. A remote mobile app running on one of the remote mobile operating systems generates a user interface that includes an input field for receiving a credential. The user interface is displayed on a touchscreen of a mobile device that is in communication with the server computer. A touchscreen keyboard with an autofill button is displayed on the touchscreen. When a user of the mobile device clicks on the autofill button, the credential of the user is retrieved and sent from the mobile device to the server computer, where the credential is entered into the input field.Type: ApplicationFiled: February 15, 2019Publication date: August 20, 2020Applicant: Trend Micro IncorporatedInventors: Xinxin FANG, Junwen Sun, Chengyu Fang
-
Publication number: 20200259751Abstract: Examples of implementations relate to metadata extraction. For example, a system of privacy preservation comprises a physical processor that executes machine-readable instructions that cause the system to normalize a network traffic payload with a hardware-based normalization engine controlled by a microcode program; parse the normalized network traffic payload, as the network traffic payload passes through a network, by performing a parsing operation of a portion of the normalized network traffic payload with a hardware-based function engine of a plurality of parallel-distributed hardware-based function engines controlled by the microcode program; and provide the hardware-based function engine with a different portion of the normalized network traffic payload responsive to an indication, communicated through a common status interface, that the different portion of the normalized network traffic payload is needed to complete the parsing operation.Type: ApplicationFiled: April 29, 2020Publication date: August 13, 2020Applicant: Trend Micro IncorporatedInventors: Leslie ZSOHAR, Wei LU, Randal MULLIN, Craig BOTKIN
-
Patent number: 10728268Abstract: In one embodiment, local begin and end tags are detected by a network security device to determine a local context of a network traffic flow, and a local feature vector is obtained for that local context. At least one triggering machine learning model is applied by the network security device to the local feature vector, and the result determines whether or not deeper analysis is warranted. In most cases, very substantial resources are not required because deeper analysis is not indicated. If deeper analysis is indicated, one or more deeper machine learning model may then be applied to global and local feature vectors, and regular expressions may be applied to packet data, which may include the triggering data packet and one or more subsequent data packets. Other embodiments, aspects and features are also disclosed.Type: GrantFiled: April 10, 2018Date of Patent: July 28, 2020Assignee: Trend Micro IncorporatedInventors: Josiah Dede Hagen, Jonathan Edward Andersson, Shoufu Luo, Brandon Niemczyk, Leslie Zsohar, Craig Botkin, Peter Andriukaitis
-
Patent number: 10701031Abstract: Examples relate to identifying algorithmically generated domains. In one example, a computing device may: receive a query domain name; split the query domain name into an ordered plurality of portions of the query domain name, the ordered plurality of portions beginning with a first portion and ending with a last portion, the last portion including a top level domain of the query domain name; provide, in reverse order beginning with the last portion, the portions of the query domain name as input to a predictive model that has been trained to determine whether the query domain name is an algorithmically generated domain name, the determination being based on syntactic features of the query domain name; and receive, as output from the predictive model, data indicating whether the query domain name is algorithmically generated.Type: GrantFiled: November 16, 2017Date of Patent: June 30, 2020Assignee: Trend Micro IncorporatedInventors: Josiah Dede Hagen, Richard Lawshae, Brandon Niemczyk