Patents by Inventor Ali A. Mesdaq
Ali A. Mesdaq has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20220078207Abstract: A domain processing system is enhanced with a first-pass domain filter configured for loading character strings representing a pair of domains consisting of a seed domain and a candidate domain in a computer memory, computing a similarity score and a dynamic threshold for the pair of domains, determining whether the similarity score exceeds the dynamic threshold, and iterating the loading, the computing, and the determining for each of a plurality of candidate domains paired with the seed domain. A similarity score between the seed domain and the candidate domain and a corresponding dynamic threshold for the pair are computed. If the similarity score exceeds the corresponding dynamic threshold, the candidate domain is provided to a downstream computing facility. Otherwise, it is dropped. In this way, the first-pass domain filter can significantly reduce the number of domains that otherwise would need to be processed by the downstream computing facility.Type: ApplicationFiled: March 25, 2021Publication date: March 10, 2022Inventors: Hung-Jen Chang, Ali Mesdaq, Gaurav Dalal, Kevin Dedon
-
Publication number: 20220038421Abstract: Disclosed is a domain engineering analysis solution that determines relevance of a domain name to a brand name in which a domain name, brand name, and identification of a substring of the domain name may be provided to or obtained by a computer embodying a domain engineering analyzer. A list of features may be determined. The list of features may include a lexicon, or a set of key-value pairs that encode information about terms included as substrings in the domain name. Determining the features may include obtaining a language model for each term, analyzing a cluster of language models closest to the obtained language model, and determining and scoring a relevance of each term to the brand name. The determined relevance and score of each term may be provided to a client. This relevance analysis can be dynamically applied in an online process or proactively applied in an offline process.Type: ApplicationFiled: October 13, 2021Publication date: February 3, 2022Inventors: Sharon Huffner, Ali Mesdaq
-
Patent number: 11201850Abstract: Disclosed is a domain filter capable of determining an n-gram distance between a seed domain and each of a plurality of candidate domains. The domain filter loads a seed domain n-gram for the seed domain and a candidate domain n-gram for each candidate domain in memory, compares the seed domain n-gram and the candidate domain n-gram to identify any identical grams, removes any identical grams from the seed domain n-gram, and determines how many grams are left in the seed domain n-gram, representing the n-gram distance between the seed domain and the candidate domain. The domain filter then compares n-gram distances thus determined with a predetermined threshold, eliminates any candidate domain having an n-gram distance from the seed domain that exceeds the predetermined threshold, and provides remaining candidate domains to a downstream computing facility such as a user interface or an analytical module operating in an enterprise computing environment.Type: GrantFiled: September 21, 2020Date of Patent: December 14, 2021Assignee: Proofpoint, Inc.Inventors: Harold Nguyen, Ali Mesdaq, Kevin Dedon, Michael Fox, Gaurav Dalal
-
Patent number: 11194871Abstract: To find enriching contextual information for an abbreviated domain name, a data enrichment engine can comb through web content source code corresponding to the abbreviated domain name. From textual content in the web content source code, the data enrichment engine can identify words with initial characters that match characters of the abbreviated domain name to thereby establish a relationship there-between. This relationship can facilitate more accurate and efficient domain name classification. The data enrichment engine can query a WHOIS server to find out if candidate domains having initial characters that match the characters of the abbreviated domain name are registered to the same entity. If so, keywords can be extracted from the candidate domains and used to find more relevant domains for domain risk analysis and detection. Candidate domains determined by the data enrichment engine can be provided to a downstream computing facility such as a domain filter.Type: GrantFiled: March 29, 2019Date of Patent: December 7, 2021Assignee: Proofpoint, Inc.Inventors: Gaurav Mitesh Dalal, Ali Mesdaq, Hung-Jen Chang
-
Publication number: 20210374526Abstract: A domain processing system receives or collects raw data containing sample domains each having a known class identity indicating whether a domain is conducting an email campaign. The domain processing system extracts features from each of the sample domains and selects features of interest from the features, including at least a feature particular to a seed domain and features particular to email activities over a time line that includes days before and after a domain creation date. The features of interest are used to create feature vectors which, in turn, are used to train a machine learning model, the training including optimizing a neural network structure iteratively until stopping criteria are satisfied. The trained model functions as an email campaign domain classifier operable to classify candidate domains with unknown class identities such that each of the candidate domain is classified as conducting or not conducting an email campaign.Type: ApplicationFiled: March 30, 2021Publication date: December 2, 2021Inventors: Hung-Jen Chang, Gaurav Mitesh Dalal, Ali Mesdaq
-
Patent number: 11171916Abstract: Disclosed is a domain engineering analysis solution that determines relevance of a domain name to a brand name in which a domain name, brand name, and identification of a substring of the domain name may be provided to or obtained by a computer embodying a domain engineering analyzer. A list of features may be determined. The list of features may include a lexicon, or a set of key-value pairs that encode information about terms included as substrings in the domain name. Determining the features may include obtaining a language model for each term, analyzing a cluster of language models closest to the obtained language model, and determining and scoring a relevance of each term to the brand name. The determined relevance and score of each term may be provided to a client. This relevance analysis can be dynamically applied in an online process or proactively applied in an offline process.Type: GrantFiled: May 4, 2020Date of Patent: November 9, 2021Assignee: Proofpoint, Inc.Inventors: Sharon Huffner, Ali Mesdaq
-
Publication number: 20210250327Abstract: Disclosed is a domain filter capable of determining an n-gram distance between a seed domain and each of a plurality of candidate domains. The domain filter loads a seed domain n-gram for the seed domain and a candidate domain n-gram for each candidate domain in memory, compares the seed domain n-gram and the candidate domain n-gram to identify any identical grams, removes any identical grams from the seed domain n-gram, and determines how many grams are left in the seed domain n-gram, representing the n-gram distance between the seed domain and the candidate domain. The domain filter then compares n-gram distances thus determined with a predetermined threshold, eliminates any candidate domain having an n-gram distance from the seed domain that exceeds the predetermined threshold, and provides remaining candidate domains to a downstream computing facility such as a user interface or an analytical module operating in an enterprise computing environment.Type: ApplicationFiled: September 21, 2020Publication date: August 12, 2021Inventors: Harold Nguyen, Ali Mesdaq, Kevin Dedon, Michael Fox, Gaurav Dalal
-
Publication number: 20210160269Abstract: A threat actor identification system that obtains domain data for a set of domains, generates domain clusters, determines whether the domain clusters are associated with threat actors, and presents domain data for the clusters that are associated with threat actors to brand owners that are associated with the threat actors. The clusters may be generated based on similarities in web page content, domain registration information, and/or domain infrastructure information. For each cluster, a clustering engine determines whether the cluster is associated with a threat actor, and for clusters that are associated with threat actors, corresponding domain information is stored for presentation to brand owners to whom the threat actor poses a threat.Type: ApplicationFiled: February 3, 2021Publication date: May 27, 2021Inventors: Gaurav Mitesh Dalal, Hung-Jen Chang, Ali Mesdaq
-
Publication number: 20210112030Abstract: Taking a zero-configuration approach, a domain name discovery system utilizes, in an iterative process, WHOIS data and infrastructure data for a seed domain to automatically discover domain names having registration and/or infrastructure details that match those of the seed domain. Registration information such as a registered email address associated with a domain name discovered through WHOIS data matching or infrastructure data matching is utilized in a reverse lookup for domain names having infrastructure or WHOIS registered information that fully matches the information associated with the domain name discovered through the iterative process. Domain names discovered through WHOIS data matching, infrastructure data matching, and reverse lookup can be presented through a user interface on a client device communicatively connected to the domain name discovery system over a network. The domain name discovery can be performed periodically or in near real time responsive to receiving a new seed domain.Type: ApplicationFiled: December 21, 2020Publication date: April 15, 2021Inventors: Gaurav Mitesh Dalal, Ali Mesdaq
-
Patent number: 10965701Abstract: A threat actor identification system that obtains domain data for a set of domains, generates domain clusters, determines whether the domain clusters are associated with threat actors, and presents domain data for the clusters that are associated with threat actors to brand owners that are associated with the threat actors. The clusters may be generated based on similarities in web page content, domain registration information, and/or domain infrastructure information. For each cluster, a clustering engine determines whether the cluster is associated with a threat actor, and for clusters that are associated with threat actors, corresponding domain information is stored for presentation to brand owners to whom the threat actor poses a threat.Type: GrantFiled: January 14, 2019Date of Patent: March 30, 2021Assignee: Proofpoint, Inc.Inventors: Gaurav Mitesh Dalal, Hung-Jen Chang, Ali Mesdaq
-
Publication number: 20210067557Abstract: A rules engine is adapted for analyzing each match produced by a domain discovery system as matching a seed domain. Utilizing a natural language processing (NLP) library, the rules engine determines segments from the match, assigns a lexical category to each segment based on the context in how a seed domain string is used, and compares the lexical category of the segment that is closest to the seed domain string with a lexical category of the seed domain string. Based on the comparing, the rules engine determines whether the match is relevant to the seed domain and, if not, the match produced by the domain discovery system is identified as a false positive and automatically removed from a set of matches produced by the domain discovery system for the seed domain.Type: ApplicationFiled: May 11, 2020Publication date: March 4, 2021Inventors: Gaurav Mitesh Dalal, Hung-Jen Chang, Ali Mesdaq
-
Publication number: 20210042371Abstract: To find enriching contextual information for an abbreviated domain name, a data enrichment engine can comb through web content source code corresponding to the abbreviated domain name. From textual content in the web content source code, the data enrichment engine can identify words with initial characters that match characters of the abbreviated domain name to thereby establish a relationship there-between. This relationship can facilitate more accurate and efficient domain name classification. The data enrichment engine can query a WHOIS server to find out if candidate domains having initial characters that match the characters of the abbreviated domain name are registered to the same entity. If so, keywords can be extracted from the candidate domains and used to find more relevant domains for domain risk analysis and detection. Candidate domains determined by the data enrichment engine can be provided to a downstream computing facility such as a domain filter.Type: ApplicationFiled: March 29, 2019Publication date: February 11, 2021Inventors: Gaurav Mitesh Dalal, Ali Mesdaq, Hung-Jen Chang
-
Patent number: 10902117Abstract: According to one embodiment, a computerized method for acquiring updated predictive model is described. The updated predictive model is achieved through machine learning analyses of information by a training engine, which issues a control message in response to a discrepancy in a determination of the suspect object as malicious or non-malicious by a detection engine and a classification engine. The detection engine analyzes a content of a suspect object to determine whether the suspect object is malicious or non-malicious. Similarly, the classification engine analyses the suspect object based on the predictive model to determine whether the suspect object is malicious or non-malicious. The control message causes the training engine to update the predictive model based on machine learning analyses of information provided via the control message and to return an updated predictive model to the classification engine.Type: GrantFiled: July 29, 2019Date of Patent: January 26, 2021Assignee: FireEye, Inc.Inventors: Abhishek Singh, Ali Mesdaq, Anirban Das, Varun Jain
-
Publication number: 20210011997Abstract: A spammy app detection system may search a database for any new social media application discovered during a recent time period. A spammy app detection algorithm can be executed on the spammy app detection system on an hourly basis to determine whether any of such applications is spammy (i.e., posting to a social media page anomalously). The spammy app detection algorithm has a plurality of stages. When a new social media application fails any of the stages, it is identified as a spammy app. The spammy app detection system can update the database accordingly, ban the spammy application from further posting to a social media page monitored by the spammy app detection system, notify an entity associated with the social media page, further process the spammy application, and so on. In this way, the spammy app detection system can reduce digital risk and spam attacks.Type: ApplicationFiled: September 28, 2020Publication date: January 14, 2021Inventors: Harold Nguyen, Ali Mesdaq, Daniel Oshiro Nadir, Anthony Lawrence Dorie
-
Patent number: 10887278Abstract: Taking a zero-configuration approach, a domain name discovery system utilizes, in an iterative process, WHOIS data and infrastructure data for a seed domain to automatically discover domain names having registration and/or infrastructure details that match those of the seed domain. Registration information such as a registered email address associated with a domain name discovered through WHOIS data matching or infrastructure data matching is utilized in a reverse lookup for domain names having infrastructure or WHOIS registered information that fully matches the information associated with the domain name discovered through the iterative process. Domain names discovered through WHOIS data matching, infrastructure data matching, and reverse lookup can be presented through a user interface on a client device communicatively connected to the domain name discovery system over a network. The domain name discovery can be performed periodically or in near real time responsive to receiving a new seed domain.Type: GrantFiled: January 10, 2019Date of Patent: January 5, 2021Assignee: PROOFPOINT, INC.Inventors: Gaurav Mitesh Dalal, Ali Mesdaq
-
Patent number: 10789355Abstract: A spammy app detection system may search a database for any new social media application discovered during a recent time period. A spammy app detection algorithm can be executed on the spammy app detection system on an hourly basis to determine whether any of such applications is spammy (i.e., posting to a social media page anomalously). The spammy app detection algorithm has a plurality of stages. When a new social media application fails any of the stages, it is identified as a spammy app. The spammy app detection system can update the database accordingly, ban the spammy application from further posting to a social media page monitored by the spammy app detection system, notify an entity associated with the social media page, further process the spammy application, and so on. In this way, the spammy app detection system can reduce digital risk and spam attacks.Type: GrantFiled: March 28, 2018Date of Patent: September 29, 2020Assignee: PROOFPOINT, INC.Inventors: Harold Nguyen, Ali Mesdaq, Daniel Oshiro Nadir, Anthony Lawrence Dorie
-
Publication number: 20200304540Abstract: Aspects of the disclosure relate to identifying legitimate websites and removing false positives from domain discovery analysis. Based on a list of known legitimate domains, a computing platform may generate a baseline dataset of feature vectors corresponding to the known legitimate domains. Subsequently, the computing platform may receive information identifying a first domain for analysis and may execute one or more machine learning algorithms to compare the first domain to the baseline dataset. Based on execution of the one or more machine learning algorithms, the computing platform may generate first domain classification information indicating that the first domain is a legitimate domain. In response to determining that the first domain is a legitimate domain, the computing platform may send one or more commands directing a domain identification system to remove the first domain from a list of indeterminate domains maintained by the domain identification system.Type: ApplicationFiled: December 18, 2019Publication date: September 24, 2020Inventors: Hung-Jen Chang, Gaurav Mitesh Dalal, Ali Mesdaq
-
Patent number: 10785188Abstract: Disclosed is a domain filter capable of determining an n-gram distance between a seed domain and each of a plurality of candidate domains. The domain filter loads a seed domain n-gram for the seed domain and a candidate domain n-gram for each candidate domain in memory, compares the seed domain n-gram and the candidate domain n-gram to identify any identical grams, removes any identical grams from the seed domain n-gram, and determines how many grams are left in the seed domain n-gram, representing the n-gram distance between the seed domain and the candidate domain. The domain filter then compares n-gram distances thus determined with a predetermined threshold, eliminates any candidate domain having an n-gram distance from the seed domain that exceeds the predetermined threshold, and provides remaining candidate domains to a downstream computing facility such as a user interface or an analytical module operating in an enterprise computing environment.Type: GrantFiled: May 22, 2018Date of Patent: September 22, 2020Assignee: Proofpoint, Inc.Inventors: Harold Nguyen, Ali Mesdaq, Kevin Dedon, Michael Fox, Gaurav Dalal
-
Publication number: 20200267119Abstract: Disclosed is a domain engineering analysis solution that determines relevance of a domain name to a brand name in which a domain name, brand name, and identification of a substring of the domain name may be provided to or obtained by a computer embodying a domain engineering analyzer. A list of features may be determined. The list of features may include a lexicon, or a set of key-value pairs that encode information about terms included as substrings in the domain name. Determining the features may include obtaining a language model for each term, analyzing a cluster of language models closest to the obtained language model, and determining and scoring a relevance of each term to the brand name. The determined relevance and score of each term may be provided to a client. This relevance analysis can be dynamically applied in an online process or proactively applied in an offline process.Type: ApplicationFiled: May 4, 2020Publication date: August 20, 2020Inventors: Sharon Huffner, Ali Mesdaq
-
Publication number: 20200265261Abstract: Disclosed is an effective domain name defense solution in which a domain name string may be provided to or obtained by a computer embodying a visual domain analyzer. The domain name string may be rendered or otherwise converted to an image. An optical character recognition function may be applied to the image to read out a text string which can then be compared with a protected domain name to determine whether the text string generated by the optical character recognition function from the image converted from the domain name string is similar to or matches the protected domain name. This visual domain analysis can be dynamically applied in an online process or proactively applied in an offline process to hundreds of millions of domain names.Type: ApplicationFiled: May 4, 2020Publication date: August 20, 2020Inventors: Gaurav Mitesh Dalal, Ali Mesdaq, Sharon Huffner, Harold Nguyen